Exploit in RHEL Servers

[Makoto]

You can stomp off if you want, but you stated there was no reason anyone should ever have a publicly accessible SSH server running on their box.

Not everyone has a static IP or VPN to use.

Having a setup similar to yours definitely can offer more security, but it's not feasible for most people. You should at least be able to acknowledge that, so I've still provided perfectly valid reasons as to why someone may wish to run a publicly accessible SSH server on their box, and they are not wrong for doing so. It's just important that people take time to secure their servers to the best extent that they can.

I am not intending to be hostile or aggressive, I just don't have patience for nonsensicality.

[Royzee]

That's a neat trick. How did you manage that? What happens if your caps lock key is on and you enter your password wrong three times? Are you locked out?

No I have my own IP, and only my IP added to Fail2Ban ignore. Yes, I acknowledge that everyone cannot use something similar. However I was never talking about others, only myself.

[Makoto]

No I have my own IP, and only my IP added to Fail2Ban ignore. Yes, I acknowledge that everyone cannot use something similar. However I was never talking about others, only myself.

In that case, you should only allow connections to your SSH server from your IP address :P

[Royzee]

In that case, you should only allow connections to your SSH server from your IP address :tongue:

Only myself can connect. :huh:

[thompsone]

You can stomp off if you want, but you stated there was no reason anyone should ever have a publicly accessible SSH server running on their box.

Not everyone has a static IP or VPN to use.

Having a setup similar to yours definitely can offer more security, but it's not feasible for most people. You should at least be able to acknowledge that, so I've still provided perfectly valid reasons as to why someone may wish to run a publicly accessible SSH server on their box, and they are not wrong for doing so. It's just important that people take time to secure their servers to the best extent that they can.

I am not intending to be hostile or aggressive, I just don't have patience for nonsensicality.

I can't speak as to why you don't have the necessary tools to do the job, unfortunately that's not my problem. What I can say is that knowing you sysadmin a machine with such haphazardness you're fortunate to be entrusted with the modest mailing list you've acquired.Speak to me again about nonsensicality and we'll all regale in blusterous tales of your musings. Until then, you are responsible for what happens under your watch. It is your decision to leave a service like SSH open to the public. That is and those are your choices. They wouldn't meet the standards of a security audit however, and you should consider your responsibilities before your title especially knowing you are ill equipped to perform the required tasks.

Thanks for, if nothing else, derailing this entire thread. For that and my part Cloaked, I humbly apologize.

Cheers!

[Makoto]

Okay then.

But this is why I'm not being friendly with you. You're acting like a pretentious jerk. However, since you wish to insult and seem to think you're the expert here on server security, you should probably know that someone with such "extreme" security standards should not be displaying server tokens. Yet, you seem to do it. Why is that? You should also probably hide your admin directory instead of just relying on Web Auth protection. You are just letting people see the door they are trying to get into.

Starting Nmap 5.00 ( http://nmap.org ) at 2013-02-28 10:13 MST
Interesting ports on trinity.combatace.com (216.104.36.210):
Not shown: 980 closed ports
PORT     STATE    SERVICE      VERSION
21/tcp   open     ftp          ProFTPD 1.3.4a
22/tcp   filtered ssh
25/tcp   open     smtp         qmail smtpd
53/tcp   open     domain
80/tcp   open     http         Apache httpd 2.2.22 ((EL))
106/tcp  open     pop3pw       poppassd
110/tcp  open     pop3         Courier pop3d
111/tcp  open     rpcbind
139/tcp  filtered netbios-ssn
143/tcp  open     imap         Courier Imapd (released 2004)
443/tcp  open     ssl/http     Apache httpd 2.2.22 ((EL))
445/tcp  filtered microsoft-ds
465/tcp  open     smtp         qmail smtpd
587/tcp  filtered submission
993/tcp  open     ssl/imap     Courier Imapd (released 2004)
995/tcp  open     ssl/pop3     Courier pop3d
3306/tcp filtered mysql
5432/tcp filtered postgresql
8443/tcp filtered https-alt
9080/tcp filtered unknown
Service Info: Host: localhost.localdomain; OS: Unix
 
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 21.98 seconds

Realistically, I wouldn't say anything about these kinds of things, but since you seem to think I'm the silly one for having a "publicly accessible SSH server," these are probably things that you would want to look into. By giving out your server version, you're just letting people see this door you talked about earlier. By using the standard /admin directory, even with Apache web auth "protection," you are, again, just letting people see this door you were talking about earlier.

I'm afraid I don't run any "modest mailing lists" either, not sure where you got that idea. I run a forum that processes ~350,000+ visitors a month. In the 3 years I've been running this forum, I've never had any issues. I'm no fool, friend.

[Rhett]

This thread has turned into, a heads up for admins, to some tips to help secure sites, however now it's a flame rest, we are here to help each other guys, let's try not to get into a debate or argue on who is right or wrong, read the info, take it as info, if it helps you great, but there is no need to fight over who is right or wrong or has more experience etc.

Thank you for understanding, but that's just not what this section is for, we should all appreciate the info provide, take it for what its' worth and move on.