Linux Security Hardening: Difference between revisions
Jump to navigation
Jump to search
(→sshd) |
(→sshd) |
||
| Line 33: | Line 33: | ||
groupadd -g 1200 m3rt50acc | groupadd -g 1200 m3rt50acc | ||
useradd -g 1200 -m -u 1200 m3rt50acc | useradd -g 1200 -m -u 1200 m3rt50acc | ||
Possibly add public key to authorized_keys. | |||
* [[Sshd_Configuration#Disallow_root_to_Connect|Disallow root to log in]]. | * [[Sshd_Configuration#Disallow_root_to_Connect|Disallow root to log in]]. | ||
Revision as of 04:28, 22 April 2018
Internal
Overview
Steps
Minimal Footprint
Install a minimal image and add utilities as needed.
Eliminate Users
Remove all unneeded users.
root
Change the root's password to a long, random one.
Scan for Services Listening on Ports
netstat -tupln
Eliminate:
sshd
- Create a special login user with a random name and a long, random password:
groupadd -g 1200 m3rt50acc useradd -g 1200 -m -u 1200 m3rt50acc
Possibly add public key to authorized_keys.
TODO
- Penetration detection.