Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo
* * * * * 1 votes

25 Hardening Tips for Linux Servers (Home users can benefit also)


  • Please log in to reply
2 replies to this topic

#1 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 6,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:10:25 AM

Posted 07 September 2015 - 02:33 AM

This is a Topic dedicated to Linux security. Most, though not all of these can be used by distros based on Ubuntu. 

 

Security is often brushed aside among Linux users, even during the install, one may see that no extra security is needed. This is foolish thinking at best, downright dangerous at worst. The only 'bulletproof' OS is on a computer that's never booted, or used offline only. 

 

Among these tips are simple to advanced, how to secure your system in many ways, including blocking users from using Flash drives from being used, a common tactic used not only to steal data, also to possibly infect the system. 

 

It's my hope that you all find one or more of these tips useful, I did.  :)

 

http://www.tecmint.com/linux-server-hardening-security-tips/

 

As at the workplace, many of us knows this expression, yet I'll repeat it again, 'Safety is the First part of the job'. This includes what we do at home, be it mowing the lawn, or running a computer, including a Linux OS. 

 

Enjoy the article & make at least one of these tips yours to follow. :)

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


BC AdBot (Login to Remove)

 


#2 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 09 September 2015 - 11:54 AM

I found #12 interesting, didn't know that was possible.



#3 cat1092

cat1092

    Bleeping Cat

  • Topic Starter

  • BC Advisor
  • 6,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA

Posted 10 September 2015 - 01:04 AM

I found #9 to be the same, thought SELinux was inbuilt into the distro. Maybe I was thinking of another inbuilt security app, I know that ClamAV is one, felt for sure there's another. AppArmor is the one, the article linked below refreshed my memory & still has to be added & configured. Comparison between the two are also in the article, AppArmor security is easily worked around & too permissive, while SELinux actually enforces security policy. 

 

The only reason why I didn't add SELinux is that I'm already running ESET NOD32 for Unices on some of my installs & most of the rest seldom sees action, am not sure if the two active AV's would be bumping heads with one another. This is the readout I get back from the Terminal after entering sestatus.

 

 

cat@cat-XPS-8700 ~ $ sestatus

The program 'sestatus' is currently not installed. You can install it by typing:
sudo apt-get install policycoreutils
cat@cat-XPS-8700 ~ $ 
 

 

Since I've never used this, don't know if configuration is needed, or the rules are automatic. According to the instructions, there are three basic operation modes. Yet it's well established in the Linux world, the original authors were the NSA (yes the one associated with the US government) & RedHat. The following article not only covers SELInux, it also shows near the end how to place it in Enforcing Mode (the first on the list) with a simple Terminal line. Read on for more, very interesting information. Just because a software may have been associated with the NSA at some point, doesn't make it useless. Actually the opposite. 

 

https://en.wikipedia.org/wiki/Security-Enhanced_Linux

 

Cat


Edited by cat1092, 10 September 2015 - 01:18 AM.

Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users