Ive been getting a High level of DoS attacks since registering my static ips rDNS. No damage yet but im always wanting to be safe. Could you please give me some tips on fine tuning the built in firewall in ISPconfig. Is it possible to change the root name for CentOS without interupting ISPconfig and how can i do this. Where are the settings for the firewall thats built into ISPconfig and will protect the whole system or just ports used for ISPconfig. Thanks for any recommendations.
The Bastille firewall script used by ISPConfig closes all ports by default except the ports that you opened in the ISPConfig interface. If you want to change settings manually, edit the files /etc/Bastille/bastille-firewall.cfg and /root/ispconfig/isp/conf/bastille-firewall.cfg.master
. Have you guys had a lot of success with The Bastille firewall script denying hackers to system attributes? How does it protect from DoS attacks? Is there anyone i can do to strenthen to the system security and can i change the root user name somehow without causing devasting permission problems to files all over ISPconfig?
Bastille is just a simple firewall to open / close ports. If you need a more advanced firewall, disable it in ISPConfig and install a firewall of your choice. Why do you want to change the root username? Just disallow root user logins for SSH. Other services like FTP deny logins from the root user by default.
. In my experience its always been best to change whatever default user name comes on a OS install for Increased Security. Is it possible with ISPconfig to change the system root username to something highly random and ISPconfig will still work good? Im just wondering how Bastille works. Does it cover most things a good firewall should? How pleased are you with Bastille so far?
Some suggestions You might want to take a look at something like DenyHosts, BlockHosts or Fail2Ban. Any of them can help stop DDOS attacks. Also, Ossec is great too.
It's a good practice but the system needs root user (and his name) to run certain things and services and it would be difficult to run if it would have been changed. You could block ssh root user logins for ssh like Till mentioned and disable the root account so that even You couldn't log in as root.Then use sudo.
I thought ive seen other companies change there root name to different names on there linux servers. i could be wrong. I know ive seen yahoo change the name of there sql server root to the name yroot. It would be nice to know how to go about changing the root name if it was doable.
Changing root's name is sort of pointless since root is user# 0. Any decent hacker would just look for user# 0 to find the real root user. The best solution is the one described earlier. Disable root logins and only allow SSH login for a user who can't do anything else. After you login, use su to gain root privileges if needed.
Depends on what you define for a good "firewall" I e.g. don't use this bastille thing for iptables, i prefer firehol (https://firehol.sf.net) because it makes creating rules for iptables, also userbased for outgoing connections quite easy, as well as setting up flooding rules. But as asked here, a FW won't protect from a (d)DoS attack, at least because it's goal is to use the max. bandwidth, so the server won't be reachable anyway. In other cases you just use mixed packet sizes for the DoS and if you will not use the max. bandwith, the server might be inoperable due to needing to much cpu for dropping the packets.
Thank you for your comments Ben and Insight on Linux. Ive been using ISA for years so this all new to me. Heres my concerns. Im scared to do anything to my ISPconfig boxes first without asking what will happen to them if i do something. I just got done trying the email@domain hack and went through a few days of trying to revert to the old naming convention to get the spam catcher working again "got it working now". So what im basically looking for is good brute force or a packet watcher that will just deny insane amounts of requests from a single wan ip. I dont want to install 3 or 4 different ones without asking and testing them out one by one becuase ISPconfig is very intricate and i dont want to break features of it.
I'd try DenyHosts, BlockHosts or Fail2Ban. If you use Fail2Ban, you should disable ISPConfig's firewall because Fail2Ban uses iptables rules to block hosts, and the rules might interfere with the ISPConfig firewall.
