Security: Basic OS Security

From OnnoWiki
Jump to navigation Jump to search

Disable Services

  • Remote Desktop Disable
  • check active port
nmap -sT -O localhost
netstat -tulpn
netstat -ntlupa
  • check daemon, di Ubuntu, bisa menggunakan
apt-get install sysv-rc-conf
sysv-rc-conf --list | grep '3:on'
service serviceName stop
sysv-rc-conf serviceName off

Alternatif perintah yang menarik

sysv-rc-conf apache2 on
sysv-rc-conf --list apache2

Alternatif perintah lain

update-rc.d <service> defaults
update-rc.d <service> start 20 3 4 5
update-rc.d -f <service> remove

Files Security

  • File Permission
chmod
  • File Owner
chown
  • File Encryption


  • Harddisk Partition
df -h   make sure separate partition
  • Find World Writeable files
find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
  • Find Noowner files
find / -xdev \( -nouser -o -nogroup \) -print

File Transfer

  • Disable FTP
/etc/init.d/ftp stop
iptables block
  • Biasakan pakai SCP
scp

Sharing Files

  • Enable / Disable SMB
/etc/init.d/smbd stop
iptables block


Password

User Account dan Kebijakan Password Kuat

  • Umur Password
  • Paksa Ubah Password
  • Pembatasan Penggunaan Password Lama
  • Kunci Account User setelah beberapa kali gagal Login
  • Verifikasi tidak ada Account dengan password kosong?
  • Pastikan tidak ada Account Non-Root yang mempunyai UID 0

Memory