Difference between revisions of "Security"
Rootadminacc (talk | contribs) (Created page with "== Autokick SSH user after specified time == if [ -n "$SSH_CONNECTION" ]; then export TMOUT=300; fi This will check if a user is logged in using ssh and will log out the use...") |
Rootadminacc (talk | contribs) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 19: | Line 19: | ||
Set this value: | Set this value: | ||
<pre>PermitRootLogin no</pre> | <pre>PermitRootLogin no</pre> | ||
Check sudo is actually installed: | |||
<pre>apt-get install sudo | |||
yum install sudo</pre> | |||
<pre>visudo</pre> | <pre>visudo</pre> | ||
Under User privilege specification (on Ubuntu) or Allow root to run any commands anywhere (on CentOS) | Under User privilege specification (on Ubuntu) or Allow root to run any commands anywhere (on CentOS) | ||
| Line 56: | Line 61: | ||
http://www.google.co.uk/goodtoknow/online-safety/passwords | http://www.google.co.uk/goodtoknow/online-safety/passwords | ||
Unix password cracking (rough article): http://www.governmentsecurity.org/articles/crack-unix-linux-passwords.html | |||
== Protection against brute-force == | == Protection against brute-force == | ||
Latest revision as of 13:19, 7 March 2013
Autokick SSH user after specified time
if [ -n "$SSH_CONNECTION" ]; then export TMOUT=300; fi
This will check if a user is logged in using ssh and will log out the user automatically after the specified time in seconds without data retrieval on the server side. Will work with bash and zsh so put it into your sourced shell file on the server side. Be aware that users can change this themselves as it's just a environment variable.
Clear bash history
export HISTSIZE=0
Create secure password in SSH
genpassdeep() { cat /dev/urandom | tr -dc [:alnum:] | head -c64 | whirlpooldeep; echo; }
Disabling the root user
Enter this file:
vim /etc/ssh/sshd_config
Set this value:
PermitRootLogin no
Check sudo is actually installed:
apt-get install sudo yum install sudo
visudo
Under User privilege specification (on Ubuntu) or Allow root to run any commands anywhere (on CentOS)
root ALL=(ALL) ALL username ALL=(ALL) ALL
Restart SSH and now the root user cannot log in unless done via the new user with root privileges:
/etc/init.d/ssh restart
Do not close your current connection and open a new connection:
ssh -pX username@IPaddress (where X = your SSH port number) sudo su -
MD5 Hash Generator
Permissions
John the Ripper
http://www.osix.net/modules/article/?id=455
http://www.openwall.com/john/doc/EXAMPLES.shtml (Config)
http://pka.engr.ccny.cuny.edu/~jmao/node/26
http://pentestsh.webs.com/apps/blog/show/20717358-netbios-nbns-spoofing#.UL-DZMmkqso.twitter
Password Safety
http://www.google.co.uk/goodtoknow/online-safety/passwords
Unix password cracking (rough article): http://www.governmentsecurity.org/articles/crack-unix-linux-passwords.html
Protection against brute-force
Some methods that may help to increase OS security against external attacks including brute-force are:
- Use key-based authentication only
- Close SSH access for the root user
- Configuring of sshd daemon listening to using of exclusive IPs only
- Change sshd daemon port from 22 to another in /etc/ssh/sshd_config , more information at the SSH page.
There is a lot of third-party solutions for the same purpose:
- DenyHosts - scans log files and configures tcp wrapper rules
- Cryptknock - opens the ssh port if required
- BlockSSHd - analyzes logs and configures firewall rules
- SSHGuard - monitors logs and configures firewalls
Tools
rkhunter (Rootkit Hunter)
Sentry Tools
To check the rkhunter log for problems on Linux do:
cat /file/path/rkhunter.log | grep found | grep -v None | grep -v Not
cat /file/path/rkhunter.log | grep "Warning: Found"
