There are a few common security practices that every Linux user should follow. Unfortunately, not everybody is aware of these. In this post will show you how to secure your home pc or server to the best of your abilities with the best available opensource tools.
1- Checking your system for random mailers:
Mailers like Form Mail are used by hackers to send out spam emails, relay messages that are security risks for yourself and so on. You can find them using the following command:
find / -name "[Ff]orm[mM]ai*"
CGIeMail is another one that has similar issues.
find / -name "[Cc]giemai*"
Upon finding them, issue the following:
chmod a-rwx /path/to/filename
a-rwx = all types, no read, no write, no execute
2- Check your system using the root kit checker:
Hackers can sometimes install a rootkit on your computer without you even knowing or even set it to run at a specified time through cron. You can check your system with chrootkit. Open up a terminal and execute the following:
cd ~
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit-0.44
make sense
Now to run it, just run this:
~/chkrootkit-0.44/chkrootkit
Please do remember to run it on a regular basis.
3- Set up a root login detector and emailer:
This nifty little trick will allow you to be warned if someone actually does manage to login as root on your computer or server.
We need to edit .bash_profile for root. Grab your favorite text editor and add the following line at the end of it:
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" your@email.com
Replace your@email.com with your own email. Save the file and exit.
4- Set a SSH MOTD:
If your particular machine is a server, this can help.
Grab your favorite text editor and open up /etc/motd
Save your message to the file and exit. An example can be as follows, come up with your own, though.
“This system is restricted to authorized access only. All activities on
this system are recorded and logged. Unauthorized access will be fully
investigated and reported to the appropriate law enforcement agencies.”
5- Secure SSH Logins:
If your server or computer has more than one IP, bind sshd to one of those IPs and don’t use it for anything else. This adds an extra layer of security.
We need to edit /etc/ssh/sshd_config
Scroll down to the section of the file that looks like this:
#Port 22
#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress ::
Uncomment the Port part and input anything else than port 22. Something above the 40k range is good. Make protocol only 2 instead of 2, 1. I you have more than one IP, change the listen address entry accordingly.
Disable root login through ssh
Find #PermitRootLogin yes and change it to PermitRootLogin no.
Now restart sshd and check out if everything is working fine.
6- Disable Telnet:
As root, edit the file /etc/xinetd.d/telnet and change disable = no to disable = yes
Save the file and exit. Restart xinetd through /etc/init.d/xinetd restart
7- Nuke PHP Shells:
Hackers sometimes put these on server for easy access or administration later on. Run the following commands and remove stuff you find suspicious.
locate irc
locate BNC
locate ptlink
locate BitchX
locate guardservices
locate psyBNC
locate eggdrop
locate bnc
locate .rhosts
Be warned that this can sometimes bring up legit files. So be a bit careful.
8- Install Brute Force Detection:
This is an optional step for the truly paranoid ones. It does provide an additional layer of security though.
cd /root/
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
tar -xvzf bfd-current.tar.gz
cd bfd-0.4
./install.sh
We need to edit its config file. Grab your favorite editor and edit /usr/local/bfd/conf.bfd
Find the following and change accordingly ->
Find :
ALERT_USR=”0″
and change it to
ALERT_USR=”1″
Find :
EMAIL_USR=”root”
and change it to
EMAIL_USR=”your@email.com“
Save the changes and exit.
Start BFD with the following command:
/usr/local/sbin/bfd –s
With the correct deployment of these methods, we hope that your system is now a bit more secure than it used to be. And as always, keep your OS updated with the latest security patches and updates.
9- Encrypt your data
Last, but is the most important security practice is to encrypt your data, for this check our previous post.
Thanks again to Convexity for this post
{module user9-footer}