Difference between revisions of "Security: Basic OS Security"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (Created page with "==Disable Services== * Remote Desktop Disable * check active port * check daemon ==Files Security== * File Permission * File Owner * File Encryption * Harddisk Partition *...") |
Onnowpurbo (talk | contribs) |
||
(8 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
* Remote Desktop Disable | * Remote Desktop Disable | ||
* check active port | * check active port | ||
− | * check daemon | + | |
+ | nmap -sT -O localhost | ||
+ | netstat -tulpn | ||
+ | netstat -ntlupa | ||
+ | |||
+ | * check daemon, di Ubuntu, bisa menggunakan | ||
+ | |||
+ | apt-get install sysv-rc-conf | ||
+ | sysv-rc-conf --list | grep '3:on' | ||
+ | |||
+ | service serviceName stop | ||
+ | sysv-rc-conf serviceName off | ||
+ | |||
+ | Alternatif perintah yang menarik | ||
+ | |||
+ | sysv-rc-conf apache2 on | ||
+ | sysv-rc-conf --list apache2 | ||
+ | |||
+ | Alternatif perintah lain | ||
+ | |||
+ | update-rc.d <service> defaults | ||
+ | update-rc.d <service> start 20 3 4 5 | ||
+ | update-rc.d -f <service> remove | ||
==Files Security== | ==Files Security== | ||
* File Permission | * File Permission | ||
+ | |||
+ | [[chmod]] | ||
+ | |||
* File Owner | * File Owner | ||
+ | |||
+ | [[chown]] | ||
+ | |||
* File Encryption | * File Encryption | ||
+ | |||
+ | |||
* Harddisk Partition | * Harddisk Partition | ||
+ | |||
+ | df -h make sure separate partition | ||
+ | |||
* Find World Writeable files | * Find World Writeable files | ||
+ | |||
+ | find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print | ||
+ | |||
* Find Noowner files | * Find Noowner files | ||
+ | |||
+ | find / -xdev \( -nouser -o -nogroup \) -print | ||
==File Transfer== | ==File Transfer== | ||
* Disable FTP | * Disable FTP | ||
+ | |||
+ | /etc/init.d/ftp stop | ||
+ | iptables block | ||
+ | |||
+ | * Biasakan pakai SCP | ||
+ | |||
+ | scp | ||
==Sharing Files== | ==Sharing Files== | ||
* Enable / Disable SMB | * Enable / Disable SMB | ||
+ | |||
+ | /etc/init.d/smbd stop | ||
+ | iptables block | ||
+ | |||
+ | |||
+ | ==Password== | ||
+ | |||
+ | User Account dan Kebijakan Password Kuat | ||
+ | |||
+ | * Umur Password | ||
+ | * Paksa Ubah Password | ||
+ | * Pembatasan Penggunaan Password Lama | ||
+ | * Kunci Account User setelah beberapa kali gagal Login | ||
+ | * Verifikasi tidak ada Account dengan password kosong? | ||
+ | * Pastikan tidak ada Account Non-Root yang mempunyai UID 0 | ||
+ | |||
+ | Baca2 [[20 Linux Server Hardening Security Tips]] | ||
==Memory== | ==Memory== |
Latest revision as of 04:41, 13 June 2017
Disable Services
- Remote Desktop Disable
- check active port
nmap -sT -O localhost netstat -tulpn netstat -ntlupa
- check daemon, di Ubuntu, bisa menggunakan
apt-get install sysv-rc-conf sysv-rc-conf --list | grep '3:on'
service serviceName stop sysv-rc-conf serviceName off
Alternatif perintah yang menarik
sysv-rc-conf apache2 on sysv-rc-conf --list apache2
Alternatif perintah lain
update-rc.d <service> defaults update-rc.d <service> start 20 3 4 5 update-rc.d -f <service> remove
Files Security
- File Permission
chmod
- File Owner
chown
- File Encryption
- Harddisk Partition
df -h make sure separate partition
- Find World Writeable files
find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
- Find Noowner files
find / -xdev \( -nouser -o -nogroup \) -print
File Transfer
- Disable FTP
/etc/init.d/ftp stop iptables block
- Biasakan pakai SCP
scp
Sharing Files
- Enable / Disable SMB
/etc/init.d/smbd stop iptables block
Password
User Account dan Kebijakan Password Kuat
- Umur Password
- Paksa Ubah Password
- Pembatasan Penggunaan Password Lama
- Kunci Account User setelah beberapa kali gagal Login
- Verifikasi tidak ada Account dengan password kosong?
- Pastikan tidak ada Account Non-Root yang mempunyai UID 0
Baca2 20 Linux Server Hardening Security Tips