Cyber Patriot Lecture Series

How to Secure Ubuntu 16 From Outside Threats

1

2

Discussion Topics

1. Brief overview of file system layout2. Brief overview of logs files3. General Security Settings overview4. Built-in command to know5. Q&A

3

File System

/ --root, top of file system /dev, /devices –contains files use to talk to system

devices /usr –primarily OS directory, read-only /bin , /usr/bin , /usr/local, /opt --executable program

directories /home , /export/home – user home directory/files /var – log files, temp queues for system services /tmp – temp file space /swap – secondary memory location /mnt – temporary mount points for cd, usb, others

Log Files and Uses /var/log

Utmp*: Complete user login pictureWtmp*: historical data of utmpBtmp: failed login attemptsDmesg: Display or driver messagesMessages: Global system messages including mail, cron, etc—syslog on

some systemsMaillog: Mailserver logsAuth: Authentication related events such as ssh logins, failed passwords, invalid account attempts—secure log on some systems.Kern:Cron:

*Only readable with who, last or utmpdump commands

5General Security Considerations

Encrypt hard-drives Update Operating System

Clean old versions, packages Only install applications/services required

Protect shared memory and ASLR Use strong passwords and passphrases

Enforce requirements-- strength, aging, reuse, etc Use a firewall, AV and rootkit detection

Prevent IP spoofing Do not allow root login, use sudo Use least privilege Use bios passwords Secure the browser

6Encrypt file system during install

Update Operating System

7Address Space Layout Randomization (ASLR)

ldd /bin/bash – command to show memory address usedsudo sysctl -ar random – view kernel settings for keyword randomsudo sysctl -w kernel.randomize_va_space=0 – disable to show difference

8

Enforcing Password Complexity Rules

>sudo apt-get -y install libpam-pwquality cracklib-runtime>sudo vi /etc/pam.d/common-passwordpassword requisite pam_pwquality.so retry=3 minlen=10 maxrepeat=3 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3 gecoscheck=1 maxsequence=3 reject_username enforce_for_rootpassword requisite pam_pwhistory.so remember=10

>sudo /etc/pam.d/common-authauth required pam_tally2.so onerr=fail per_user deny=5 unlock_time=1800 no_magic_root reset

9Meaning of each parameter:

retry=3: Prompt a user 3 times before returning with error.minlen=10 : The password length cannot be less than this parametermaxrepeat=3: Allow a maximum of 3 repeated charactersucredit=-2 : Require at least two uppercase characterlcredit=-2 : Must have at least two lowercase character.dcredit=-2 : must have at least two digitocredit=-2 : must have at least two other charactersdifok=3 : The number of characters in the new password that must not have been present in the old password.gecoscheck=1: Words in the GECOS field of the user’s passwd entry are not contained in the new password.reject_username: Rejects the password if contains the name of the user in either straight or reversed form.enforce_for_root: Enforce password policy for root userremember=10 : store history of last 10 passwordsonerr=fail : what to do when max deny reached (fail = lock)deny=5 : 5 attempts before lockingunlock_time=1800 : auto-unlock after timeno_magice_root : do not lockout root, prevents DoS on root.

10

Example Screenshot

11

Additional Password Settings

1. Log sudo use.2. Log successful and unknown attempts.3. Password aging and time between changes

12

Install Anti-Malware

>sudo apt-get -y install clamav clamtk

13

Install Rootkit detection

>sudo apt-get -y install chkrootkit rkhunter

14

Security Configuration/Hardening Tools

SELinux AppArmor Grsecurity Bastille Lynis

15

File Integrity Monitoring/HIDS Tools

OSSEC – Open Source HIDS SECurity

AIDE – Advanced Intrusion Detection Environment opensource Tripwire

samhain

16

Vulnerability Scanners

Nessus Essentials (formerly Nessus Home)

OpenVAS

Zenmap

Nexpose

17

Built-in Commands and Tools

pwd – present working directory ps – list current process ls – list directory contents stat – display file status file – determine file type netstat – network statistics, connections, interfaces, tables ifconfig – show interface information uname – system information dig – DNS lookup utility top – display detailed process information last – show last login information whoami, who, id – shows information on the current user man – reference manual (help pages) for commands

18

lsof – list open files

19

Server and Other Considerations

SSH configurationsNTP configurationsDNS configurationsWeb server configurations

20

Questions ??

21Additional Resources and References

https://www.comparitech.com/blog/information-security/linux-security-guide/

https://sensorstechforum.com/10-best-methods-improve-linux-security/

https://wiki.ubuntu.com/BasicSecurity

https://computingforgeeks.com/enforce-strong-user-password-policy-ubuntu-debian/

http://www.deer-run.com/~hal/linux_passwords_pam.html

https://poweruphosting.com/blog/ubuntu-security/

https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1604-lts-server-part-1-basics

https://linux-audit.com/ubuntu-server-hardening-guide-quick-and-secure/

http://bhami.com/rosetta.html

https://www.tecmint.com/photorec-recover-deleted-lost-files-in-linux/