Security: Basic OS Security (en)

From OnnoWiki
Revision as of 04:53, 4 January 2025 by Onnowpurbo (talk | contribs) (Created page with "==Disable Services== * Disable Remote Desktop * Check active port ``` nmap -sT -O localhost netstat -tulpn netstat -ntlupa ``` * Check daemon, in Ubuntu, you can use...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Disable Services

  • Disable Remote Desktop
  • Check active port
```
nmap -sT -O localhost
netstat -tulpn
netstat -ntlupa
```
  • Check daemon, in Ubuntu, you can use
```
apt-get install sysv-rc-conf
sysv-rc-conf --list | grep '3:on'

service serviceName stop
sysv-rc-conf serviceName off
```

Alternative command that is interesting 

```
sysv-rc-conf apache2 on
sysv-rc-conf --list apache2
```

Another alternative command 

```
update-rc.d <service> defaults
update-rc.d <service> start 20 3 4 5 
update-rc.d -f <service> remove
```

Files Security

  • File Permission
chmod
  • File Owner
chown
  • File Encryption


  • Hard Disk Partition
```
df -h   make sure separate partition
```
  • Find World Writeable files
```
find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
```
  • Find No owner files
```
find / -xdev \( -nouser -o -nogroup \) -print
```

File Transfer

  • Disable FTP
```
/etc/init.d/ftp stop
iptables block
```
  • Usually use SCP
```
scp
```

Sharing Files

  • Enable / Disable SMB
```
/etc/init.d/smbd stop
iptables block
```


Password

User Account and Strong Password Policy

  • Password Age
  • Force Password Change
  • Restriction on Using Old Passwords
  • Lock User Account after several failed Login attempts
  • Verify there are no accounts with an empty password?
  • Ensure there are no Non-Root Accounts that have UID 0

Read 20 Linux Server Hardening Security Tips

Memory

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Security:_Basic_OS_Security_(en)&oldid=71362"