Difference between revisions of "Security: Basic OS Security"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 8: | Line 8: | ||
netstat -ntlupa | netstat -ntlupa | ||
| − | * check daemon | + | * check daemon, di Ubuntu, bisa menggunakan |
| + | |||
| + | apt-get install sysv-rc-conf | ||
| + | sysv-rc-conf --list | grep '3:on' | ||
| − | |||
service serviceName stop | service serviceName stop | ||
| − | + | sysv-rc-conf serviceName off | |
| + | |||
| + | Alternatif perintah yang menarik | ||
| + | |||
| + | sysv-rc-conf apache2 on | ||
| + | sysv-rc-conf --list apache2 | ||
| + | |||
| + | Alternatif perintah lain | ||
| + | |||
| + | update-rc.d <service> defaults | ||
| + | update-rc.d <service> start 20 3 4 5 | ||
| + | update-rc.d -f <service> remove | ||
==Files Security== | ==Files Security== | ||
| Line 56: | Line 69: | ||
/etc/init.d/smbd stop | /etc/init.d/smbd stop | ||
iptables block | iptables block | ||
| + | |||
| + | |||
| + | ==Password== | ||
| + | |||
| + | User Account dan Kebijakan Password Kuat | ||
| + | |||
| + | * Umur Password | ||
| + | * Paksa Ubah Password | ||
| + | * Pembatasan Penggunaan Password Lama | ||
| + | * Kunci Account User setelah beberapa kali gagal Login | ||
| + | * Verifikasi tidak ada Account dengan password kosong? | ||
| + | * Pastikan tidak ada Account Non-Root yang mempunyai UID 0 | ||
| + | |||
| + | Baca2 [[20 Linux Server Hardening Security Tips]] | ||
==Memory== | ==Memory== | ||
Latest revision as of 04:41, 13 June 2017
Disable Services
- Remote Desktop Disable
- check active port
nmap -sT -O localhost netstat -tulpn netstat -ntlupa
- check daemon, di Ubuntu, bisa menggunakan
apt-get install sysv-rc-conf sysv-rc-conf --list | grep '3:on'
service serviceName stop sysv-rc-conf serviceName off
Alternatif perintah yang menarik
sysv-rc-conf apache2 on sysv-rc-conf --list apache2
Alternatif perintah lain
update-rc.d <service> defaults update-rc.d <service> start 20 3 4 5 update-rc.d -f <service> remove
Files Security
- File Permission
chmod
- File Owner
chown
- File Encryption
- Harddisk Partition
df -h make sure separate partition
- Find World Writeable files
find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
- Find Noowner files
find / -xdev \( -nouser -o -nogroup \) -print
File Transfer
- Disable FTP
/etc/init.d/ftp stop iptables block
- Biasakan pakai SCP
scp
Sharing Files
- Enable / Disable SMB
/etc/init.d/smbd stop iptables block
Password
User Account dan Kebijakan Password Kuat
- Umur Password
- Paksa Ubah Password
- Pembatasan Penggunaan Password Lama
- Kunci Account User setelah beberapa kali gagal Login
- Verifikasi tidak ada Account dengan password kosong?
- Pastikan tidak ada Account Non-Root yang mempunyai UID 0
Baca2 20 Linux Server Hardening Security Tips