SECURITY: Basic OS Security (en)

From OnnoWiki
Revision as of 11:56, 6 January 2025 by Onnowpurbo (talk | contribs) (Created page with "==Disable Services== * Disable Remote Desktop * Check active ports nmap -sT -O localhost netstat -tulpn netstat -ntlupa * Check daemons, in Ubuntu, you can use: ap...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Disable Services

  • Disable Remote Desktop
  • Check active ports
 nmap -sT -O localhost
 netstat -tulpn
 netstat -ntlupa
  • Check daemons, in Ubuntu, you can use:
 apt-get install sysv-rc-conf
 sysv-rc-conf --list | grep '3:on'

 service serviceName stop
 sysv-rc-conf serviceName off

Alternative interesting commands: 

 sysv-rc-conf apache2 on
 sysv-rc-conf --list apache2

Other alternative commands: 

 update-rc.d <service> defaults
 update-rc.d <service> start 20 3 4 5
 update-rc.d -f <service> remove

Files Security

  • File Permission
 chmod
  • File Owner
 chown
  • File Encryption


  • Hard Disk Partition
 df -h   ensure separate partition
  • Find World Writable files
 find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
  • Find No owner files
 find / -xdev \( -nouser -o -nogroup \) -print

File Transfer

  • Disable FTP
 /etc/init.d/ftp stop
 iptables block
  • Habitually use SCP
 scp

Sharing Files

  • Enable / Disable SMB
 /etc/init.d/smbd stop
 iptables block

Password

User Account and Strong Password Policy

  • Password Age
  • Force Password Change
  • Restrictions on Using Old Passwords
  • Lock User Accounts after Several Failed Logins
  • Verify No Accounts with Empty Passwords?
  • Ensure No Non-Root Accounts Have UID 0

Read 20 Linux Server Hardening Security Tips

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=SECURITY:_Basic_OS_Security_(en)&oldid=71768"