-2

I am planning to make a public shell server. What things should I modify to secure my server. Please tell me general things to check

manatails008
  • 25
  • 1
  • 4

3 Answers3

1

Google is your friend: http://www.wikihow.com/Secure-a-Linux-Server

Hesh
  • 68
  • 2
  • 1
    Well, but I thing that is too general, I want to know more about restricting exploitable activities from shell user – manatails008 Nov 30 '10 at 23:41
  • manatails008: You're thinking about it incorrectly. Don't say: "X, Y, and Z are bad, so I won't let them do those things". Say: "They only need to do A, B, and C. So I won't let them do anything else." The first makes maintaining the security of the server a full-time job, as new X, Y, and Z's are found daily. The second means you only need to pay attention to problems with A, B, and C. – Slartibartfast Dec 11 '10 at 08:56
0

I'd look into setup up a chrooted jail for your "shell" users so that they only have access to what they need and they cannot "get out" into the real filesystem, as the "root" of their filesystem is restricted to just their "jail".

drewrockshard
  • 1,763
  • 4
  • 20
  • 27
0

In order to helpfully answer this, we need to know more about your user base and the activities you want to allow. How much do you know and trust your users and what are their expectations for stability, flexibility, and functionality?

No matter what, one of your the largest issues is going to be identity assurance — how do you know the people who are using user accounts are the people who are supposed to be? And in that, passwords are your enemy. At minimum, require SSH keys for login, and if this is a big deal, seriously consider RSA SecurID, Yubikey, WiKiD, or some other form of two-factor authentication system.

mattdm
  • 6,600
  • 1
  • 26
  • 48