Professional Documents
Culture Documents
Linux OS Hardening Guideline: Created by Version Number Type
Linux OS Hardening Guideline: Created by Version Number Type
SIFY/TECH/IMS/MSS/CHN/ALL/GL/020
nameserver 202.144.76.3
vi /etc/ssh/sshd_config
Uncomment the USEDNS parameter and replace the value with “no”
service sshd restart
or
/etc/init.d/sshd restart
Before Doing the Basic Check run the Rootkit Hunter and chkrootkit Tools in the Server, If any Warning’s
are showed give it as recommendations.
Not required
THE FILE rkhunter.log contains the scan report copy and move using winscp
THE FILE chkrootkitreport contains the scan report copy and move using winscp
Save the report and send to the Admin if Vulnerabilities are listed out.
vi /etc/passwd - Check whether any Suspicious login's are Present? If so Contact Admin and ask for it.
(eg.) news: /bin/false or nologin (check for the same)
vi /etc/login.defs - [Chg]
PASS_MIN_LEN 8
vi /etc/profile - [Add]
HISTSIZE=30
HISTFILESIZE=30
TMOUT=900
vi /etc/host.conf - [Add]
multi on
nospoof on
# Authlogs
auth.notice /var/log/authlog
# Syslogs
daemon.notice /var/log/syslog
*.*;mail.none;cron.none @202.144.75.9
vi /etc/default/cron - [ Its a New File] [Add] [CAPS ON] [To see the Status of the CRON
Job Running ]
CRONLOG=YES
vi /etc/skel/.bash_logout -
[To remove the History Files]
[Add]
rm -f $HOME/.bash_history
chattr +i /etc/services
chmod 600 /etc/login.defs (online)
chmod -R 700 /etc/rc.d/init.d/*
Paste the below lines in the directory 1) vi /etc/issue , 2) vi /etc/issue.net and 3) vi /etc/motd .
***************************************************************************************
This system is a restricted access system. All activity on this system is subject to monitoring. If information
collected reveals possible criminal activity or activity that exceeds privileges, evidence of such activity may
be provided to the relevant authorities for further action. By continuing past this point, you expressly consent
to this monitoring.
***************************************************************************************
To Check What services are Running:
(online)
ps -ef [ Unwanted Process to be killed]
netstat -tapn | grep LISTEN
stty erase ^?
EXT=`date +'%d%m%y.%H%M%S'`
export SHELL TERM TMOUT EXT PATH SHELL
if [ ! -d $HOME/logs ] ; then
mkdir $HOME/logs
fi
if [ "`tty`" != "/dev/console" ] ; then
if [ -x $SHELL ] ; then
exec script -q $HOME/logs/${LOGNAME}logs.$EXT
fi
fi
mesg n
NR
Add:
SSHD: <IP’s>
Eg:
SSHD: 202.144.55.56,57,58,59,60,61,62
SENDMAIL: 127.0.0.1