Scribd Logo
Upload

Welcome to Scribd!

  • LINUX FUNDAMENTAL SECURING SSH AND CRON JOBS

    Uploaded by

    Leonardo Agusto
    8 views16 pages
    This document discusses securing SSH and configuring cron jobs on Linux servers. It recommends disabling root login and limiting user logins via SSH for security. It also suggests disabling empty password access, protocol 1, and host-based authentication in the SSH configuration. For cron jobs, the document explains how to configure scheduled tasks using crontab and provides examples of common schedules. It notes that cron jobs can be used to automate backups, monitoring, log file management and other system maintenance tasks.

    Original Description:

    Pembelajaran Linux

    Original Title

    Linux Extra

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses securing SSH and configuring cron jobs on Linux servers. It recommends disabling root login and limiting user logins via SSH for security. It also suggests disabling empty password access, protocol 1, and host-based authentication in the SSH configuration. For cron jobs, the document explains how to configure scheduled tasks using crontab and provides examples of common schedules. It notes that cron jobs can be used to automate backups, monitoring, log file management and other system maintenance tasks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views16 pages

    LINUX FUNDAMENTAL SECURING SSH AND CRON JOBS

    Uploaded by

    Leonardo Agusto
    This document discusses securing SSH and configuring cron jobs on Linux servers. It recommends disabling root login and limiting user logins via SSH for security. It also suggests disabling empty password access, protocol 1, and host-based authentication in the SSH configuration. For cron jobs, the document explains how to configure scheduled tasks using crontab and provides examples of common schedules. It notes that cron jobs can be used to automate backups, monitoring, log file management and other system maintenance tasks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    LINUX

    FUNDAMENTAL
    SECURING SSH AND CRON JOBS
    SECURING SSH

    2
    WHY SECURING SSH MATTER?

    • SSH is the default secured remote management protocol for almost of Linux distributions.
    SSH provides a confidentiality and integrity by data encryption and passwords are no
    longer sent in plain text over the network. Nevertheless, a default configuration of SSH
    can put the server in a security risk.
    • That is why it is important to follow a few simple steps to harden an SSH server that can
    dramatically reduce the risk.

    3
    DISABLE ROOT LOGINS

    For security concern, it is not recommended to use root user to login via SSH over a
    network. The best approach is to use normal user to login to the server and use
    command sudo to perform the task that required root privilege.
    To disable root login via SSH, update file /etc/ssh/sshd_config and restart SSH service as the
    following.
    # vim /etc/ssh/sshd_config

    Change this line


    PermitRootLogin no

    # systemctl restart sshd


    4
    LIMIT USER LOGINS

    By default, all valid users on the system are able access the server. For security reason, we
    should limit to only certain users who really need to have SSH access to the server. Add the
    parameter AllowUsers followed by a space separated list of usernames to
    file /etc/ssh/sshd_config.
    # vim /etc/ssh/sshd_config

    Add this line


    AllowUsers exampleuser01 exampleuser02

    5
    DISABLE PROTOCOL 1

    Using protocol 1 of SSH is less secure. We should be disabled it and always use protocol 2
    only instead. Edit file /etc/ssh/sshd_config and restart SSH service as the following.
    # vim /etc/ssh/sshd_config

    Change this line


    Protocol 2

    # systemctl restart sshd

    6
    LIMIT LISTEN ADDRESS

    The default configuration of SSH will listens on all available interfaces which it should be
    limited. If there are multiple interfaces on the server configured with different IP addresses,
    it is always best to limit the user to login to the server using private IP address only.
    # vim /etc/ssh/sshd_config

    Change this line


    ListenAddress <your private address>

    # systemctl restart sshd

    7
    DISABLE EMPTY PASSWORD ACCESS

    In some case, a certain user account on the server might not have set a password or has
    empty password. It is a best to always disable these users connecting with remote SSH
    server.
    # vim /etc/ssh/sshd_config

    Change this line


    PermitEmptyPasswords no

    # systemctl restart sshd

    8
    DISABLE HOST-BASED AUTHENTICATION

    Host-based authentication allows hosts to authenticate on behalf of all or some of the


    users using the public key.
    # vim /etc/ssh/sshd_config

    Change this line


    HostbasedAuthentication no

    # systemctl restart sshd

    9
    LIMIT ALLOWED ACCESS BY IP
    We can configure which hosts can connect using TCP wrappers. With TCP wrappers, in
    addition to IP addresses you can also use hostnames in rules.
    By default, deny all hosts.
    # vim /etc/hosts.deny
    sshd : ALL

    Then list allowed hosts in hosts.allow. For example to allow


    network 192.168.0.0/24 and localhost.
    # vim /etc/hosts.allow
    sshd : 192.168.0.0/24
    Sshd : 127.0.0.1

    10
    CRON JOBS

    11
    WHAT IS CRON JOBS

    Cron Jobs is generally used for running scheduled backups, monitoring disk space, deleting
    files (for example log files) periodically which are no longer required, running system
    maintenance tasks and a lot more.
    To create cron jobs for current user
    # crontab –e
    To create cron jobs for other user
    # crontab –u <username> –e

    12
    CRON JOBS COMMAND STRUCTURE

    13
    CRON JOBS SCHEDULE EXAMPLE

    • Run jobs every minutes • Run a job at 16:15 on day-of-month 3


    * * * * * <command to execute> 15 16 3 * * <command to execute>

    • Run jobs every 5 minutes • Run jobs every quarter year at 3am on 1st day
    */5 * * * * <command to execute> 0 3 */1 */4 * <command to execute>

    • Run jobs 3 times every hour at minute 5,10,15


    5,10,15 * * * * <command to execute> There are a lot of helper to define cronjobs schedule
    • Run jobs every 2 hours • https://crontab-generator.org/

    0 */2 * * * <command to execute> • https://crontab.guru/

    • Run jobs every day at 3am


    0 3 * * * <command to execute>

    • Run jobs every day at 3am at Sunday


    0 */2 * * SUN <command to execute>

    14
    WHAT KIND OF JOBS CAN BE CRON-ED?

    Any kind of jobs!

    • Execute PHP script:


    /usr/bin/php /home/username/public_html/cron.php
    • MySQL Dump
    mysqldump -u root -pPASSWORD database > /root/db.sql
    • Access URL
    /usr/bin/wget --spider http://www.domain.com/cron.php

    • Execute Shell Script


    /bin/sh ~/cronjobs.sh

    15
    THANK YOU !
    END OF CHAPTER EXTRA

    16

    You might also like