Necessary steps to secure my new VPS?

KARanden · #1 06-19-2005, 03:01 PM

Hi

As I wrote in my "introduction" in "the lounge", I consider myself new to VPS and to manage a server with root access.

I assume that PowerVPS has done the steps they say in the top post in this forum?

And I have followed most of the suggestions from webhostgear in their newbie cPanel guide Here.
(Many good "how to's at that place.)

Is there anything else I MUST do to secure my VPS as best as I can?

Any help and suggestions is welcome

But, please remember "baby steps" explaining what I need to do, please.
I'm a quick learner, but to be pointed in the right direction helps very much.

Thanks

#2 06-21-2005, 01:05 PM

Kjell - check out this thread:
http://forums.deftechgroup.com/showt...ght=secure+vps

KARanden · #3 06-21-2005, 01:37 PM

Hi Eric

Quote:

Originally Posted by sewmyheadon

Kjell - check out this thread:
http://forums.deftechgroup.com/showt...ght=secure+vps

I was refering to that thread in my first post.

What I was asking, if there is any other steps users here does beside what is mentioned in the thread you refering to.

#4 06-21-2005, 02:04 PM

Sorry Kjell - missed that - I'm just a follower, so I haven't really done anything else except what was suggested here.

#5 06-21-2005, 07:50 PM

A couple of things that aren't in the aformentioned thread but are good practices include:

1) checking the "Last Login" time/date/location information every time you login as root. If you normally login from, say, a Comcast IP and yet see something like modempool.latvia.eu, then you should be concerned.

2) Make a habit of regularly reviewing /var/log/ secure to look for many failed password attempts or other potentially dangerous information. If you have a question about an alert, Google is your best friend.

KARanden · #6 06-22-2005, 08:57 AM

Quote:

Originally Posted by capnqwest

A couple of things that aren't in the aformentioned thread but are good practices include:

1) checking the "Last Login" time/date/location information every time you login as root. If you normally login from, say, a Comcast IP and yet see something like modempool.latvia.eu, then you should be concerned.

2) Make a habit of regularly reviewing /var/log/ secure to look for many failed password attempts or other potentially dangerous information. If you have a question about an alert, Google is your best friend.

Thanks, good tips

Sorry, but you say "time/date/location", I can't find any directory with this name when I'm loged in with SSH?
Or do you mean I can see this somewhere else?

#7 06-22-2005, 09:02 AM

the command "last" will show you recent logins to the system. Of course this information could have been wiped by an intruder but it's worth a look.

Robert · #8 06-22-2005, 05:18 PM

If you want to see if anyone is logged in at the same time as you in SSH, you can use "who" or "w" to see IPs of those connections as well.