Difference between revisions of "Security: Basic OS Security"

From OnnoWiki
Jump to navigation Jump to search
(Created page with "==Disable Services== * Remote Desktop Disable * check active port * check daemon ==Files Security== * File Permission * File Owner * File Encryption * Harddisk Partition *...")
 
 
(8 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
* Remote Desktop Disable
 
* Remote Desktop Disable
 
* check active port
 
* check active port
* check daemon
+
 
 +
nmap -sT -O localhost
 +
netstat -tulpn
 +
netstat -ntlupa
 +
 
 +
* check daemon, di Ubuntu, bisa menggunakan
 +
 
 +
apt-get install sysv-rc-conf
 +
sysv-rc-conf --list | grep '3:on'
 +
 
 +
service serviceName stop
 +
sysv-rc-conf serviceName off
 +
 
 +
Alternatif perintah yang menarik
 +
 
 +
sysv-rc-conf apache2 on
 +
sysv-rc-conf --list apache2
 +
 
 +
Alternatif perintah lain
 +
 
 +
update-rc.d <service> defaults
 +
update-rc.d <service> start 20 3 4 5
 +
update-rc.d -f <service> remove
  
 
==Files Security==
 
==Files Security==
  
 
* File Permission
 
* File Permission
 +
 +
[[chmod]]
 +
 
* File Owner
 
* File Owner
 +
 +
[[chown]]
 +
 
* File Encryption
 
* File Encryption
 +
 +
 
* Harddisk Partition
 
* Harddisk Partition
 +
 +
df -h  make sure separate partition
 +
 
* Find World Writeable files
 
* Find World Writeable files
 +
 +
find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
 +
 
* Find Noowner files
 
* Find Noowner files
 +
 +
find / -xdev \( -nouser -o -nogroup \) -print
  
 
==File Transfer==
 
==File Transfer==
  
 
* Disable FTP
 
* Disable FTP
 +
 +
/etc/init.d/ftp stop
 +
iptables block
 +
 +
* Biasakan pakai SCP
 +
 +
scp
  
 
==Sharing Files==
 
==Sharing Files==
  
 
* Enable / Disable SMB
 
* Enable / Disable SMB
 +
 +
/etc/init.d/smbd stop
 +
iptables block
 +
 +
 +
==Password==
 +
 +
User Account dan Kebijakan Password Kuat
 +
 +
* Umur Password
 +
* Paksa Ubah Password
 +
* Pembatasan Penggunaan Password Lama
 +
* Kunci Account User setelah beberapa kali gagal Login
 +
* Verifikasi tidak ada Account dengan password kosong?
 +
* Pastikan tidak ada Account Non-Root yang mempunyai UID 0
 +
 +
Baca2 [[20 Linux Server Hardening Security Tips]]
  
 
==Memory==
 
==Memory==

Latest revision as of 04:41, 13 June 2017

Disable Services

  • Remote Desktop Disable
  • check active port
nmap -sT -O localhost
netstat -tulpn
netstat -ntlupa
  • check daemon, di Ubuntu, bisa menggunakan
apt-get install sysv-rc-conf
sysv-rc-conf --list | grep '3:on'
service serviceName stop
sysv-rc-conf serviceName off

Alternatif perintah yang menarik

sysv-rc-conf apache2 on
sysv-rc-conf --list apache2

Alternatif perintah lain

update-rc.d <service> defaults
update-rc.d <service> start 20 3 4 5
update-rc.d -f <service> remove

Files Security

  • File Permission
chmod
  • File Owner
chown
  • File Encryption


  • Harddisk Partition
df -h   make sure separate partition
  • Find World Writeable files
find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
  • Find Noowner files
find / -xdev \( -nouser -o -nogroup \) -print

File Transfer

  • Disable FTP
/etc/init.d/ftp stop
iptables block
  • Biasakan pakai SCP
scp

Sharing Files

  • Enable / Disable SMB
/etc/init.d/smbd stop
iptables block


Password

User Account dan Kebijakan Password Kuat

  • Umur Password
  • Paksa Ubah Password
  • Pembatasan Penggunaan Password Lama
  • Kunci Account User setelah beberapa kali gagal Login
  • Verifikasi tidak ada Account dengan password kosong?
  • Pastikan tidak ada Account Non-Root yang mempunyai UID 0

Baca2 20 Linux Server Hardening Security Tips

Memory