1 / 15

Linux Security

This guide provides crucial steps for enhancing security on Linux systems. Learn how to check who is currently logged in, disable remote root logins, manage user accounts, and set password policies. You'll also find instructions on checking active network services, managing file permissions, and analyzing log files for security events. By following these practices, you can ensure your Linux system remains secure from unauthorized access and vulnerabilities. Protect your system efficiently with straightforward commands and configurations.

sasha-whitaker
Download Presentation

Linux Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Linux Security

  2. See who's logged in 1) w     (more information) 2) who     (less information)

  3. Disable remote logins for "root" account 1) Deactivate telnet daemon     sudo service telnet stop 1.5) Remove telnet daemon (unless REALLY needed)     sudo apt-get remove telnetd 2) Disable root logins in ssh server (use nano or vi as root)     edit /etc/ssh/sshd_config; find "PermitRootLogin", set to "no"     Restart ssh: sudo service ssh restart 3) Disable all remote root logins in /etc/security/access.conf     add line to access.conf:     "- : root : ALL EXCEPT LOCAL"

  4. Disable toor account a) Delete the account:     sudo userdel toor b) Disable (Lock) account:     sudo usermod -L toor c) Set toor's login shell to /usr/sbin/nologin:     (edit /etc/passwd; change  last argument on toor's entry to /usr/sbin/nologin)

  5. Enforce Password Length edit /etc/pam.d/common-password (with sudo) Append the first line containing "pam_unix.so" with     min=8 This will enforce a minimum password length of 8 characters. NOTE:     Can be set to any desired minimum length

  6. Create User Accounts sudo useradd -m -G users,development,remote username -m creates home directories -G adds the new user to the listed groups     (users,development,remote)

  7. Check Active Network Service 1) Netstat (IPv4, Listening, show Process name)     sudo netstat -4lp 2) Check the Internet Services daemon     cat /etc/inetd.conf

  8. Check Active Processes 1) ps -ex Show processes for Everything, with eXtended info 2) pstree -a Show process in tree format, with Attributes

  9. End suspect processes 1) kill (PID) Ask the specified process to end nicely 2) kill -15 (PID) Tell the process to end 3) kill -9 (PID) Tell the system to end the process 4) sudo kill -9 (PID) As root, tell the system to end the process

  10. chmod explained chmod: Change file privileges- identity, privilege Identities are     User = u     Group = g     Other = o Privileges are     Read = r     Write = w     Execute = x chmod u+x;  chmod g-w; chmod o-wr

  11. chown explained CHange OWnership, in user:group format. Change /home/development to be owned by root:     chown root: /home/development Change /home/development to be owned by wheel group:     chown :wheel /home/development Change /home/yourfile:     chown you:users /home/yourfile

  12. Create a Shared File Folder Create the folder, give it following permissions:     (group ownership = development)     User, Group, Other: No Execute     Other: No read or write     Group: Read and Write mkdir /home/Development chown -R :development /home/Development chmod ugo-x /home/Development chmod o-rw /home/Development chmod g+rw /home/Development

  13. Log File Analysis Logs are stored in /var/log/ Example:     /var/log/messages    (generic messages)     /var/log/syslog           (kernel messages)     /var/log/auth.log        (Authentication log) auth.log records all login attempts-- local, ssh, telnet, etc.

  14. Reading log files Dump to the screen cat /var/log/auth.log Show entries in scrollable format less /var/log/auth.log Show last 10 entries tail /var/log/auth.log Show last ten entries, and any subsequent entries tail -f /var/log/auth.log

  15. grep logfiles Keyword searches on logfiles: Show login attempts for kdewey: grep 'kdewey' /var/log/auth.log Show sudo uses: grep 'sudo' /var/log/auth.log

More Related