[GTALUG] Linux hardening question

[Kevin Cozens]

On 2017-06-27 07:37 PM, Truth Hacker via talk wrote:
> I am starting to go down the road to harden a Linux server, I am using
> the Ubuntu server image as my starting point.
[snip]
> Q: What service should I consider disabling from starting automatically.

Disable any service you won't need for what you are going to be doing with 
the machine. :)

> I am reading up on iptable and also know about ufw, but not sure how
> to setup a good firewall, like what to block and not.

It depends on the extent to which you want to harden the machine. One way to 
set up a firewall is deny everything by default then open the holes for the 
services you need. firewalld is also a firewall related package I've been 
running across lately.

Install logwatch and have it send the logs to you on a daily basis.
Use fail2ban to automatically firewall any machine who fails too many times 
to login via SSH.

You may also want to "chmod 711 /etc", FWIW.

If you are really serious about hardening a machine read up on SELinux.

-- 
Cheers!

Kevin.

http://www.ve3syb.ca/           |"Nerds make the shiny things that distract
Owner of Elecraft K2 #2172      | the mouth-breathers, and that's why we're
                                 | powerful!"
#include <disclaimer/favourite> |             --Chris Hardwick