Security: Basic OS Security
Disable Services
- Remote Desktop Disable
- check active port
nmap -sT -O localhost netstat -tulpn netstat -ntlupa
- check daemon, di Ubuntu, bisa menggunakan
apt-get install sysv-rc-conf sysv-rc-conf --list | grep '3:on'
service serviceName stop sysv-rc-conf serviceName off
Alternatif perintah yang menarik
sysv-rc-conf apache2 on sysv-rc-conf --list apache2
Alternatif perintah lain
update-rc.d <service> defaults update-rc.d <service> start 20 3 4 5 update-rc.d -f <service> remove
Files Security
- File Permission
chmod
- File Owner
chown
- File Encryption
- Harddisk Partition
df -h make sure separate partition
- Find World Writeable files
find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
- Find Noowner files
find / -xdev \( -nouser -o -nogroup \) -print
File Transfer
- Disable FTP
/etc/init.d/ftp stop iptables block
- Biasakan pakai SCP
scp
Sharing Files
- Enable / Disable SMB
/etc/init.d/smbd stop iptables block
Password
User Account dan Kebijakan Password Kuat
- Umur Password
- Paksa Ubah Password
- Pembatasan Penggunaan Password Lama
- Kunci Account User setelah beberapa kali gagal Login
- Verifikasi tidak ada Account dengan password kosong?
- Pastikan tidak ada Account Non-Root yang mempunyai UID 0
Baca2 20 Linux Server Hardening Security Tips