Difference between revisions of "Security: Basic OS Security"

Disable Services

• Remote Desktop Disable
• check active port

nmap -sT -O localhost
netstat -tulpn
netstat -ntlupa

• check daemon, di Ubuntu, bisa menggunakan

apt-get install sysv-rc-conf
sysv-rc-conf --list | grep '3:on'

service serviceName stop
sysv-rc-conf serviceName off

Alternatif perintah yang menarik

sysv-rc-conf apache2 on
sysv-rc-conf --list apache2

Alternatif perintah lain

update-rc.d <service> defaults
update-rc.d <service> start 20 3 4 5
update-rc.d -f <service> remove

Files Security

• File Permission

chmod

• File Owner

chown

• File Encryption

• Harddisk Partition

df -h   make sure separate partition

• Find World Writeable files

find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print

• Find Noowner files

find / -xdev \( -nouser -o -nogroup \) -print

File Transfer

• Disable FTP

/etc/init.d/ftp stop
iptables block

• Biasakan pakai SCP

scp

Sharing Files

• Enable / Disable SMB

/etc/init.d/smbd stop
iptables block

Password

User Account dan Kebijakan Password Kuat

• Umur Password
• Paksa Ubah Password
• Pembatasan Penggunaan Password Lama
• Kunci Account User setelah beberapa kali gagal Login
• Verifikasi tidak ada Account dengan password kosong?
• Pastikan tidak ada Account Non-Root yang mempunyai UID 0

Baca2 20 Linux Server Hardening Security Tips

Memory