Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Linux Hardening

    Enviado por

    Sunitha9
    21 visualizações5 páginas
    Linux

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    DOC, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    Linux

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato DOC, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    21 visualizações5 páginas

    Linux Hardening

    Enviado por

    Sunitha9
    Linux

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato DOC, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 5

    Linux OS hardening Guideline

    Created By Version Number Type

    MSS Team 1.0 Guideline

    SIFY/TECH/IMS/MSS/CHN/ALL/GL/020

    Internal Page 1 of 5 Linux Hardening


    vi /etc/resolv.conf
    Add the name server
    nameserver 202.144.66.6
    nameserver 202.144.10.50

    nameserver 202.144.76.3

    vi /etc/ssh/sshd_config
    Uncomment the USEDNS parameter and replace the value with “no”
    service sshd restart

    or

    /etc/init.d/sshd restart

    Before Doing the Basic Check run the Rootkit Hunter and chkrootkit Tools in the Server, If any Warning’s
    are showed give it as recommendations.

    Download the latest rkhunter and chkrootkit.

    Not required

    Installation and Creating the Report for rkhunter.

    tar –zxvf rkhunter-<X>.tar


    cd rkhunter
    ./installer.sh –install
    rkhunter --propupd
    rkhunter –c
    cp /var/log/rkhunter.log .

    THE FILE rkhunter.log contains the scan report copy and move using winscp

    Installation and Creating the Report for chkrootkit.

    tar –zxvf chkrootkit.tar


    cd chkrootkit-<X>
    touch chkrootkitresult
    ./chkrootkit > chkrootkitreport

    THE FILE chkrootkitreport contains the scan report copy and move using winscp

    Save the report and send to the Admin if Vulnerabilities are listed out.

    Installation and Creating the Report for Detection Tool


    tar –zxvf detection_tool.tar.gz
    cd detection_tool
    cd pre-compiled
    ./ detection_tool /

    Internal Page 2 of 5 Linux Hardening


    BASIC CHECKS:

    Create a admin user and password – useradd admin ( online)


    Passwd admin
    New pass: password

    vi /etc/group – [Add the admin user in wheel group]


    wheel:x:10 : root, admin
    [check]
    wheel : x: 10 : root, admin [Add is User’s are there]

    vi /etc/passwd - Check whether any Suspicious login's are Present? If so Contact Admin and ask for it.
    (eg.) news: /bin/false or nologin (check for the same)

    vi /etc/login.defs - [Chg]
    PASS_MIN_LEN 8

    vi /etc/profile - [Add]
    HISTSIZE=30
    HISTFILESIZE=30
    TMOUT=900

    vi /etc/host.conf - [Add]
    multi on
    nospoof on

    vi /etc/inittab - [Chg] [Comment the Sentence] [To Trap Ctrl+alt+del Button]


    #ca::ctrlaltdel/sbin : /sbin/shutdown -t3 -r now
    id:3:initdefault - Runlevel should be 3
    /sbin/init q

    vi /etc/pam.d/su - [Chg] [The 1st Line][Add:debug] [To Switch User]

    auth sufficient pam_rootok.so debug

    [Chg the 5th Line][uncomment it]

    vi /etc/syslog.conf - [Add] [Authentication ] as follows

    # Authlogs
    auth.notice /var/log/authlog

    # Syslogs
    daemon.notice /var/log/syslog
    *.*;mail.none;cron.none @202.144.75.9

    Internal Page 3 of 5 Linux Hardening


    After the entry of this command type ( online)
    touch /var/log/authlog
    touch /var/log/syslog

    Restart the syslog service: service syslog restart

    vi /etc/default/cron - [ Its a New File] [Add] [CAPS ON] [To see the Status of the CRON
    Job Running ]
    CRONLOG=YES

    vi /etc/skel/.bash_logout -
    [To remove the History Files]
    [Add]
    rm -f $HOME/.bash_history

    chattr +i /etc/services
    chmod 600 /etc/login.defs (online)
    chmod -R 700 /etc/rc.d/init.d/*

    Paste the below lines in the directory 1) vi /etc/issue , 2) vi /etc/issue.net and 3) vi /etc/motd .
    ***************************************************************************************
    This system is a restricted access system. All activity on this system is subject to monitoring. If information
    collected reveals possible criminal activity or activity that exceeds privileges, evidence of such activity may
    be provided to the relevant authorities for further action. By continuing past this point, you expressly consent
    to this monitoring.
    ***************************************************************************************
    To Check What services are Running:

    (online)
    ps -ef [ Unwanted Process to be killed]
    netstat -tapn | grep LISTEN

    Root Logs:- (online)


    ----------------
    vi /root/.bash_profile {For Debian “-q” Option won't work}

    stty erase ^?
    EXT=`date +'%d%m%y.%H%M%S'`
    export SHELL TERM TMOUT EXT PATH SHELL
    if [ ! -d $HOME/logs ] ; then
    mkdir $HOME/logs
    fi
    if [ "`tty`" != "/dev/console" ] ; then
    if [ -x $SHELL ] ; then
    exec script -q $HOME/logs/${LOGNAME}logs.$EXT
    fi
    fi
    mesg n

    NR

    Internal Page 4 of 5 Linux Hardening


    Specific IP Logins
    This must be verified with the Box Owner and to get logged into the Box for Specific IP’s
    vi /etc/hosts.allow

    Add:
    SSHD: <IP’s>

    Eg:
    SSHD: 202.144.55.56,57,58,59,60,61,62
    SENDMAIL: 127.0.0.1

    Internal Page 5 of 5 Linux Hardening

    Você também pode gostar