Sometimes you have servers hanging out in the public internet in ways that you have little control over the network and hardware firewalls. Setting up a hosted server, such as a Virtual Private Server (VPS) or “node” in the cloud can be scary. Fortunately software firewalls, such as iptables, can add a little to piece of mind. But, in these days of automated attacks, it is still not enough. Usually the primary means of access to these servers is SSH. There are a couple really simple things can be done to make SSH more secure. I recently setup a new node on Linode. In the first hour there...

I recently setup a CentOS 6.3 server on Linode.com. One of the first things I wanted to do was lock it down with iptables. Unfortunately iptables was not starting cleanly. Specifically, It was failing here: Iptables Error – Setting Chains To Policy ACCEPT: Security Raw Nat Mangle Filter [FAILED] It turns out that was happening due to the paravirt kernel having a “security” chain compiled into it, and the default “iptables” init script included with CentOS does not know how to handle it. After a bit of searching I found a patch for the init script, posted by one of the...