[GTALUG] Linux hardening question
Lennart Sorensen
lsorense at csclub.uwaterloo.ca
Wed Jun 28 10:05:16 EDT 2017
On Tue, Jun 27, 2017 at 07:53:02PM -0400, Kevin Cozens via talk wrote:
> On 2017-06-27 07:37 PM, Truth Hacker via talk wrote:
> >I am starting to go down the road to harden a Linux server, I am using
> >the Ubuntu server image as my starting point.
> [snip]
> >Q: What service should I consider disabling from starting automatically.
>
> Disable any service you won't need for what you are going to be doing with
> the machine. :)
>
> >I am reading up on iptable and also know about ufw, but not sure how
> >to setup a good firewall, like what to block and not.
>
> It depends on the extent to which you want to harden the machine. One way to
> set up a firewall is deny everything by default then open the holes for the
> services you need. firewalld is also a firewall related package I've been
> running across lately.
>
> Install logwatch and have it send the logs to you on a daily basis.
> Use fail2ban to automatically firewall any machine who fails too many times
> to login via SSH.
>
> You may also want to "chmod 711 /etc", FWIW.
How well does that work out? So regular users (and services not running
as root) can't resolve dns anymore (can't read nsswitch.conf or
resolv.conf). That sounds inconvinient.
> If you are really serious about hardening a machine read up on SELinux.
--
Len Sorensen
More information about the talk
mailing list