Quote:
Originally Posted by javaj
Oh and if anyone knows, is the firewall initially setup or do I need to request it? and can you use just one of the IP's for the nameservers?
|
Your package should come with two IP addresses which are used for hosting. If you'd like to have reverse-name resolution changed then you can open a ticket and they'll do that for you. The package also comes with two nameserver IP addresses (shared) that you can point your domain at.
The firewall is enabled by default but the ruleset is wide open (no restrictions). I highly suggest that you lock down services that you don't need open to the public and put restrictions in place with tcpwrappers (via hosts.allow and hosts.deny).
As an example, aside from my IP address I only allow these three IP addresses full access (for the surpass/dimenoc folks):
Quote:
/etc/hosts.allow
# orl.dimenoc.com
ALL: 72.156.240.249
# dc2.dimenoc.com
ALL: 72.29.76.254
# dimenoctechs
ALL: 72.29.72.130
/etc/hosts.deny
ALL: ALL
|
Another useful tool which I wouldn't consider running a server without is SSHBLACK (
http://www.pettingers.org/code/sshblack.html). This daemon runs in the background and watches inbound SSH attempts. Once the threshold you set in the config for failed logins is reached it blocks all access with iptables for a time period of your choice.
Another thing it to change
PermitRootLogin yes to
PermitRootLogin no in your /etc/ssh/sshd_config file when it isn't needed.
You probably know most of this, but thought I'd throw it out there in case someone else wondered about it.