CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

Slides:

Advertisements

Similar presentations

Some history PDP versions BSD/Version 7 split VAX virtual memory implementations End of line 4.4 BSD System V merges Modern versions OSF/1, Solaris, HPUX.

Advertisements

INSTALLING LINUX.  Identify the proper Hardware  Methods for installing Linux  Determine a purpose for the Linux Machine  Linux File Systems  Linux.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.

Linux Security An overview notes from Linux Network Security HowTO.

System Hardening Borrowed from the CLICS group. System Hardening How do we respond to problems? (e.g. operating system deadlock) Detect Detect (Detect.

Linux+ Guide to Linux Certification, Second Edition Chapter 15 Configuring Network Services and Security.

Linux Security 資管研究生劉順德. Outline General Security –Account –Local –Network –Patch Services Security –Sendmail –BIND/DNS –Apache –FTP Recent Linux security.

A Guide to Unix Using Linux Fourth Edition

GNU/Linux Filesystem 1 st AUT GNU/Linux Festival Computer Engineering & IT Department Bahador Bakhshi.

Lesson 22 – Introduction to Linux Systems Administration.

Chapter 10 Linux 10.1 User Interface Administration

Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.

UNIT - III. Installing Samba Windows uses Sever Message Block(SMB) to communicate with each other using sharing services like file and printer. Samba.

Linux System Administration LINUX SYSTEM ADMINISTRATION.

1.  The Linux system of permissions is much more difficult than that of Windows  System administrators are given more control with the use of three.

Configuring Disk Quotas Linux System Administration To implement disk quotas, use the following steps: Enable quotas per file system by modifying /etc/fstab.

Linux+ Guide to Linux Certification, Third Edition

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany.

Introducing the Bastille Hardening Assessment Tool Linux World Expo - SFO /20/2017 Jay Beale Security Consultant Intelguardians Network Intelligence,

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Hacking Linux Systems.  Text Editors  vi, ex, pico, jove, GNU emacs  Shells  chs (C Shell), sh (Bourne Shell)  File navigation  cd, ls, cp, mv,

Linux Security Anthony Albrecht – Services & Accounts

VsFTP in Linux. Introduction to FTP The File Transfer Protocol (FTP) is used as one of the most common means of copying files between servers over the.

Bastille Linux Past, Present and Future Jay Beale Lead Developer, Bastille Linux President, JJB Security Consulting.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

SAMBA Integrating Linux and Window. What is Samba? Free suite of programs that enables flavors of UNIX to work with other operating systems such as OS/2.

COSC 4750 Customizing and maintenance. Installing software Redhat/Fedora (and linux in general) has a package installer, called rpm Many programs will.

OS Hardening Justin Whitehead Francisco Robles. ECE Internetwork Security OS Hardening Installing kernel/software patches and configuring a system.

System logging and monitoring

ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration.

Day 11 SAMBA NFS Logs Managing Users. SAMBA Implements the ability for a Linux machine to communicate with and act like a Windows file server. –Implements.

Secure Operating Systems Lesson C: Linux Security Features.

Linux Services Muhammad Amer. 2 xinetd Programs  In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon.

File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission.

CIS 290 LINUX Security Basic Network Security “Chroot Jail”

Guide to Linux Installation and Administration1 Chapter 4 Running a Linux System.

Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.

Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.

CIS 192B – Lesson 3 Network Information Services.

Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.

A Practical Guide to Fedora and Red Hat Enterprise Linux Unit 9: Basic Linux Administration Chapter 11: System Administration: Core Concepts Chapter 16:

Core System Services. INIT Daemon The init process is the patron of all processes. first process that gets started in any Linux/ UNIX -based system.

1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.

Linux Overview Why Linux ? Not-so-ancient history –Torvalds, Linus Torvalds, 002 the Helsinki University, as a student, low budget, work home –rapid and.

Internet Services.  Basically, an Internet Service can be defined as any service that can be accessed through TCP/IP based networks, whether an internal.

© 2007 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. An Open Source ARM 4 Implementation.

Minimizing your vulnerabilities. Lets start with properly setting up your servers which includes… Hardening your servers Setting your file and folder.

1 LINUX SECURITY. 2 Outline Introduction Introduction - UNIX file permission - UNIX file permission - SUID / SGID - SUID / SGID - File attributes - File.

1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Module 10: Implementing Administrative Templates and Audit Policy.

Working with users and Groups. 1. Manage users and group 2. Manage ownership, permissions, and quotas.

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Using Networks. Assignment Issues find syntax Permissions HW4 3c /proc vs /tmp vs /var.

Linux Administration – Finding You Way on the Command Line The Linux File Directory or Tree.

19 Copyright © 2008, Oracle. All rights reserved. Security.

LINUX SYSTEM ADMINISTRATION

Chapter 9 Router Configuration (Ospf, Rip) Webmin, usermin Team viewer

System Programming and administration CS 308

Chapter 11: Managing Users

IS3440 Linux Security Unit 6 Using Layered Security for Access Control

Configuring Internet-related services

Security and File Permission

LINUX SYSTEM ADMINISTRATION

Operating System Security

Welcome to all Participants

Convergence IT Services Pvt. Ltd

Configuring Disk Quotas

Presentation transcript:

CIS 193A – Lesson4 Bastille Hardening a System

CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden a system?

CIS 193A – Lesson4 The Bastille Package /etc/Bastille - Configuration files (config) /var/log/Bastille - Reports and log files /var/log/Bastillerevert - backup files /usr/lib/Bastille - Perl libraries /usr/share/Bastille - Documentation

CIS 193A – Lesson4 Command Syntax bastille –a # --assess Assess the system bastille –x # -c for curses Create config file and implement changes bastille –b Harden system with specified configuration bastille –r Undoes the configuration

CIS 193A – Lesson4 Bastille Groupings File Permissions Account Security Boot Security Logging Miscellaneous Daemons Secure Inetd Disable User Tools Services: Sendmail, Printing, Apache, DNS, FTP

CIS 193A – Lesson4 File Permissions Setting permissions in /sbin and /usr/sbin to 750 instead of 755 Removing setuid bits from: –mount, umount –ping traceroute –dump restore –at –X windows –others

CIS 193A – Lesson4 Account Security Disable clear text r-protocols Add password aging Strengthen umask Disable root loggins on ttys Remove extraneous accounts and groups Restrict use of cron to root account

CIS 193A – Lesson4 Boot Security Password protect grub or lilo Disable ctrl-alt-del reboot sequence Password protect single user mode

CIS 193A – Lesson4 Logging Adding additional logging Activating system auditing Turning on process accounting

CIS 193A – Lesson4 Miscellaneous Daemons Disable the following services: –apmd / acpid –nfs, nis –samba –pcmcia –gpm –kudzu –etc

CIS 193A – Lesson4 Secure Inetd Disable telnet service Disable ftp service Include default deny for hosts.deny Banners: authorized use warnings

CIS 193A – Lesson4 Disable User Tools Disable compilers

CIS 193A – Lesson4 Review

CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden a system? Bastille uses grub, PAM, chkconfig, chmod, iptables, and edits such files as issue, securetty, nologin, inittab, login.defs, as well as service configuration files.