Scribd Logo
Upload

Welcome to Scribd!

  • 20 views

    Securing Server

    Uploaded by

    benoy30
    This document provides instructions for hardening a Linux server by: 1. Protecting the BIOS and GRUB with passwords. 2. Configuring SSH security such as using protocol 2, restricting users, and locking out users after failed login attempts. 3. Disabling unnecessary services, reboot options, and the firewall. 4. Enforcing password policies for length, complexity, expiration and preventing reuse of old passwords.

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Securing Server

    Uploaded by

    benoy30
    20 views2 pages
    This document provides instructions for hardening a Linux server by: 1. Protecting the BIOS and GRUB with passwords. 2. Configuring SSH security such as using protocol 2, restricting users, and locking out users after failed login attempts. 3. Disabling unnecessary services, reboot options, and the firewall. 4. Enforcing password policies for length, complexity, expiration and preventing reuse of old passwords.

    Original Description:

    Server

    Copyright

    © © All Rights Reserved

    Available Formats

    ODT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for hardening a Linux server by: 1. Protecting the BIOS and GRUB with passwords. 2. Configuring SSH security such as using protocol 2, restricting users, and locking out users after failed login attempts. 3. Disabling unnecessary services, reboot options, and the firewall. 4. Enforcing password policies for length, complexity, expiration and preventing reuse of old passwords.

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as odt, pdf, or txt
    20 views2 pages

    Securing Server

    Uploaded by

    benoy30
    This document provides instructions for hardening a Linux server by: 1. Protecting the BIOS and GRUB with passwords. 2. Configuring SSH security such as using protocol 2, restricting users, and locking out users after failed login attempts. 3. Disabling unnecessary services, reboot options, and the firewall. 4. Enforcing password policies for length, complexity, expiration and preventing reuse of old passwords.

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as odt, pdf, or txt
    of 2

    2.

    Server Hardening
    1. Protect the BIOS with PW
    During the boot process you can set the PW by entering in the BIOS.
    2. Protect GRUB with PW
    # i boot!grub!grub.con"
    passw#$grubpassw#
    %. Disab&e root &ogin' Per(it)(ptyPasswor#s no
    *. +&&ow speci"ic user to &ogin' +&&owUsers a&e,
    -. .hange ss port to /222' port $ /222 0#on1t "orget to open this port2
    3. User ssh protoco& 2' Protoco& 2
    4. Gie a#(in user a#(in per(ission
    isu#o
    5whee& +66$0+662 +66
    whee&','17'a&e,
    8. Disab&e unuse# serices to start at boot
    # ntsys
    /. Disab&e reboot by .tr&9+&t9De&
    # i !etc!init!contro&:a&t:#e&ete.con"
    #e,ec !sbin!shut#own :r now ;.ontro&:+&t:De&ete presse#;
    17. )nab&e "irewa&&
    # a"ter chec<out with this c(#' iptab&es :6
    11. Set S)6inu, to en"orcing
    # seten"orce 1
    # geten"orce
    )n"orcing
    11. .hec< "i&e syste( per(ission an# a#apt i" necessar. Stic<y bit shou&# be set on !t(p
    #rw,rw,rwt. % root root *7/3 =u& 2* 7%'%7 t(p
    #rw,r:,r:,. * root root *7/3 =u& 2% 2%'-8 ho(e
    #r:,r:,:::. % root root *7/3 =u& 2* 77'7% root
    12. Set we&co( an# preention (essage
    # cat > !etc!issue
    ?his serice is restricte# to authori@e# users on&y. +&& actiities on this syste( are &ogge#.
    Unauthori@e# access wi&& be "u&&y inestigate# an# reporte# to the appropriate &aw
    en"orce(ent agencies. .tr&9D to Auit
    1%. Disab&e &oca& &ogin e,cept the root account
    touch !etc!no&ogin
    1*. &oc< ssh users a"ter % "ai&e# &ogin atte(pts
    # echo ;auth reAuire# pa(Bta&&y2.so #eny$% onerr$"ai& un&oc<Bti(e$377; >>
    !etc!pa(.#!ssh#
    pa(Bta&&y2.so uses the "i&e !ar!&og!ta&&y&og as a counter "or the "ai&e# &ogisC i" you wish
    to chec< the counter you can use the co((an# pa(Bta&&y2
    DrootEnu<eF# pa(Bta&&y2
    1-. )n"orce passwor# po&icy
    Preent Reusing O&# Passwor#s
    su#o i !etc!pa(.#!syste(:auth
    passwor# su""icient pa(Buni,.so sha-12 sha#ow nu&&o< tryB"irstBpass useBauthto<
    remember=5
    Set Gini(u( Passwor# 6ength
    su#o i !etc!pa(.#!syste(:auth
    passwor# reAuisite pa(Bcrac<&ib.so retry$% #i"o<$% minlen=10
    Set Passwor# .o(p&e,ity
    su#o i !etc!pa(.#!syste(:auth
    passwor# reAuisite pa(Bcrac<&ib.so retry$% #i"o<$% (in&en$17 ucredit=-1 lcredit=-
    2 dcredit=-1 ocredit=-1
    Set Passwor# ),piration Perio#
    su#o i !etc!&ogin.#e"s
    It can a&so be #one by per user basis su#o chage :& ,(o#u&o

    You might also like