Securing Linux

last edited Sat, 20 Jul 2024 12:26:17 GMT
backlinks: Linux System Administration void linux

It's always beneficial to consider your threat model.

[ ] Create SSH Keys
[ ] Secure /etc/ssh/sshd_config
[ ] limit sudousers
[ ] limit suusers
[ ] firejail to sandbox
[ ] firewall or iptables
[ ] Disable or remove server services that are not going to be utilized (e.g., FTP, DNS, LDAP, SMB, DHCP, NFS, SNMP, etc.).
[ ] use LAN whenever possible
[ ] use WPA2 if using wireless

Root direct link to this section

make the password irrelevant

Limit execution of the su command to members of group wheel.
Prevent direct root login, either on directly connected terminals or remotely over SSH.
Disable password authentication over SSH, require cryptographic authentication.

SSH direct link to this section

Ed25519 public/private SSH keys:
- private key on your client
- public key on your server sshd config:
disable SSH root login
set permitemptypasswords to no
log level set to info
require cryptographic authentication, not password auth

Intrusion Detection direct link to this section

configure and install AIDE
configure selinux
configure NTP
enable auditid
scan for rootkits with RKHunter and shkrootkit

snort direct link to this section

sudo apt install snort

run as a daemon:

sort -D

read the logs /var/log/snort/alert

Secure File deletion direct link to this section

Use secure remove sudo apt install secure-delete

Over write data with zeroes:

# dd if=/dev/zero of=/dev/sdX

or:

$ sudo dd if=/dev/zero of=/dev/sdX

Overwriting with random data:

# dd if=/dev/urandom of=/dev/sdX

or:

$ sudo dd if=/dev/urandom of=/dev/sdX