Linux Security Hardening: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
Line 1: | Line 1: | ||
=Internal= | =Internal= | ||
* [[Linux | * [[Linux Security#Subjects|Linux Security]] | ||
=Overview= | =Overview= |
Latest revision as of 21:14, 1 March 2021
Internal
Overview
Steps
Minimal Footprint
Install a minimal image and add utilities as needed.
Eliminate Users
Remove all unneeded users.
root
Change the root's password to a long, random one.
Scan for Services Listening on Ports
netstat -tupln
Eliminate:
sshd
Allowed Users
Configure sshd to only allow root access only based on public/private key identification.
Alternatively, create a special login user with a random name and a long, random password:
groupadd -g 1200 m3rt50acc useradd -g 1200 -m -u 1200 m3rt50acc
then Disallow root to log in at all. Possibly add m3rt50acc's public key to authorized_keys.
sshd Port
Disable IPV6
Prevent the sshd from listing on IPV6.
iptables
iptables review.
Incremental Remote Backup System Security Analysis
TODO
- Penetration detection.