{"id":184,"date":"2017-08-26T11:40:34","date_gmt":"2017-08-26T11:40:34","guid":{"rendered":"https:\/\/d1m0.com\/?p=184"},"modified":"2017-09-11T11:37:54","modified_gmt":"2017-09-11T11:37:54","slug":"securing-os","status":"publish","type":"post","link":"https:\/\/d1m0.com\/?p=184","title":{"rendered":"Securing Linux OS"},"content":{"rendered":"<p><strong>Update Your System &#8211; Frequently <\/strong><\/p>\n<p>Software updates range from critical vulnerability patches to minor bug fixes, and many software vulnerabilities are actually patched by the time they become public.<\/p>\n<p><strong>Usea Limited User Account<\/strong><\/p>\n<p>Do not give sudo privileges on every user on your systems.Limit privileged commands in <strong>\/etc\/sudoers<\/strong>. It\u2019s not a good practice to ssh into your server as superuser.Use limited users with sudo privileges.<\/p>\n<p><strong>Run What You Need<\/strong><!--more--><\/p>\n<p>Regularly check used ports, runnging services.For network used ports &#8211; <strong>netstat -nputl<\/strong>Also you may dont need ipv6 support, so disable it . .Disable unnecessary services &#8211; <strong>systemctl list-unit-files &#8211;type=service | grep enabled <\/strong> and disable it with <strong>systemctl disable<\/strong>.<br \/>\n<strong>chkconfig &#8211;list | grep &#8216;3:on&#8217;<br \/>\nservice serviceName stop<br \/>\nchkconfig serviceName off<\/strong><\/p>\n<p><strong> Minimize Software to Minimize Vulnerability<\/strong><br \/>\nAvoid installing unnecessary software to avoid vulnerabilities in software.Delete all unwanted packages.<\/p>\n<p># yum list installed<br \/>\n# yum list packageName<br \/>\n# yum remove packageName<br \/>\nOR<br \/>\n# dpkg &#8211;list<br \/>\n# dpkg &#8211;info packageName<br \/>\n# apt-get remove packageName<\/p>\n<p><strong>User Accounts and Password policy<\/strong><br \/>\nUse the useradd \/ usermod commands to create and maintain user accounts. Make sure you have a good and strong password policy. For example, a good password includes at least 8 characters long and mixture of alphabets, number, special character, upper &#038; lower alphabets etc.<br \/>\nCheck for users and their passwords. <strong>viwp -s<\/strong> or check for yousers with no password <strong>cat \/etc\/shadow | awk -F: &#8216;($2==&#8221;&#8221;){print $1}<\/strong>&#8216;<\/p>\n<p><strong>Use firewall<\/strong><br \/>\nIt\u2019s highly recommended to enable Linux firewall to secure unauthorised access of your servers. Apply rules in iptables to filters incoming, outgoing and forwarding packets. We can specify the source and destination address to allow and deny in specific udp\/tcp port number.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Update Your System &#8211; Frequently Software updates range from critical vulnerability patches to minor bug fixes, and many software vulnerabilities are actually patched by the time they become public. Usea Limited User Account Do not give sudo privileges on every user on your systems.Limit privileged commands in \/etc\/sudoers. It\u2019s not a good practice to ssh &#8230;<\/p>\n<p><a href=\"https:\/\/d1m0.com\/?p=184\" class=\"more-link\">Continue reading &lsquo;Securing Linux OS&rsquo; &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-184","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/d1m0.com\/index.php?rest_route=\/wp\/v2\/posts\/184","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/d1m0.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/d1m0.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/d1m0.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/d1m0.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=184"}],"version-history":[{"count":5,"href":"https:\/\/d1m0.com\/index.php?rest_route=\/wp\/v2\/posts\/184\/revisions"}],"predecessor-version":[{"id":294,"href":"https:\/\/d1m0.com\/index.php?rest_route=\/wp\/v2\/posts\/184\/revisions\/294"}],"wp:attachment":[{"href":"https:\/\/d1m0.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=184"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/d1m0.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=184"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/d1m0.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}