[clug] Linux Security [SEC=UNCLASSIFIED]

[Roppola, Antti - BRS]

-----Original Message-----
Daniel Pittman wrote:
> I suggest four things:

5. When I was allowing incoming ssh, I set a netfilter rule to only
allow
incoming ssh from a whitelist of IPs. Even if you are ssh-ing in from a
DHCP allocated IP address, you can put your subnet into the whitelist
and
at least massively reduce who is even allowed to connect to the ssh port
(everyone else on your DSL node is still less than the rest of the
Internet).

Antti 

------IMPORTANT - This message has been issued by The Department of Agriculture, Fisheries and Forestry (DAFF). The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material. It is your responsibility to check any attachments for viruses and defects before opening or sending them on. 

Any reproduction, publication, communication, re-transmission, disclosure, dissemination or other use of the information contained in this e-mail by persons or entities other than the intended recipient is prohibited. The taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error please notify the sender and delete all copies of this transmission together with any attachments. If you have received this e-mail as part of a valid mailing list and no longer want to receive a message such as this one advise the sender by return e-mail accordingly. Only e-mail correspondence which includes this footer, has been authorised by DAFF 
------