[TuT] Linux how to harden install
As i said before in my iptables tut i am making a tut on how to help keep hackers and script kiddie out of your server. First off i want to say that i am in now way a expert on every thing security tho i like to think i have advance knowledge. I am in school for network security so the information he is not being pulled out my ass i am doing my research.
Any talk about exploits // hacks that include download links or tell the players how to use them will be removed. Also any talk about illegal actions such as DDoS/DoS attacks will also be removed. Also I do not want this turning in to a thread about how to hack in to other peoples servers, any thing along that lines will be removed.... That being said if you have a way you use to help protect your servers feel free to post it or PM me it if you do not want to let people know what community are using what. There is not one way to protect your servers, it is a combo of things that will help you keep your data safe. For example just because you are running a firewall that does not allow any traffic but you server does not mean that your server can not be comprised. But if you are running that firewall and the server in a jail it will be much harder for a person to damage your server but once again not impossible. What i am trying to do is give a intro in to security and some concepts that people use to get into your servers. Basics: Upates: this one is just common sence keep your server and the running software up to date, not only does this add new features to them but fix bugs and exploits. Code:
Red Hat, Fedora, CentOS, and other Red Hat derivatives: Forcing the default shell to nologin Code:
nano /etc/passwd Code:
passwd -l <account name> Code:
nano /etc/ssh/sshd_config Because ssh is a service it simply has a config file to change it around :) Quit being lazy and read the man pages so you know every thing it can do... Code:
http://linux.die.net/man/5/ssh_config Code:
Unneeded services: As with all OS's when you install the system there are things that run that you probably do not need or want such as a web server on your gaming box. To see what ports are being used and what is using them type: Code:
lsof -i http://i406.photobucket.com/albums/p...ngservices.png To turn off any services that i do not want to run. Code:
/etc/init.d/<serivce name> stop For this we have to make sure there is not X server running. (if you have any problems with the file systems being in use also do this) Code:
init 1 Code:
Code:
#Make certain that the file /etc/pam.d/login contains the line: Code:
#Create a group wheel (and if you already have one, don't worry about any error message at the groupadd command): I will be adding more as requested :) |
Re: [TuT] Linux how to harden install
reserved
|
All times are GMT -4. The time now is 12:03. |
Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.