Hardening Linux Server

Some Steps

Installation of Linux OS
Install the OS with minimal installation, then proceed to install only the required packages.

Removing the unwanted packages in os like gnome, kde,games,Openoffice not needed for server configuration.

Securing the Bootloader
Grub should be configured with password

Restrict access to Server
/etc/hosts.allow and /etc/hosts.deny
should be configured

Modify /etc/hosts.allow

Suggested format:
# Approved IP addresses
ALL: 192.168.0.1
ALL: 192.168.5.2

# CSV uploader machine
proftpd: 10.0.0.5

# pop3 from anywhere
ipop3: ALL

Modify /etc/hosts.deny
ALL:ALL EXCEPT localhost:DENY

Securing SSH

vi /etc/ssh/ssh_config change the following
protocol 2,1 to protocol 2
PermitRootLogin yes to PermitRootLogin no
Restart SSHD: /etc/rc.d/init.d/sshd restart



Setting SSH Banner for the making user to consent to the terms & conditions
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#*****************************************************************************#

# This computer system is for authorized users only. All activity is logged #

#*****************************************************************************#


Set the ssh banner by creating a file /etc/ssh/sshd-banner , and add/edit the sshd configuration in the file /etc/sshd/sshd_config as follows Banner /etc/ssh/sshd-banner save and restart the sshd service.

Disable Telnet
vi /etc/xinetd.d/telnet change disable = no to disable = yes

Disable root login for FTP Server
vsftpd by default wont allow root, proftpd & others need to be configured explicitly

Comments

Post a Comment

Popular posts from this blog

Installation of Linux version of XAMPP

Image
Step 1: Download you can download Linux version of XAMPP from the give link A complete list of downloads (older versions) is available Step 2: Installation After downloading simply type in the following comm ands: Go to a Linux shell and login as the system administrator root: su Extract the downloaded archive file to /opt: tar xvfz xampp-linux-1.7.tar.gz -C /opt Note: Please use only this command to install XAMPP. DON'T use any Microsoft Windows tools to extract the archive, it won't work. Note : already installed XAMPP versions get overwritten by this command. That's all. XAMPP is now installed below the /opt/lampp directory. Step 3: Start To start XAMPP simply call this command: /opt/lampp/lampp start You should now see something like this on your screen: Starting XAMPP 1.7... LAMPP: Starting Apache... LAMPP: Starting MySQL... LAMPP started. Ready. Apache and MySQL are running. If you get any error messages please take a look at the Step 4:...
Read more

How can I prevent users from connecting to a USB storage device? in Windows OS

It is easy to lock a machine down, disable the floppy, and cdrom in the bios. There is a simple registry change that will keep the USB storage drivers from starting when the system boots. Keeps people from walking up to a PC and copying data off with a USB key, but allows you to keep your scanner, keyboard, and mouse working. As always - back your system up before messing around in the registry. Just open regedit and browse to this key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor Notice the value 'Start' Switch this value to 4, and USB storage devices are disabled. Switch this value to 3, and USB storage devices are enabled. Hence you have Prevented users from connecting a USB device
Read more

Basic Linux Commands

command cd : Use cd change directories example: cd home or complete path must be written cd /root/home command clear : clean up your command window command ls : The ls command lists the contents of your current working directory command mkdir : makes directory command df : df provides a very quick check of your file system disk space. command du : du display usage of the disk space example du -a command finger : finger allows you to see who else is on the system or get detailed information about a person who has access to the system. command man : man followed by a command will give detailed information about that command Example: man ls command logout : logout will log your account out of the system command find : find will locate a files/directories qui...
Read more