[Bio-Linux] Bio-Linux 5.0 security
Tim Booth
tbooth at ceh.ac.uk
Wed Jan 28 10:46:11 EST 2009
Hi Tony,
Useful advice, but a word of warning on fail2ban - I've known it to
block legitimate hosts, including even localhost! It seems that NX,
which a lot of people use for remote access, did not play nicely with
fail2ban in that case.
If you have a small number of users on a machine (eg. if it is just your
personal workstation) I would ensure that membership of the ssh group is
kept to a minimum, use hard-to-crack passwords
(http://www.dowling.edu/mydowling/tech/good-passwords.html) and consider
moving from password-based login to key-based login.
Key-based login takes a little bit of work to set up but is immune to
current 'brute-force' attacks and can actually save you time typing
passwords. If anyone on this list is interested in knowing more then
let me know and I'll post some details.
Cheers,
TIM
On Wed, 2009-01-28 at 15:26 +0000, Tony Travis wrote:
> Hello,
>
> I've just installed Bio-Linux 5.0.2 on one of our NuGO servers (nbx1).
>
> I'm pleased to see that "openssh-server" is pre-installed in Bio-Linux,
> but I think it might be wise to install "fail2ban" as well, to defend
> against 'brute-force' attacks from the Internet via SSH. I've done this
> on "nbx1", and I've also installed "linux-server", which depends on the
> latest version of the Ubuntu Linux kernel for 'server' equipment. The
> 'server' kernel supports PAE (Physical Address extension), which allows
> 32-bit systems to use >4GB RAM. Any one 32-bit process can't access more
> than 4GB RAM, but several 32-bit processes can use > 4GB in total.
>
> Thanks for all the work you've put into the latest Bio-Linux release!
>
> Bye,
>
> Tony.
> --
> Dr. A.J.Travis, University of Aberdeen, Rowett Institute of Nutrition
> and Health, Greenburn Road, Bucksburn, Aberdeen AB21 9SB, Scotland, UK
> tel +44(0)1224 712751, fax +44(0)1224 716687, http://www.rowett.ac.uk
> mailto:a.travis at abdn.ac.uk, http://bioinformatics.rri.sari.ac.uk/~ajt
>
> _______________________________________________
> Bio-Linux mailing list
> Bio-Linux at envgen.nox.ac.uk
> http://envgen.nox.ac.uk/mailman/listinfo/bio-linux
--
Tim Booth <tbooth at ceh.ac.uk>
NERC Environmental Bioinformatics Centre
at CEH Oxford
+44 1865 281 975
More information about the Bio-linux-list
mailing list