Securing file server

ntuple

Contributing Member

Join Date: Jan 2009

Posts: 77

Send PM
#1

Securing file server

Dec 01, 2010, 08:52 AM

Hello all,

I'm using a 10.04 box as a headless file server and want to make it easily accessible on the network and inaccessible from the Net. Excepting occasional times for system updates or remote access through KRDC or ssh, would like to keep this box invisible and untouchable from the Net.

Would appreciate suggestions on how I can do this.

thx
Tags: None

Top

Bottom
oshunluvr

Ascendant

Join Date: Feb 2010

Posts: 12986

Location: New Bern, NC USA

Send PM
#2

Dec 01, 2010, 09:43 AM

Re: Securing file server

First of all, set your ssh port to something other than 22. Edit /etc/ssh/sshd.config to do this.

Then, limit access to only your local network. To do this, start by editing /etc/hosts.deny to look like:

Code:

http-rman: ALL EXCEPT LOCAL portmap: ALL lockd: ALL mountd: ALL rquotad: ALL statd: ALL

Then edit /etc/hosts.allow to look like:

Code:

portmap: 192.168.1. lockd: 192.168.1. rquotad: 192.168.1. mountd: 192.168.1. statd: 192.168.1.

This is a good start...

Please Read Me
Top

Bottom
Comment

Announcement