Thursday, September 3, 2009

How to secure Linux

How to Secure In Linux:

Company having lot confidential data hoe to protect.

1. Define security Policy
Company having lot of confidential data that company having own security policy
That should sign internal and external users.

2. Bios Security Password Security:

1 Ensure that disable bootable device floppy and cdrom devices and other devices
2 Protect password to enter bios settings
3 Disable auto settings
4 Disable booting removable media
5 Document the Bios Settings

3 Disconnect network while installation time like ftp and http server

4 installations required three partion minimum /root, home and swap

5 swap partion memory 64 MB means you need to give 128 MB.suppose if you have more memory 1 GB not required 2 GB you can give less.

6 server installation times its required large disk space after creating partion you should
Should document the partition information
Command:
Fdisk /dev/hda
Option –p prints the table and store information in other place.

7. Customize the package selection: 1 workstation means not required for installing server package nfs, http, and samba ony what is necessary for user.
2 if u r installing server means you need to select what is requirements.

8. Shadow password and MD5 Hacking: normally UNIX passwords encrypt with crypt stored on /etc/passwd but we crack that passwd.
Shadow Password: shadow password /etc/shadow it is read only. Only root can access
Very difficult to crack this passwd.


9. Set Password For Root and Other User:

1 Password will be sensitive it will accept uppercase and lowercase letter, digits and Special character.
2 Password should no be based on personal information such as name, company, licence number, birthday.
3 You can give password like B+12kp!.” But Frequently change the password like monthly wise
10 Boot Diskt

/SBIN/mkbootdisk.

11. Setting up Inittab:

Disable ctr-alt-del key in terminal
Ca: ctraltdel: /sbin/shutdown –t3 –r now
# comment that option

Init q It will save immediately.

12. Password Protect Lilo Grub protect:


13 System Access Security Policy:
1 Disable remote login Telnet /etc.securetty remove root access tty1to tty8.

2 Disable remote login Ftp:
/etc/ftpusers file contains list of users not allowed via ftp including root.
3 System login can cannt login through the system:
You can configure which users can login which service like tcp wrappers

Disable login through console except root
-:ALL EXPECT root admin :console
4
Posted by Kesavan Unix & Storage Specalist at 12:01 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)