Below are the hardening steps recommended to safeguard the servers against such attacks.
1. Ensure Required Hardening done on the
–> Enable tcp wrappers
–> Enable iptables
–> Stop unwanted
–> In case of NFS, only allow export import of folders to specific
users & hosts.
2. Direct root access
on the server should be disabled. It should only be allowed on
3. Use of Strong passwords for root &
all other users using ssh, ftp access.
–> Make sure
Dictionary & joe passwords are not used.
–> Minimum passwords required length
should be 8 characters, inclusive of 1 special character, uppercase &
4. Secure /tmp , tmpfs, /var/tmp using
Preventive measures, which needs to be
1. Use john the ripper to scan the weak passwords.
2. run rkhunter to
scan the rootkits on server.