Page 1 of 1

securing shell server

Posted: 2005/07/10 17:30:46
by vima
Hi everyone

I'm thinking of giving shell access to one virtual server for my irl/irc friends. Users would be using mainly IRC and mail. I'm asking about your thoughts about security; what should i do to make the server safe for users.

I want to be able to notice when someone tries to write to forbidden directories like /bin /sbin etc, and when someone tries to read files in /etc or someone else's home dir. Also I want to see if someones trying to run exploits, or somehow root my server.

I thought of installing LIDS, bastille and some auditing software for monitoring /etc /sbin and other directories. Maybe tripwire too? What else should i do (of course keep software up to date)?

securing shell server

Posted: 2005/07/17 05:32:28
by cormander
[quote]
what should i do to make the server safe for users.
[/quote]

Easy. Don't give anyone system shell access :)

But I realize that isn't the answer you're looking for.

I would suggest you setup a chroot jail for ssh users. You can read about a pretty good implementation of it here:

http://chrootssh.sourceforge.net/index.php

Hope this helps.