Hello!

Today I had a jolly unpleasant experience - I could no longer log in with my root password. I tried quite a few methods but the bottom line was - ssh was working, http as well but my and default passwords were not valid. It seems my box has been had Now my ASUS sits on my table switched off and I put my old trusty DD-wrt box in its place - no HDD for now .

This event made me focus on a job that I have been thinking about for a couple of months:
1) To create a more secure ASUS installation in which the focus would be not only to get the services (disk, ftp samba...) working, but rather working securely. After all ASUS security should be not very different from any other UNIX box security. My aim will be to test it esternally as well - from a friend's house.
2) In this process to create ASUS security guidelines - similar to marcnesium's and mine tutorials. Guidelines then could be discussed and improved.

I did not find a similar thread in these forums, therefore I think this could add to overall good experrience with ASUS. Of course I found http://wl500g.info/showthread.php?t=...light=security describing the horrible ASUS official firmware gap. I trust that Oleg's firmware does not have it - although I did not check as my ASUS was offline.

My proposed configuration would be:
1. Hardware:
- Firewall
- HDD
2. Software:
- Oleg's current firmware
- SSH
- cron
- samba
- vsftpd
- mc
- nano
- screen
- ntpclient
- nload
- enhanced-ctorrent
- additional security related programs discovered during this project

Notes:
* Security means that there is an easy routine how to check if anything suspicious is going on. Therefore some system of logs and log analysis must be in place. I plan to get this bit from the available literature.
* Command line access would be mainstay. Essentially I think setting up a httpd and maintaining it secure is an unnecessary task unless there is a huge advantage to that interface.
* Some of the scope of security related questions are:
- how to be sure your samba is not accessible from Internet (yes I know you can bind it to your LAN ip, but is it enough?)
- how to be sure your ftp server is difficult to hack in and how to alert yourself to serious attempts. I noticed that my ftp server got at least 300 login attempts during the first weeks, but I did not have the system to follow that up properly. I dod not worry very much as it was chrooted, but still - was it the cuplrit?
- how to make enhanced-ctorrent to be secure - run it form a non root account for starters?
- how to set up other accounts correctly so that above services needn't run as root
- etc...

I am grateful for your comments and suggestions.