Last change 29/04/2011

This is a collectino page for some sysadmin information I need to find again from time to time... Might be some help for someone else as well


Sudo is reall yuseful. Especially since you DON'T wantto enable root login over ssh. Instead you create a user of your choice (make sure to exclude this user from any service except ssh - ie. make sure he cant be bruteforced using ftp or some other service), log into the box using ssh and this user and then simply call sudo. 

Now to allow sudo to switch your status you need to insert eh new user into your sudoers file (found in /etc/sudoers ).

The following example allows a user developers to gain root (sudo su -) without asking for a password. Not the most secure thing to do, but it sure is convenient... by removing the NOPASSWD: it will ask for the users password once more.

Cmnd_Alias GAIN = /bin/su -

disable ssh through firewall

Normally you want your linux box airtight, but still need to log in from time to time. The most convenient way, which is also pretty secure (I know there are other ways, but I got to like it this way) is to have an ssh server running, but have a firewall blocking it per default (to prevent attacks through bad php hacksusign your server as a jumpboard you might even disable outgoing port 22).

iptables is you friend here and actually extremely simple to use.

Here are some rules I use quite often:

Site created with Corinis CCM