Security

From Server Knowledge Base
Jump to: navigation, search

Autokick SSH user after specified time

if [ -n "$SSH_CONNECTION" ]; then export TMOUT=300; fi

This will check if a user is logged in using ssh and will log out the user automatically after the specified time in seconds without data retrieval on the server side. Will work with bash and zsh so put it into your sourced shell file on the server side. Be aware that users can change this themselves as it's just a environment variable.

Clear bash history

export HISTSIZE=0

Create secure password in SSH

genpassdeep() { cat /dev/urandom | tr -dc [:alnum:] | head -c64 | whirlpooldeep; echo; }

Disabling the root user

Enter this file:

vim /etc/ssh/sshd_config

Set this value:

PermitRootLogin no

Check sudo is actually installed:

apt-get install sudo
yum install sudo
visudo

Under User privilege specification (on Ubuntu) or Allow root to run any commands anywhere (on CentOS)

root    ALL=(ALL) ALL
username   ALL=(ALL) ALL

Restart SSH and now the root user cannot log in unless done via the new user with root privileges:

/etc/init.d/ssh restart

Do not close your current connection and open a new connection:

ssh -pX [email protected] (where X = your SSH port number)
sudo su -

MD5 Hash Generator

Permissions

John the Ripper

http://www.osix.net/modules/article/?id=455
http://www.openwall.com/john/doc/EXAMPLES.shtml (Config)
http://pka.engr.ccny.cuny.edu/~jmao/node/26
http://pentestsh.webs.com/apps/blog/show/20717358-netbios-nbns-spoofing#.UL-DZMmkqso.twitter


Password Safety

http://www.google.co.uk/goodtoknow/online-safety/passwords

Unix password cracking (rough article): http://www.governmentsecurity.org/articles/crack-unix-linux-passwords.html

Protection against brute-force

Some methods that may help to increase OS security against external attacks including brute-force are:

  • Use key-based authentication only
  • Close SSH access for the root user
  • Configuring of sshd daemon listening to using of exclusive IPs only
  • Change sshd daemon port from 22 to another in /etc/ssh/sshd_config , more information at the SSH page.

There is a lot of third-party solutions for the same purpose:

  • DenyHosts - scans log files and configures tcp wrapper rules
  • Cryptknock - opens the ssh port if required
  • BlockSSHd - analyzes logs and configures firewall rules
  • SSHGuard - monitors logs and configures firewalls

Tools

rkhunter (Rootkit Hunter)
Sentry Tools

To check the rkhunter log for problems on Linux do:

cat /file/path/rkhunter.log | grep found | grep -v None | grep -v Not
cat /file/path/rkhunter.log | grep "Warning: Found"