My IT Blog

#17: Logging and Auditing You need to configure logging and auditing to collect all hacking and cracking attempts. By default syslog stores data in /var/log/ directory. This is also useful to find out software misconfiguration which may open your system to various attacks. See the following logging related articles: Linux log file locations . How to send logs to a remote loghost . How do I rotate log files? . man pages syslogd, syslog.conf and logrotate. #17.1: Monitor Suspicious Log Messages With Logwatch / Logcheck Read your logs using  logwatch  or  logcheck . These tools make your log reading life easier. You get detailed reporting on  unusual items  in syslog via email. A sample syslog report: ################### Logwatch 7.3 (03/24/06) #################### Processing Initiated: Fri Oct 30 04:02:03 2009 Date Range Processed: yesterday ( 2009-Oct-29 ) Period is day. Detail Level of Output: 0

#11: Configure Iptables and TCPWrappers Iptables  is a user space application program that allows you to configure the firewall (Netfilter) provided by the Linux kernel. Use  firewall  to filter  out traffic and allow only  necessary traffic. Also use the  TCPWrappers a host-based  networking ACL system to filter network access to Internet. You can prevent many denial of service attacks with the help of Iptables: Lighttpd Traffic Shaping: Throttle Connections Per Single IP (Rate Limit) . How to: Linux Iptables block common attack . psad: Linux Detect And Block Port Scan Attacks In Real Time . #12: Linux Kernel /etc/sysctl.conf Hardening /etc/sysctl.conf file is used to  configure kernel parameters  at runtime. Linux reads and applies settings from /etc/sysctl.conf at boot time. Sample  /etc/sysctl.conf : # Turn on execshield kernel.exec-shield=1 kernel.randomize_va_space=1 # Enable IP spoofing protection net.ipv4.conf.all.rp_filter=1 # Disable IP source routing net.ipv4.conf.all.ac

#6: User Accounts and Strong Password Policy Use the useradd / usermod commands to create and maintain user accounts. Make sure you have a good and strong password policy. For example, a good password includes at least 8 characters long and mixture of alphabets, number, special character, upper & lower alphabets etc. Most important pick a password you can remember. Use tools such as " John the ripper " to find out weak users passwords on your server. Configure  pam_cracklib.so to  enforce the password policy. #6.1: Password Aging The  chage command  changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password. The  /etc/login.defs file  defines the site-specific configuration for the shadow password suite including password aging configuration. To disable password aging, enter: chage -M 99999 userName To get password expiration information, ente

Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system. #1: Encrypt Data Communication All data transmitted over a network is open to monitoring. Encrypt transmitted data whenever possible with password or using keys / certificates. Use  scp, ssh , rsync, or sftp for file transfer. You can also mount  remote server file system  or your own home directory using special sshfs and fuse tools. GnuPG  allows to encrypt and sign your data and communication, features a versatile key managment system as well as access modules for all kind of public key directories. Fugu  is a graphical frontend to the commandline Secure File Transfer application (SFTP). SFTP is similar to FTP, but unlike FTP, the entire session is encrypted,