[mythtv-users] SSH break in attempt this morning using mythtv user

[chris at cpr.homelinux.net]

On Tue, Feb 28, 2006 at 02:46:35PM +1100, Michael Fox wrote:
> Or atleast have a password other then something like "password". I
> allow mythtv user to logon in via ssh personally, but it has a
> password other then something like "password".
> 
> Although I probably shouldn't allow it to ssh, and then just su to
> mythtv as I need to.

Unless your machine is using auto-login to run the frontend at boot, 
you can disable the mythtv account completely.  If you're using 
auto-login, you can create a different user for that purpose.  
Anything that needs to run as mythtv is started from a root job using 
suid anyway.

On my machine I run ssh on a different port, block root logins via 
ssh, and disable all machine and/or inactive user accounts (including 
mythtv) right in /etc/shadow.  On top of that, I use a log-watch 
program (fail2ban) that temporarily firewalls any incoming connection 
that fails authentication after a few tries, just in case someone 
finds my ssh port or decides to try guessing passwords using imaps.

Since my network also has a WPA-enabled WiFi port, I also run 
arpwatch so that I get an email any time a new network device is 
detected, just in case someone manages to find a way to break the 
WiFi security.

These programs are all easy to configure and take up almost no CPU or 
memory, so they're definitely a good investment.

-- 
"When fascism comes to America, it will be wrapped in the flag and 
carrying the cross." - Sinclair Lewis (1935)