Site Accessibility Statement
Wilfrid Laurier University Information and Communication Technologies
August 30, 2016
Canadian Excellence

Hardening Linux and Unix Systems

The ITS department strongly recommends that administrators of Linux and Unix computers harden their systems as follows. These recommendations are designed to protect your systems from external attacks, particularly brute force ssh password guessing attacks.

1. Ensure that the unix/Linux firewall is on.

2. If you do not need a service then disable it. For example if you are not running a web server then disable the Apache daemon at startup.

2. Disallow root logins from the network. This is done by removing the "#" from the line "#PermitRootLogin no" in file /etc/ssh/sshd_config.

3. Use the /etc/hosts.allow and /etc/hosts.deny to restrict "ssh" logins   to particular IP numbers.

4. Use strong passwords. Brute force sshd guessing attacks are hitting Laurier every day looking for weak login/password combinations like "sally/sally", "test/123456", and "root/qwerty".