SlideShare une entreprise Scribd logo

How to secure ubuntu 12.04

John Richard
John Richard
Technologie
1  sur  11
Télécharger pour lire hors ligne
How to secure an Ubuntu 12.04 LTS server - Part 1 The Basics This guide is based on various community forum posts and webpages. Special thanks to all. All comments and improvements are very welcome as this is purely a personal experimental project at this point and must be considered a work in progress. This guide is intended as a relatively easy step by step guide to: Harden the security on an Ubuntu 12.04 LTS server by installing and configuring the following: 1. Install and configure Firewall - ufw 2. Secure shared memory - fstab 3. SSH - Disable root login and change port 4. Protect su by limiting access only to admin group 5. Harden network with sysctl settings 6. Disable Open DNS Recursion and Remove Version Info - Bind9 DNS 7. Prevent IP Spoofing 8. Harden PHP for security 9. Restrict Apache Information Leakage 10.Install and configure Apache application firewall - ModSecurity 11.Protect from DDOS (Denial of Service) attacks with ModEvasive 12.Scan logs and ban suspicious hosts - DenyHosts and Fail2Ban 13.Intrusion Detection - PSAD 14.Check for RootKits - RKHunter and CHKRootKit 15.Scan open Ports - Nmap 16.Analyse system LOG files - LogWatch 17.SELinux - Apparmor 18.Audit your system security - Tiger If you are looking for a GUI script to install and configure all the steps explained here automatically, visit How to secure an Ubuntu 12.04 LTS server - Part 2 The GUI Installer script Requirements: • Ubuntu 12.04 LTS server with a standard LAMP stack installed.
1. Firewall - UFW • A good place to start is to install a Firewall. • UFW - Uncomplicated Firewall is a basic firewall that works very well and easy to configure with its Firewall configuration tool - gufw, or use Shorewall, fwbuilder, or Firestarter. • Use Firestarter GUI to configure your firewall or refer to the Ubuntu Server Guide, UFW manual pages or the Ubuntu UFW community documentation. • Install UFW and enable, open a terminal window and enter : sudo apt-get install ufw sudo ufw enable • Check the status of the firewall. sudo ufw status verbose • Allow SSH and Http services. sudo ufw allow ssh sudo ufw allow http 2. Secure shared memory. • /dev/shm can be used in an attack against a running service, such as httpd. Modify /etc/fstab to make it more secure. • Open a Terminal Window and enter the following : sudo vi /etc/fstab • Add the following line and save. You will need to reboot for this setting to take effect : tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0 3. SSH Hardening - disable root login and change port. • The easiest way to secure SSH is to disable root login and change the SSH port to something different than the standard port 22. • Before disabling the root login create a new SSH user and make sure the user belongs to the admin group (see step 4. below regarding the admin group). • If you change the SSH port also open the new port you have chosen on the firewall and close port 22. • Open a Terminal Window and enter : sudo vi /etc/ssh/sshd_config
• Change or add the following and save. Port <ENTER YOUR PORT> Protocol 2 PermitRootLogin no DebianBanner no • Restart SSH server, open a Terminal Window and enter : sudo /etc/init.d/ssh restart 4. Protect su by limiting access only to admin group. • To limit the use of su by admin users only we need to create an admin group, then add users and limit the use of su to the admin group. • Add a admin group to the system and add your own admin username to the group by replacing <YOUR ADMIN USERNAME> below with your admin username. • Open a terminal window and enter: sudo groupadd admin sudo usermod -a -G admin <YOUR ADMIN USERNAME> sudo dpkg-statoverride --update --add root admin 4750 /bin/su 5. Harden network with sysctl settings. • The /etc/sysctl.conf file contain all the sysctl settings. • Prevent source routing of incoming packets and log malformed IP's enter the following in a terminal window: sudo vi /etc/sysctl.conf • Edit the /etc/sysctl.conf file and un-comment or add the following lines : # IP Spoofing protection net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1
# Ignore ICMP broadcast requests net.ipv4.icmp_echo_ignore_broadcasts = 1 # Disable source packet routing net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv6.conf.default.accept_source_route = 0 # Ignore send redirects net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 # Block SYN attacks net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 2048 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 5 # Log Martians net.ipv4.conf.all.log_martians = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1
# Ignore ICMP redirects net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv6.conf.default.accept_redirects = 0 # Ignore Directed pings net.ipv4.icmp_echo_ignore_all = 1 • To reload sysctl with the latest changes, enter: sudo sysctl -p 6. Disable Open DNS Recursion and Remove Version Info - BIND DNS Server. • Open a Terminal and enter the following : sudo vi /etc/bind/named.conf.options • Add the following to the Options section : recursion no; version "Not Disclosed"; • Restart BIND DNS server. Open a Terminal and enter the following : sudo /etc/init.d/bind9 restart 7. Prevent IP Spoofing. • Open a Terminal and enter the following : sudo vi /etc/host.conf • Add or edit the following lines :
order bind,hosts nospoof on 8. Harden PHP for security. • Edit the php.ini file : sudo vi /etc/php5/apache2/php.ini • Add or edit the following lines an save : disable_functions = exec,system,shell_exec,passthru register_globals = Off expose_php = Off display_errors = Off track_errors = Off html_errors = Off magic_quotes_gpc = Off • Restart Apache server. Open a Terminal and enter the following : sudo /etc/init.d/apache2 restart 9. Restrict Apache Information Leakage. • Edit the Apache2 configuration security file : sudo vi /etc/apache2/conf.d/security • Add or edit the following lines and save : ServerTokens Prod ServerSignature Off TraceEnable Off Header unset ETag
FileETag None • Restart Apache server. Open a Terminal and enter the following : sudo /etc/init.d/apache2 restart 10. Web Application Firewall - ModSecurity. • See : How to install apache2 mod_security and mod_evasive on Ubuntu 12.04 LTS server 11. Protect from DDOS (Denial of Service) attacks - ModEvasive • See : How to install apache2 mod_security and mod_evasive on Ubuntu 12.04 LTS server 12. Scan logs and ban suspicious hosts - DenyHosts and Fail2Ban. • DenyHosts is a python program that automatically blocks SSH attacks by adding entries to /etc/hosts.deny. DenyHosts will also inform Linux administrators about offending hosts, attacked users and suspicious logins. • Open a Terminal and enter the following : sudo apt-get install denyhosts • After installation edit the configuration file /etc/denyhosts.conf and change the email, and other settings as required. • To edit the admin email settings open a terminal window and enter: sudo vi /etc/denyhosts.conf • Change the following values as required on your server : ADMIN_EMAIL = root@localhost SMTP_HOST = localhost SMTP_PORT = 25 #SMTP_USERNAME=foo #SMTP_PASSWORD=bar SMTP_FROM = DenyHosts nobody@localhost #SYSLOG_REPORT=YES
• Fail2ban is more advanced than DenyHosts as it extends the log monitoring to other services including SSH, Apache, Courier, FTP, and more. • Fail2ban scans log files and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. • Generally Fail2Ban then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action could also be configured. • Out of the box Fail2Ban comes with filters for various services (apache, courier, ftp, ssh, etc). • Open a Terminal and enter the following : sudo apt-get install fail2ban • After installation edit the configuration file /etc/fail2ban/jail.local and create the filter rules as required. • To edit the settings open a terminal window and enter: sudo vi /etc/fail2ban/jail.conf • Activate all the services you would like fail2ban to monitor by changing enabled = false to enabled = true • For example if you would like to enable the SSH monitoring and banning jail, find the line below and change enabled from false to true. Thats it. [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 • If you have selected a non-standard SSH port in step 3 then you need to change the port setting in fail2ban from ssh which by default is port 22, to your new port number, for example if you have chosen 1234 then port = 1234 [ssh] enabled = true port = <ENTER YOUR SSH PORT NUMBER HERE>
filter = sshd logpath = /var/log/auth.log maxretry = 3 • If you would like to receive emails from Fail2Ban if hosts are banned change the following line to your email address. destemail = root@localhost • and change the following line from : action = %(action_)s • to: action = %(action_mwl)s • You can also create rule filters for the various services that you would like fail2ban to monitor that is not supplied by default. sudo vi /etc/fail2ban/jail.local • Good instructions on how to configure fail2ban and create the various filters can be found on HowtoForge - click here for an example • When done with the configuration of Fail2Ban restart the service with : sudo /etc/init.d/fail2ban restart • You can also check the status with. sudo fail2ban-client status 13. Intrusion Detection - PSAD. • Cipherdyne PSAD is a collection of three lightweight system daemons that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. • Currently version 2.1 causes errors during install on Ubuntu 12.04, but apparently does work. Version 2.2 resolves these issues but is not yet available on the Ubuntu software repositories. It is recommended to manually compile and install version 2.2 from the source files available on the Ciperdyne website. • To install the latest version from the source files follow these instruction : How to install PSAD Intrusion Detection on Ubuntu 12.04 LTS server • OR install the older version from the Ubuntu software repositories, open a Terminal and enter the following : sudo apt-get install psad
• Then for basic configuration see How to install PSAD Intrusion Detection on Ubuntu 12.04 LTS server and follow from step 2: 14. Check for rootkits - RKHunter and CHKRootKit. • Both RKHunter and CHKRootkit basically do the same thing - check your system for rootkits. No harm in using both. • Open a Terminal and enter the following : sudo apt-get install rkhunter chkrootkit • To run chkrootkit open a terminal window and enter : sudo chkrootkit • To update and run RKHunter. Open a Terminal and enter the following : sudo rkhunter --update sudo rkhunter --propupd sudo rkhunter --check 15. Scan open ports - Nmap. • Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. • Open a Terminal and enter the following : sudo apt-get install nmap • Scan your system for open ports with : nmap -v -sT localhost • SYN scanning with the following : sudo nmap -v -sS localhost 16. Analyse system LOG files - LogWatch. • Logwatch is a customizable log analysis system. Logwatch parses through your system's logs and creates a report analyzing areas that you specify. Logwatch is easy to use and will work right out of the package on most systems. • Open a Terminal and enter the following : sudo apt-get install logwatch libdate-manip-perl
• To view logwatch output use less : sudo logwatch | less • To email a logwatch report for the past 7 days to an email address, enter the following and replace mail@domain.com with the required email. : sudo logwatch --mailto mail@domain.com --output mail --format html --range 'between -7 days and today' 17. SELinux - Apparmor. • National Security Agency (NSA) has taken Linux to the next level with the introduction of Security- Enhanced Linux (SELinux). SELinux takes the existing GNU/Linux operating system and extends it with kernel and user-space modifications to make it bullet-proof. • More information can be found here. Ubuntu Server Guide - Apparmor • It is installed by default since Ubuntu 7.04. • Open a Terminal and enter the following : sudo apt-get install apparmor apparmor-profiles • Check to see if things are running : sudo apparmor_status 18. Audit your system security - Tiger. • Tiger is a security tool that can be use both as a security audit and intrusion detection system. • Open a Terminal and enter the following : sudo apt-get install tiger • To run tiger enter : sudo tiger • All Tiger output can be found in the /var/log/tiger • To view the tiger security reports, open a Terminal and enter the following : sudo less /var/log/tiger/security.report.*

Recommandé

Nat mikrotik
Nat mikrotikNat mikrotik
Nat mikrotiklouisraj
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Recommended Software and Modifications for Server Security
Recommended Software and Modifications for Server SecurityRecommended Software and Modifications for Server Security
Recommended Software and Modifications for Server SecurityHTS Hosting
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleChanaka Lasantha
 
J Ruby On Rails Presentation
J Ruby On Rails PresentationJ Ruby On Rails Presentation
J Ruby On Rails Presentationrailsconf
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server HardeningMyOwn Telco
 
Snort296x centos6x 2
Snort296x centos6x 2Snort296x centos6x 2
Snort296x centos6x 2Trinh Tuan
 

Recommandé

Nat mikrotik
Nat mikrotikNat mikrotik
Nat mikrotiklouisraj
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Recommended Software and Modifications for Server Security
Recommended Software and Modifications for Server SecurityRecommended Software and Modifications for Server Security
Recommended Software and Modifications for Server SecurityHTS Hosting
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleChanaka Lasantha
 
J Ruby On Rails Presentation
J Ruby On Rails PresentationJ Ruby On Rails Presentation
J Ruby On Rails Presentationrailsconf
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server HardeningMyOwn Telco
 
Snort296x centos6x 2
Snort296x centos6x 2Snort296x centos6x 2
Snort296x centos6x 2Trinh Tuan
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhydn|u - The Open Security Community
 
Monit
MonitMonit
MonitAbhishek Singh
 
High performance content hosting
High performance content hosting High performance content hosting
High performance content hosting Aleksey Korzun
 
Sahara RDO part1
Sahara RDO part1Sahara RDO part1
Sahara RDO part1Asmaa Ibrahim
 
Secure your Cpanel in 9 advanced tips
Secure your Cpanel in 9 advanced tipsSecure your Cpanel in 9 advanced tips
Secure your Cpanel in 9 advanced tipsTera Mny
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_trainingvideos
 
How To Configure VNC Server on CentOS 7
How To Configure VNC Server on CentOS 7How To Configure VNC Server on CentOS 7
How To Configure VNC Server on CentOS 7VCP Muthukrishna
 
2 how to-build_document_management_system
2 how to-build_document_management_system2 how to-build_document_management_system
2 how to-build_document_management_systemKichiemon Adachi
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Nutan Kumar Panda
 
Squid proxy server
Squid proxy serverSquid proxy server
Squid proxy serverGreen Jb
 
Ftp configuration in rhel7
Ftp configuration in rhel7Ftp configuration in rhel7
Ftp configuration in rhel7Balamurugan M
 
RPM (Red Hat Package Manager)
RPM (Red Hat Package Manager)RPM (Red Hat Package Manager)
RPM (Red Hat Package Manager)skalaivanibutp
 
Squid
SquidSquid
SquidChirag Gupta
 
Proxy
ProxyProxy
Proxyleminhvuong
 
Squid server
Squid serverSquid server
Squid serverRohit Phulsunge
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server13bcs0012
 
OpenVPN
OpenVPNOpenVPN
OpenVPNfrancisdinha
 
Cara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcuCara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcuBayu Rosdiansyah
 
Linux Security Crash Course
Linux Security Crash CourseLinux Security Crash Course
Linux Security Crash CourseUTD Computer Security Group
 
How To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on UbuntuHow To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on UbuntuVCP Muthukrishna
 
Install and configure linux
Install and configure linuxInstall and configure linux
Install and configure linuxVicent Selfa
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 

Contenu connexe

Tendances

High performance content hosting
High performance content hosting High performance content hosting
High performance content hosting Aleksey Korzun
 
Secure your Cpanel in 9 advanced tips
Secure your Cpanel in 9 advanced tipsSecure your Cpanel in 9 advanced tips
Secure your Cpanel in 9 advanced tipsTera Mny
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_trainingvideos
 
How To Configure VNC Server on CentOS 7
How To Configure VNC Server on CentOS 7How To Configure VNC Server on CentOS 7
How To Configure VNC Server on CentOS 7VCP Muthukrishna
 
2 how to-build_document_management_system
2 how to-build_document_management_system2 how to-build_document_management_system
2 how to-build_document_management_systemKichiemon Adachi
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Nutan Kumar Panda
 
Squid proxy server
Squid proxy serverSquid proxy server
Squid proxy serverGreen Jb
 
Ftp configuration in rhel7
Ftp configuration in rhel7Ftp configuration in rhel7
Ftp configuration in rhel7Balamurugan M
 
RPM (Red Hat Package Manager)
RPM (Red Hat Package Manager)RPM (Red Hat Package Manager)
RPM (Red Hat Package Manager)skalaivanibutp
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server13bcs0012
 
Cara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcuCara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcuBayu Rosdiansyah
 
How To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on UbuntuHow To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on UbuntuVCP Muthukrishna
 

Tendances (20)

Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhyd
 
Monit
MonitMonit
Monit
 
High performance content hosting
High performance content hosting High performance content hosting
High performance content hosting
 
Sahara RDO part1
Sahara RDO part1Sahara RDO part1
Sahara RDO part1
 
Secure your Cpanel in 9 advanced tips
Secure your Cpanel in 9 advanced tipsSecure your Cpanel in 9 advanced tips
Secure your Cpanel in 9 advanced tips
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training
 
How To Configure VNC Server on CentOS 7
How To Configure VNC Server on CentOS 7How To Configure VNC Server on CentOS 7
How To Configure VNC Server on CentOS 7
 
2 how to-build_document_management_system
2 how to-build_document_management_system2 how to-build_document_management_system
2 how to-build_document_management_system
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6
 
Squid proxy server
Squid proxy serverSquid proxy server
Squid proxy server
 
Ftp configuration in rhel7
Ftp configuration in rhel7Ftp configuration in rhel7
Ftp configuration in rhel7
 
RPM (Red Hat Package Manager)
RPM (Red Hat Package Manager)RPM (Red Hat Package Manager)
RPM (Red Hat Package Manager)
 
Squid
SquidSquid
Squid
 
Proxy
ProxyProxy
Proxy
 
Squid server
Squid serverSquid server
Squid server
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server
 
OpenVPN
OpenVPNOpenVPN
OpenVPN
 
Cara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcuCara upgrade dan downgrade tcu
Cara upgrade dan downgrade tcu
 
Linux Security Crash Course
Linux Security Crash CourseLinux Security Crash Course
Linux Security Crash Course
 
How To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on UbuntuHow To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on Ubuntu
 

Similaire à How to secure ubuntu 12.04

Install and configure linux
Install and configure linuxInstall and configure linux
Install and configure linuxVicent Selfa
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 
Document Management: Opendocman and LAMP installation on Cent OS
Document Management: Opendocman and LAMP installation on Cent OSDocument Management: Opendocman and LAMP installation on Cent OS
Document Management: Opendocman and LAMP installation on Cent OSSiddharth Ram Dinesh
 
Installing odoo v8 from github
Installing odoo v8 from githubInstalling odoo v8 from github
Installing odoo v8 from githubAntony Gitomeh
 
Installation of Odoo 16 on Ubuntu 20.04 LTS | Cybrosys
Installation of Odoo 16 on Ubuntu 20.04 LTS | CybrosysInstallation of Odoo 16 on Ubuntu 20.04 LTS | Cybrosys
Installation of Odoo 16 on Ubuntu 20.04 LTS | CybrosysCeline George
 
Basic security &amp; info
Basic security &amp; infoBasic security &amp; info
Basic security &amp; infoTola LENG
 
How to install odoo 15 steps on a ubuntu 20.04 lts system installation
How to install odoo 15 steps on a ubuntu 20.04 lts system installation How to install odoo 15 steps on a ubuntu 20.04 lts system installation
How to install odoo 15 steps on a ubuntu 20.04 lts system installation Geminate Consultancy Services
 
Workshop Raspberry Pi NAS with Windows Share
Workshop Raspberry Pi NAS with Windows ShareWorkshop Raspberry Pi NAS with Windows Share
Workshop Raspberry Pi NAS with Windows ShareMichael Plate
 
Webinar Slides: New Tungsten Dashboard - Overview, Installation and Architecture
Webinar Slides: New Tungsten Dashboard - Overview, Installation and ArchitectureWebinar Slides: New Tungsten Dashboard - Overview, Installation and Architecture
Webinar Slides: New Tungsten Dashboard - Overview, Installation and ArchitectureContinuent
 
Training Slides: Basics 106: Tungsten Dashboard Overview, Installation and Ar...
Training Slides: Basics 106: Tungsten Dashboard Overview, Installation and Ar...Training Slides: Basics 106: Tungsten Dashboard Overview, Installation and Ar...
Training Slides: Basics 106: Tungsten Dashboard Overview, Installation and Ar...Continuent
 
Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetOmar Reygaert
 
Supercharging your PHP pages with mod_lsapi in CloudLinux OS
Supercharging your PHP pages with mod_lsapi in CloudLinux OSSupercharging your PHP pages with mod_lsapi in CloudLinux OS
Supercharging your PHP pages with mod_lsapi in CloudLinux OSCloudLinux
 
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...JohnWilson47710
 
Simple tips to improve Server Security
Simple tips to improve Server SecuritySimple tips to improve Server Security
Simple tips to improve Server SecurityResellerClub
 
Death matchtournament del2014
Death matchtournament del2014Death matchtournament del2014
Death matchtournament del2014Nabil Munawar
 
Hadoop single cluster installation
Hadoop single cluster installationHadoop single cluster installation
Hadoop single cluster installationMinh Tran
 
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platformDrupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platformHector Iribarne
 
Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guideCraig Cannon
 

Similaire à How to secure ubuntu 12.04 (20)

Install and configure linux
Install and configure linuxInstall and configure linux
Install and configure linux
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorial
 
Document Management: Opendocman and LAMP installation on Cent OS
Document Management: Opendocman and LAMP installation on Cent OSDocument Management: Opendocman and LAMP installation on Cent OS
Document Management: Opendocman and LAMP installation on Cent OS
 
Cent os 5 ssh
Cent os 5 sshCent os 5 ssh
Cent os 5 ssh
 
Installing odoo v8 from github
Installing odoo v8 from githubInstalling odoo v8 from github
Installing odoo v8 from github
 
Installation of Odoo 16 on Ubuntu 20.04 LTS | Cybrosys
Installation of Odoo 16 on Ubuntu 20.04 LTS | CybrosysInstallation of Odoo 16 on Ubuntu 20.04 LTS | Cybrosys
Installation of Odoo 16 on Ubuntu 20.04 LTS | Cybrosys
 
Basic security &amp; info
Basic security &amp; infoBasic security &amp; info
Basic security &amp; info
 
How to install odoo 15 steps on a ubuntu 20.04 lts system installation
How to install odoo 15 steps on a ubuntu 20.04 lts system installation How to install odoo 15 steps on a ubuntu 20.04 lts system installation
How to install odoo 15 steps on a ubuntu 20.04 lts system installation
 
Modul quick debserver
Modul quick debserverModul quick debserver
Modul quick debserver
 
Workshop Raspberry Pi NAS with Windows Share
Workshop Raspberry Pi NAS with Windows ShareWorkshop Raspberry Pi NAS with Windows Share
Workshop Raspberry Pi NAS with Windows Share
 
Webinar Slides: New Tungsten Dashboard - Overview, Installation and Architecture
Webinar Slides: New Tungsten Dashboard - Overview, Installation and ArchitectureWebinar Slides: New Tungsten Dashboard - Overview, Installation and Architecture
Webinar Slides: New Tungsten Dashboard - Overview, Installation and Architecture
 
Training Slides: Basics 106: Tungsten Dashboard Overview, Installation and Ar...
Training Slides: Basics 106: Tungsten Dashboard Overview, Installation and Ar...Training Slides: Basics 106: Tungsten Dashboard Overview, Installation and Ar...
Training Slides: Basics 106: Tungsten Dashboard Overview, Installation and Ar...
 
Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + Puppet
 
Supercharging your PHP pages with mod_lsapi in CloudLinux OS
Supercharging your PHP pages with mod_lsapi in CloudLinux OSSupercharging your PHP pages with mod_lsapi in CloudLinux OS
Supercharging your PHP pages with mod_lsapi in CloudLinux OS
 
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
 
Simple tips to improve Server Security
Simple tips to improve Server SecuritySimple tips to improve Server Security
Simple tips to improve Server Security
 
Death matchtournament del2014
Death matchtournament del2014Death matchtournament del2014
Death matchtournament del2014
 
Hadoop single cluster installation
Hadoop single cluster installationHadoop single cluster installation
Hadoop single cluster installation
 
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platformDrupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platform
 
Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guide
 

Dernier

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Dernier (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

How to secure ubuntu 12.04

  • 1. How to secure an Ubuntu 12.04 LTS server - Part 1 The Basics This guide is based on various community forum posts and webpages. Special thanks to all. All comments and improvements are very welcome as this is purely a personal experimental project at this point and must be considered a work in progress. This guide is intended as a relatively easy step by step guide to: Harden the security on an Ubuntu 12.04 LTS server by installing and configuring the following: 1. Install and configure Firewall - ufw 2. Secure shared memory - fstab 3. SSH - Disable root login and change port 4. Protect su by limiting access only to admin group 5. Harden network with sysctl settings 6. Disable Open DNS Recursion and Remove Version Info - Bind9 DNS 7. Prevent IP Spoofing 8. Harden PHP for security 9. Restrict Apache Information Leakage 10.Install and configure Apache application firewall - ModSecurity 11.Protect from DDOS (Denial of Service) attacks with ModEvasive 12.Scan logs and ban suspicious hosts - DenyHosts and Fail2Ban 13.Intrusion Detection - PSAD 14.Check for RootKits - RKHunter and CHKRootKit 15.Scan open Ports - Nmap 16.Analyse system LOG files - LogWatch 17.SELinux - Apparmor 18.Audit your system security - Tiger If you are looking for a GUI script to install and configure all the steps explained here automatically, visit How to secure an Ubuntu 12.04 LTS server - Part 2 The GUI Installer script Requirements: • Ubuntu 12.04 LTS server with a standard LAMP stack installed.
  • 2. 1. Firewall - UFW • A good place to start is to install a Firewall. • UFW - Uncomplicated Firewall is a basic firewall that works very well and easy to configure with its Firewall configuration tool - gufw, or use Shorewall, fwbuilder, or Firestarter. • Use Firestarter GUI to configure your firewall or refer to the Ubuntu Server Guide, UFW manual pages or the Ubuntu UFW community documentation. • Install UFW and enable, open a terminal window and enter : sudo apt-get install ufw sudo ufw enable • Check the status of the firewall. sudo ufw status verbose • Allow SSH and Http services. sudo ufw allow ssh sudo ufw allow http 2. Secure shared memory. • /dev/shm can be used in an attack against a running service, such as httpd. Modify /etc/fstab to make it more secure. • Open a Terminal Window and enter the following : sudo vi /etc/fstab • Add the following line and save. You will need to reboot for this setting to take effect : tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0 3. SSH Hardening - disable root login and change port. • The easiest way to secure SSH is to disable root login and change the SSH port to something different than the standard port 22. • Before disabling the root login create a new SSH user and make sure the user belongs to the admin group (see step 4. below regarding the admin group). • If you change the SSH port also open the new port you have chosen on the firewall and close port 22. • Open a Terminal Window and enter : sudo vi /etc/ssh/sshd_config
  • 3. • Change or add the following and save. Port <ENTER YOUR PORT> Protocol 2 PermitRootLogin no DebianBanner no • Restart SSH server, open a Terminal Window and enter : sudo /etc/init.d/ssh restart 4. Protect su by limiting access only to admin group. • To limit the use of su by admin users only we need to create an admin group, then add users and limit the use of su to the admin group. • Add a admin group to the system and add your own admin username to the group by replacing <YOUR ADMIN USERNAME> below with your admin username. • Open a terminal window and enter: sudo groupadd admin sudo usermod -a -G admin <YOUR ADMIN USERNAME> sudo dpkg-statoverride --update --add root admin 4750 /bin/su 5. Harden network with sysctl settings. • The /etc/sysctl.conf file contain all the sysctl settings. • Prevent source routing of incoming packets and log malformed IP's enter the following in a terminal window: sudo vi /etc/sysctl.conf • Edit the /etc/sysctl.conf file and un-comment or add the following lines : # IP Spoofing protection net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1
  • 4. # Ignore ICMP broadcast requests net.ipv4.icmp_echo_ignore_broadcasts = 1 # Disable source packet routing net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv6.conf.default.accept_source_route = 0 # Ignore send redirects net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 # Block SYN attacks net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 2048 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 5 # Log Martians net.ipv4.conf.all.log_martians = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1
  • 5. # Ignore ICMP redirects net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv6.conf.default.accept_redirects = 0 # Ignore Directed pings net.ipv4.icmp_echo_ignore_all = 1 • To reload sysctl with the latest changes, enter: sudo sysctl -p 6. Disable Open DNS Recursion and Remove Version Info - BIND DNS Server. • Open a Terminal and enter the following : sudo vi /etc/bind/named.conf.options • Add the following to the Options section : recursion no; version "Not Disclosed"; • Restart BIND DNS server. Open a Terminal and enter the following : sudo /etc/init.d/bind9 restart 7. Prevent IP Spoofing. • Open a Terminal and enter the following : sudo vi /etc/host.conf • Add or edit the following lines :
  • 6. order bind,hosts nospoof on 8. Harden PHP for security. • Edit the php.ini file : sudo vi /etc/php5/apache2/php.ini • Add or edit the following lines an save : disable_functions = exec,system,shell_exec,passthru register_globals = Off expose_php = Off display_errors = Off track_errors = Off html_errors = Off magic_quotes_gpc = Off • Restart Apache server. Open a Terminal and enter the following : sudo /etc/init.d/apache2 restart 9. Restrict Apache Information Leakage. • Edit the Apache2 configuration security file : sudo vi /etc/apache2/conf.d/security • Add or edit the following lines and save : ServerTokens Prod ServerSignature Off TraceEnable Off Header unset ETag
  • 7. FileETag None • Restart Apache server. Open a Terminal and enter the following : sudo /etc/init.d/apache2 restart 10. Web Application Firewall - ModSecurity. • See : How to install apache2 mod_security and mod_evasive on Ubuntu 12.04 LTS server 11. Protect from DDOS (Denial of Service) attacks - ModEvasive • See : How to install apache2 mod_security and mod_evasive on Ubuntu 12.04 LTS server 12. Scan logs and ban suspicious hosts - DenyHosts and Fail2Ban. • DenyHosts is a python program that automatically blocks SSH attacks by adding entries to /etc/hosts.deny. DenyHosts will also inform Linux administrators about offending hosts, attacked users and suspicious logins. • Open a Terminal and enter the following : sudo apt-get install denyhosts • After installation edit the configuration file /etc/denyhosts.conf and change the email, and other settings as required. • To edit the admin email settings open a terminal window and enter: sudo vi /etc/denyhosts.conf • Change the following values as required on your server : ADMIN_EMAIL = root@localhost SMTP_HOST = localhost SMTP_PORT = 25 #SMTP_USERNAME=foo #SMTP_PASSWORD=bar SMTP_FROM = DenyHosts nobody@localhost #SYSLOG_REPORT=YES
  • 8. • Fail2ban is more advanced than DenyHosts as it extends the log monitoring to other services including SSH, Apache, Courier, FTP, and more. • Fail2ban scans log files and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. • Generally Fail2Ban then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action could also be configured. • Out of the box Fail2Ban comes with filters for various services (apache, courier, ftp, ssh, etc). • Open a Terminal and enter the following : sudo apt-get install fail2ban • After installation edit the configuration file /etc/fail2ban/jail.local and create the filter rules as required. • To edit the settings open a terminal window and enter: sudo vi /etc/fail2ban/jail.conf • Activate all the services you would like fail2ban to monitor by changing enabled = false to enabled = true • For example if you would like to enable the SSH monitoring and banning jail, find the line below and change enabled from false to true. Thats it. [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 • If you have selected a non-standard SSH port in step 3 then you need to change the port setting in fail2ban from ssh which by default is port 22, to your new port number, for example if you have chosen 1234 then port = 1234 [ssh] enabled = true port = <ENTER YOUR SSH PORT NUMBER HERE>
  • 9. filter = sshd logpath = /var/log/auth.log maxretry = 3 • If you would like to receive emails from Fail2Ban if hosts are banned change the following line to your email address. destemail = root@localhost • and change the following line from : action = %(action_)s • to: action = %(action_mwl)s • You can also create rule filters for the various services that you would like fail2ban to monitor that is not supplied by default. sudo vi /etc/fail2ban/jail.local • Good instructions on how to configure fail2ban and create the various filters can be found on HowtoForge - click here for an example • When done with the configuration of Fail2Ban restart the service with : sudo /etc/init.d/fail2ban restart • You can also check the status with. sudo fail2ban-client status 13. Intrusion Detection - PSAD. • Cipherdyne PSAD is a collection of three lightweight system daemons that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. • Currently version 2.1 causes errors during install on Ubuntu 12.04, but apparently does work. Version 2.2 resolves these issues but is not yet available on the Ubuntu software repositories. It is recommended to manually compile and install version 2.2 from the source files available on the Ciperdyne website. • To install the latest version from the source files follow these instruction : How to install PSAD Intrusion Detection on Ubuntu 12.04 LTS server • OR install the older version from the Ubuntu software repositories, open a Terminal and enter the following : sudo apt-get install psad
  • 10. • Then for basic configuration see How to install PSAD Intrusion Detection on Ubuntu 12.04 LTS server and follow from step 2: 14. Check for rootkits - RKHunter and CHKRootKit. • Both RKHunter and CHKRootkit basically do the same thing - check your system for rootkits. No harm in using both. • Open a Terminal and enter the following : sudo apt-get install rkhunter chkrootkit • To run chkrootkit open a terminal window and enter : sudo chkrootkit • To update and run RKHunter. Open a Terminal and enter the following : sudo rkhunter --update sudo rkhunter --propupd sudo rkhunter --check 15. Scan open ports - Nmap. • Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. • Open a Terminal and enter the following : sudo apt-get install nmap • Scan your system for open ports with : nmap -v -sT localhost • SYN scanning with the following : sudo nmap -v -sS localhost 16. Analyse system LOG files - LogWatch. • Logwatch is a customizable log analysis system. Logwatch parses through your system's logs and creates a report analyzing areas that you specify. Logwatch is easy to use and will work right out of the package on most systems. • Open a Terminal and enter the following : sudo apt-get install logwatch libdate-manip-perl
  • 11. • To view logwatch output use less : sudo logwatch | less • To email a logwatch report for the past 7 days to an email address, enter the following and replace mail@domain.com with the required email. : sudo logwatch --mailto mail@domain.com --output mail --format html --range 'between -7 days and today' 17. SELinux - Apparmor. • National Security Agency (NSA) has taken Linux to the next level with the introduction of Security- Enhanced Linux (SELinux). SELinux takes the existing GNU/Linux operating system and extends it with kernel and user-space modifications to make it bullet-proof. • More information can be found here. Ubuntu Server Guide - Apparmor • It is installed by default since Ubuntu 7.04. • Open a Terminal and enter the following : sudo apt-get install apparmor apparmor-profiles • Check to see if things are running : sudo apparmor_status 18. Audit your system security - Tiger. • Tiger is a security tool that can be use both as a security audit and intrusion detection system. • Open a Terminal and enter the following : sudo apt-get install tiger • To run tiger enter : sudo tiger • All Tiger output can be found in the /var/log/tiger • To view the tiger security reports, open a Terminal and enter the following : sudo less /var/log/tiger/security.report.*