Difference between revisions of "Security: Basic OS Security (en)"

Disable Services

• Disable Remote Desktop
• Check active port

```
nmap -sT -O localhost
netstat -tulpn
netstat -ntlupa
```

• Check daemon, in Ubuntu, you can use

```
apt-get install sysv-rc-conf
sysv-rc-conf --list | grep '3:on'

service serviceName stop
sysv-rc-conf serviceName off
```

Alternative command that is interesting

```
sysv-rc-conf apache2 on
sysv-rc-conf --list apache2
```

Another alternative command

```
update-rc.d <service> defaults
update-rc.d <service> start 20 3 4 5 
update-rc.d -f <service> remove
```

Files Security

• File Permission

chmod

• File Owner

chown

• File Encryption

• Hard Disk Partition

```
df -h   make sure separate partition
```

• Find World Writeable files

```
find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
```

• Find No owner files

```
find / -xdev \( -nouser -o -nogroup \) -print
```

File Transfer

• Disable FTP

```
/etc/init.d/ftp stop
iptables block
```

• Usually use SCP

```
scp
```

Sharing Files

• Enable / Disable SMB

```
/etc/init.d/smbd stop
iptables block
```

Password

User Account and Strong Password Policy

• Password Age
• Force Password Change
• Restriction on Using Old Passwords
• Lock User Account after several failed Login attempts
• Verify there are no accounts with an empty password?
• Ensure there are no Non-Root Accounts that have UID 0

Read 20 Linux Server Hardening Security Tips (en)

Memory