Posts Tagged ‘configuration directives’

Few sshd server Security Tips that will improve your server security

Monday, May 2nd, 2011

Reading Time: < 1minute
On each and every newly installed Linux or FreeBSD server. I’m always very cautious about three configuration directives for the ssh server.
This are X11Forwarding , Protocol and PermitRootLogin

One needs to be very watchful about this three ones, as tuning the right values surely prevents the server from many of the security issues that might rise up with the SSH server.

Many Linuxes like Debian and Ubuntu comes with X11Forwarding yes e.g. (X11Forwarding) enabled by default, this is an useless option in most of the cases as the servers I do administrate does not run a X environment.

Some older Linux distributions I have dealt with has the ssh Protocol 1 enabled by default and therefore, whether I do inherit an old server I have to start administrating the first thing I do is to check if the /etc/ssh/sshd_config‘s Protocol 1 option is enabled and if it is enabled I disable it.

PermitRootLogin is also an option which I often turn off as logging in via remote ssh is potentially dangerous as root password might get sniffed.

In overall the 3 sshd option’s I do check out in /etc/sshd/sshd_config on each newly installed Linux server are:

X11Forwarding yes
PermitRootLogin yes
Protocol 1

I always change this three options in my /etc/sshd/sshd_config
to:

X11Forwarding no
PermitRootLogin no
Protocol 2

One other options sshd server options which is good to be tuned is:

LoginGraceTime 120

Decreasing it to:

LoginGraceTime 60

is generally a good idea.

Of course after the changes I do restart the ssh daemon in order for the new configuration to take place:

linux:~# /etc/init.d/sshd restart
...

What is Xorg’s server DPMS module for? And how to use it to reduce your computer power consumption

Thursday, April 21st, 2011

Reading Time: 1minute
As I’m manually configuring a Xserver via xorg.conf I have noticed a block of code in:

Section "Monitor"
Identified "Generic Monitor"
Option "DPMS"
EndSection
That triggered my curiousity to research further what is DPMS . A very quick google search revealed that DPMS’s purpose is to communicate to communicate between the monitor and the computer, to make the computer turn off the (CRT or LED) based monitor if the computer is not used

Thus in short to rephrase DPMS is a power saving handy Xorg feature. I many custom configured xorg.conf like the mine I’m building right now does not include DPMS as many people doesn’t have idea what DPMS is and how to enable it.

DPMS is also an interface to the Energy start power-saving capability if not all, most of the modern day monitor screens.

DPMS enables the Xserver to control automatically the computer screen and thus reduces the overall computer power consumption.

To enable the use of DPMS on my Linux, all I had to do is place a couple of configuration directives in my xorg.conf .:
Here is how I enabled DPMS in my Xorg server:

1. Edit with a text editor /etc/X11/xorg.conf

2. Find the Monitor Section , e.g.:

Section "Monitor"
....
EndSection

3. Add inside the Monitor Section Options "DPMS" "true"

4. Lookup for the ServeryLayout section , e.g.:

Section "ServerLayout"
...
EndSection

5. Place inside the ServerLayout section For instance the following options:

Option "StandbyTime" "20"
Option "SuspendTime" "10"
Option "OffTime "25"

You might like to change the options StandbyTime, SuspendTIme or OffTime to match your likings.
6. As a last step restart the Xorg server.

Press Ctrl+Alt+BackSpace or by issuing:

host:~# pkill -HUP X

Test that DPMS is loaded properly by reviewing /var/log/Xorg.0.log for example:

host:~# grep -i /var/log/Xorg.0.log
(II) Loading extensions DPMS