Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Linux By Terrance Marcelle.

Published byKevin Kelly Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing Linux By Terrance Marcelle."— Presentation transcript:

1 Securing Linux By Terrance Marcelle

2 The CIA Triad Confidentiality Integrity Availability

3 Partitions Default

4 Partitions Recommended

5 Partitions A user stores too many files in their home directory
A user intentionally runs malicious code or a bad command to fill up as much space as possible cat /dev/zero > zerofile Excess logging /dev /tmp are not mounted with noexec, nodev and nosuid

6 Encryption at Rest Should you Encrypt?
Depends on the type of information You may only want to encrypt portions of the drive What happens if…… Server / hard-drive gets stolen The drive space is reallocated to another VM in a hypervisor setting.

7 Encryption in transit Why encrypt data in transit ? Recommendations:
So your information doesn’t get stolen. Recommendations: https over http sftp,scp over ftp snmpv3 over snmpv2 and 1

8 SSH and user logins Defaults
Allowed to login with the root account via ssh (Centos) Disallowed by default in Ubuntu

9 SSH and user login Recommendations /etc/ssh/sshd_config
Disable root account login via ssh /etc/ssh/sshd_config #PermitRootLogin P.S. make sure you have console access or another user with privileges created

10 SSH and user login Install a third party programs like DenyHosts, fail2ban and dosdeflate to monitor invalid logins and block originating ipaddresses Login information storage Centos (/var/log/secure) Ubuntu(/var/log/auth.log)

11 Passwords What happens by default
Only gives a warning if the password is considered weak, but still lets you create it Password are never set to expire Old passwords can be reused

12 Passwords Recommended
Enforce password aging, minimum length, reuse and complexity. CentOS /etc/login.defs , /etc/pam.d/system-auth-ac Ubuntu (install the cracklib pam module) /etc/login.defs , /etc/pam.d/common-password

13 Passwords /etc/login.def Controls Max Age, Min Age, Warning,
PASS_MAX_DAYS 150 PASS_MIN_DAYS 0 PASS_WARN_AGE 7 /etc/pam.d/common-passwords and /etc/pam.d/system-auth-ac Controls Password Complexity, Password re-use and Password Length. password required pam_cracklib.so minlen=8 difok=3 lcredit=-1 ucredit=-1 dcredit=-2 ocredit=-1

14 Why do we need to secure Linux
2011 2012 2013 2014 2015 password 123456 ?? 12345 qwerty abc123 monkey letmein 111111 1234 dragon baseball trustno1 iloveyou Why do we need to secure Linux

15 Updates and Upgrades Keeping you systems up to date
Security Updates Bug Fixes What programs are used? Centos (yum / rpm) Ubuntu (apttitude / dpkg)

16 Updates and Upgrades Recommended Consistent maintenance plan
Centralized package /patch management System (spacewalk, redhat Satellite, Landscape, foreman, katello(candlepin, pulp) ) Automatic Updates ?

17 User Quotas What is it? Limit the amount of storage a user or group can use. Why is it necessary? Because people… How is it implemented? /etc/fstab LABEL=/home /home ext2 defaults,usrquota,grpquota 1 2 mount -o remount /home quotacheck -cvug (creates the quota files) ls -l /home/ edquota username quotaon -a Disk quotas for user username(uid 500): Filesystem blocks soft hard inodes soft hard /dev/sda

18 Firewalls Controls incoming and outgoing network traffic based on a set of rules One of the last lines of defense for your server. Both CentOS and Ubuntu come with iptables Tool allows you to perform very fine grained control of network related transactions through a set of rules. iptables control network related rules for the IPV4 standard ip6tables deals with the ipv6 standard

19 Firewalls Example Configuration: Firewalld (centos 7)
iptables -I INPUT 3 -p tcp -i eth0 -s dport 22 -m state --state NEW,ESTABLISHED -m comment --comment “SSH access limited to carl’s computer” -j ACCEPT Alternative Mangaerment (ufw, apf) Firewalld (centos 7)

20 Logging Logs are located in /var/log
/var/log/messages – Contains global system messages, system startup information,mail, cron, daemon, kern, auth, etc. /var/log/boot.log – Logs system booting information. /var/log/dmesg –kernel ring buffer information. Logs messages about hardware devices detected by the kernel kernel during boot. The content can also be viewed by typing the dmesg command. /var/log/auth.log – Contains user logins and authentication mechanisms that were used in Ubuntu. /var/log/secure - Contains user logins and authentication mechanisms that were used in Centos.

21 Logging THE AUDIT LOG: /var/log/audit
Linux audit allows you to comprehensively log and track access to files, directories, and resources of your system, as well as trace system calls. It enables you to monitor your system for application misbehavior or code malfunctions Rule to log every attempt to read or modify the /etc/ssh/sshd_config file: auditctl -w /etc/ssh/sshd_config -p rwxa -k sshd_config If the auditd daemon is running, running the following command creates a new event in the Audit log file: ~]# cat /etc/ssh/sshd_config

22 Logging THE AUDIT LOG continued
ausearch - a command that can query the audit daemon logs based for events based on different search criteria. ausearch -f /etc/sshd_config (searches on file name) ausearch -k sshd_config (searches on keyname created to represent file) aureport - a tool that produces summary reports of the audit system logs.

23 Advanced Configurations
Disable / blacklist devices (modprobe) Tune Kernel Parameters (sysctl) Limit system wide resource usage (ulimit) Cron jobs (limit cron users cron.allow, cron.deny) Control Keys (Ctrl-alt-delete) ICMP (disable) selinux and apparmor

24 Avanced Configurations continued
Password protect grub Password protect Single user mode

25 Complete Security Packages
Are there any tools to help?

26 References General Hardening
Disk Encryption

27 References Password Hardening https://en.wikipedia.org/wiki/Linux_PAM
Logs (Audit Logs)

Download ppt "Securing Linux By Terrance Marcelle."

Similar presentations

Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.

Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Voyager Server Security and Monitoring Best practices and tools.

Voyager Server Security and Monitoring Best practices and tools.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.

Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.
L INUX HARDENING پروژه ی درس امنیت سیستم عامل استاد پهلوان هدی سادات محمدقلی رضا حمزه 1.

L INUX HARDENING پروژه ی درس امنیت سیستم عامل استاد پهلوان هدی سادات محمدقلی رضا حمزه 1.
Configuring Disk Quotas Linux System Administration To implement disk quotas, use the following steps: Enable quotas per file system by modifying /etc/fstab.

Configuring Disk Quotas Linux System Administration To implement disk quotas, use the following steps: Enable quotas per file system by modifying /etc/fstab.
Linux Filesystem Management

Linux Filesystem Management
Linux+ Guide to Linux Certification, Third Edition

Linux+ Guide to Linux Certification, Third Edition
CompTIA Linux+ Certification

CompTIA Linux+ Certification
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Guide to Linux Installation and Administration, 2e1 Chapter 3 Installing Linux.

Guide to Linux Installation and Administration, 2e1 Chapter 3 Installing Linux.
1 Network File Sharing. 2 Module - Network File Sharing ♦ Overview This module focuses on configuring Network File System (NFS) for servers and clients.

1 Network File Sharing. 2 Module - Network File Sharing ♦ Overview This module focuses on configuring Network File System (NFS) for servers and clients.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Managing User Accounts, Passwords and Logon Chapter 5 powered by dj.

Managing User Accounts, Passwords and Logon Chapter 5 powered by dj.
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Similar presentations

Ads by Google