Security: Basic OS Security (en)
Revision as of 04:53, 4 January 2025 by Onnowpurbo (talk | contribs) (Created page with "==Disable Services== * Disable Remote Desktop * Check active port ``` nmap -sT -O localhost netstat -tulpn netstat -ntlupa ``` * Check daemon, in Ubuntu, you can use...")
Disable Services
- Disable Remote Desktop
- Check active port
``` nmap -sT -O localhost netstat -tulpn netstat -ntlupa ```
- Check daemon, in Ubuntu, you can use
``` apt-get install sysv-rc-conf sysv-rc-conf --list | grep '3:on'
service serviceName stop sysv-rc-conf serviceName off ```
Alternative command that is interesting
``` sysv-rc-conf apache2 on sysv-rc-conf --list apache2 ```
Another alternative command
``` update-rc.d <service> defaults update-rc.d <service> start 20 3 4 5 update-rc.d -f <service> remove ```
Files Security
- File Permission
chmod
- File Owner
chown
- File Encryption
- Hard Disk Partition
``` df -h make sure separate partition ```
- Find World Writeable files
``` find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print ```
- Find No owner files
``` find / -xdev \( -nouser -o -nogroup \) -print ```
File Transfer
- Disable FTP
``` /etc/init.d/ftp stop iptables block ```
- Usually use SCP
``` scp ```
Sharing Files
- Enable / Disable SMB
``` /etc/init.d/smbd stop iptables block ```
Password
User Account and Strong Password Policy
- Password Age
- Force Password Change
- Restriction on Using Old Passwords
- Lock User Account after several failed Login attempts
- Verify there are no accounts with an empty password?
- Ensure there are no Non-Root Accounts that have UID 0
Read 20 Linux Server Hardening Security Tips