Scribd
Upload
5 views

Security-Checklist-Linux

Uploaded by

floxinator0603
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
5 views

Security-Checklist-Linux

Uploaded by

floxinator0603
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Basic Security Checklist – Ubuntu Linux Focus

 Remember to run multiple tasks at once – except for installation of software!


 Antivirus (clamav)
o Update database – sudo apt-get update
o Install ClamAV – sudo apt-get install clamav
o Update virus database – sudo freshclam
o Check entire system for viruses – sudo clamscan –i –r --remove=yes /
 Run this in a separate terminal as it will take a while
 Users
o Change passwords - sudo passwd <USER>
o Enable account – sudo passwd –u <USER>
o Disable accounts – sudo passwd –l <USER>
 Always disable root account after changing password
o Change administrator privileges (sudo)
 sudo visudo
o Add a user – sudo adduser <USER>
o Delete a user – sudo deluser --remove-home <USER>
o Checking groups – sudo cat /etc/group
o Where are passwords stored - /etc/passwd and /etc/shadow
 Firewall (ufw – disabled by default)
o Enable firewall – sudo ufw enable
o Disable firewall – sudo ufw disable
o Status – sudo ufw status
 Add verbose for more information (sudo ufw status verbose)
o Allow protocol through – sudo ufw allow <PORT>
 Can use name as well as number (ssh, ftp, telnet)
o Deny a protocol – sudo ufw deny <PORT>
o Look at applications available for rules – sudo ufw app list
o Activate TCP SYN Cookie Protection (protects from some DOS attacks)
 sudo nano /etc/sysctl.conf
 change net.ipv4.tcp_syncookies entry from 0 to 1
 Removing applications
o List installed applications – sudo dpkg --get –selections
o Look for particular application - sudo dpkg --get –selections | grep <APP>
 Common ones to look for: telnet; ftp; vnc; nfs, apache
o Remove an application – sudo apt-get purge <APP>
 Pay attention to daemon programs (ends in d)
 Sometimes you have to remove more than one entry
o Finding where a process is running from (replace pid with process number)
 sudo ls -l /proc/<pid>/exe

Linux Checklist Page 1


Update the system
o Automatically check for updates
o sudo nano /etc/apt/apt.conf.d/10periodic
 Change to 1 – APT::Periodic::Update-Package-Lists
o sudo apt-get dist-upgrade (typically requires a reboot)
o Keep current version of configuration files unless scenario dictates otherwise if asked
 Find processes that are listening (sudo netstat –tulnp)
o Use process identification number (PID)
o Look for common programs (apache, ftp, telnet, nc)
o Remove process – sudo kill <PID>
 Programs that start automatically (rc.local)
o Edit the file – sudo nano /etc/init.d/rc.local
o Another location – sudo crontab -e
o Look in /etc/cron.d
o You can also look to see what is automatically starting
 Install chkconfig application (sudo apt-get install chkconfig)
 sudo chkconfig --list | grep ‘3:on’
 Password settings (login.defs)
o Edit the file – sudo nano /etc/login.defs
 Key areas – PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_WARN_AGE
o Using libpam-cracklib
 sudo apt-get install libpam-cracklib
 sudo nano /etc/pam.d/common-password
 Add at end of pam_unix.so line
o remember=5
 Add at end of pam_cracklib.so line
o ucredit=1 lcredit=1 dcredit=1 ocredit=1
 Do not allow root account to login in using SSH! (sshd_config)
o Edit the file – sudo nano /etc/ssh/sshd_config
 Look for PermitRootLogin and set to no
 Do not allow automatic login
o sudo nano /etc/lightdm/lightdm.conf
 Remove line with autologin-user
 Add the following line to disable guest account: allow_guest=false
 Services
o List all services – sudo service --status-all
o Remove service – sudo apt-get --purge <SERVICENAME>
 Finding Files – locate command
o First update index – sudo updatedb
o Search for a file name – locate <STRING>
 Example: locate *.ogg

Linux Checklist Page 2

You might also like