linux security
DESCRIPTION
Linux Security. See who's logged in. 1) w (more information) 2) who (less information). Disable remote logins for "root" account. 1) Deactivate telnet daemon sudo service telnet stop 1.5) Remove telnet daemon (unless REALLY needed) sudo apt-get remove telnetd - PowerPoint PPT PresentationTRANSCRIPT
Linux Security
See who's logged in
1) w (more information)
2) who (less information)
Disable remote logins for "root" account
1) Deactivate telnet daemon sudo service telnet stop 1.5) Remove telnet daemon (unless REALLY needed) sudo apt-get remove telnetd
2) Disable root logins in ssh server (use nano or vi as root) edit /etc/ssh/sshd_config; find "PermitRootLogin", set to "no" Restart ssh: sudo service ssh restart
3) Disable all remote root logins in /etc/security/access.conf add line to access.conf: "- : root : ALL EXCEPT LOCAL"
Disable toor account
a) Delete the account: sudo userdel toor
b) Disable (Lock) account: sudo usermod -L toor
c) Set toor's login shell to /usr/sbin/nologin: (edit /etc/passwd; change last argument on toor's entry to /usr/sbin/nologin)
Enforce Password Length
edit /etc/pam.d/common-password (with sudo) Append the first line containing "pam_unix.so" with min=8
This will enforce a minimum password length of 8 characters.
NOTE: Can be set to any desired minimum length
Create User Accounts
sudo useradd -m -G users,development,remote username
-m creates home directories-G adds the new user to the listed groups (users,development,remote)
Check Active Network Service
1) Netstat (IPv4, Listening, show Process name) sudo netstat -4lp
2) Check the Internet Services daemon cat /etc/inetd.conf
Check Active Processes
1) ps -exShow processes for Everything, with eXtended info
2) pstree -aShow process in tree format, with Attributes
End suspect processes
1) kill (PID)Ask the specified process to end nicely
2) kill -15 (PID)Tell the process to end3) kill -9 (PID)Tell the system to end the process
4) sudo kill -9 (PID)As root, tell the system to end the process
chmod explained
chmod: Change file privileges- identity, privilege Identities are User = u Group = g Other = o
Privileges are Read = r Write = w Execute = x
chmod u+x; chmod g-w; chmod o-wr
chown explained
CHange OWnership, in user:group format.
Change /home/development to be owned by root: chown root: /home/development
Change /home/development to be owned by wheel group: chown :wheel /home/development
Change /home/yourfile: chown you:users /home/yourfile
Create a Shared File Folder
Create the folder, give it following permissions: (group ownership = development) User, Group, Other: No Execute Other: No read or write Group: Read and Write
mkdir /home/Developmentchown -R :development /home/Developmentchmod ugo-x /home/Developmentchmod o-rw /home/Developmentchmod g+rw /home/Development
Log File Analysis
Logs are stored in /var/log/
Example: /var/log/messages (generic messages) /var/log/syslog (kernel messages) /var/log/auth.log (Authentication log) auth.log records all login attempts-- local, ssh, telnet, etc.
Reading log files
Dump to the screencat /var/log/auth.log Show entries in scrollable format less /var/log/auth.log
Show last 10 entriestail /var/log/auth.log
Show last ten entries, and any subsequent entriestail -f /var/log/auth.log
grep logfiles
Keyword searches on logfiles:
Show login attempts for kdewey:grep 'kdewey' /var/log/auth.log
Show sudo uses:grep 'sudo' /var/log/auth.log