|
If they are linux servers, I'd first run hardened versions of your programs.
Disable root account login in direct and ssh.
Disable password login in ssh, and force the usage of shared keys.
Disable sudo procedure.
If possible, disable every network listening service (mysql, nfs...) or try to run those services in a chroot jail (I think CVS and ssh here). At least, if they get conpromised, the hacker would be restricted.
Shield everything under a firewall, and open only selective holes in it for specific tasks (http, ssh).
If you don't use ssl, don't run apache ssl module.
Don't run ftp, use either sftp (ssh based ftp) or run an VPN, and do everything via that vpn.
Run root kit detections like rkhunter via cron jobs to ensure that nothing change on your server without you knowing it.
And finally, for the brute force login, run something like denyhost, which analyze login attempt via ssh and blacklist ip adress trying to come in via brute force.
I even think it can work for others protocols, but I'm not sure of that.
This is what I've done on my server, and what I would recommend.
Now, I'm not a real "sysadmin", I'm just a bit educated in that field, and I could not exactly tell you how to do that, as this is very distro dependent.
|
