Cyber Patriot Lecture Series
How to Secure Ubuntu 16 From Outside Threats
1
2
Discussion Topics
1. Brief overview of file system layout2. Brief overview of logs files3. General Security Settings overview4. Built-in command to know5. Q&A
3
File System
/ --root, top of file system /dev, /devices –contains files use to talk to system
devices /usr –primarily OS directory, read-only /bin , /usr/bin , /usr/local, /opt --executable program
directories /home , /export/home – user home directory/files /var – log files, temp queues for system services /tmp – temp file space /swap – secondary memory location /mnt – temporary mount points for cd, usb, others
Log Files and Uses /var/log
Utmp*: Complete user login pictureWtmp*: historical data of utmpBtmp: failed login attemptsDmesg: Display or driver messagesMessages: Global system messages including mail, cron, etc—syslog on
some systemsMaillog: Mailserver logsAuth: Authentication related events such as ssh logins, failed passwords, invalid account attempts—secure log on some systems.Kern:Cron:
*Only readable with who, last or utmpdump commands
5General Security Considerations
Encrypt hard-drives Update Operating System
Clean old versions, packages Only install applications/services required
Protect shared memory and ASLR Use strong passwords and passphrases
Enforce requirements-- strength, aging, reuse, etc Use a firewall, AV and rootkit detection
Prevent IP spoofing Do not allow root login, use sudo Use least privilege Use bios passwords Secure the browser
6Encrypt file system during install
Update Operating System
7Address Space Layout Randomization (ASLR)
ldd /bin/bash – command to show memory address usedsudo sysctl -ar random – view kernel settings for keyword randomsudo sysctl -w kernel.randomize_va_space=0 – disable to show difference
8
Enforcing Password Complexity Rules
>sudo apt-get -y install libpam-pwquality cracklib-runtime>sudo vi /etc/pam.d/common-passwordpassword requisite pam_pwquality.so retry=3 minlen=10 maxrepeat=3 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 difok=3 gecoscheck=1 maxsequence=3 reject_username enforce_for_rootpassword requisite pam_pwhistory.so remember=10
>sudo /etc/pam.d/common-authauth required pam_tally2.so onerr=fail per_user deny=5 unlock_time=1800 no_magic_root reset
9Meaning of each parameter:
retry=3: Prompt a user 3 times before returning with error.minlen=10 : The password length cannot be less than this parametermaxrepeat=3: Allow a maximum of 3 repeated charactersucredit=-2 : Require at least two uppercase characterlcredit=-2 : Must have at least two lowercase character.dcredit=-2 : must have at least two digitocredit=-2 : must have at least two other charactersdifok=3 : The number of characters in the new password that must not have been present in the old password.gecoscheck=1: Words in the GECOS field of the user’s passwd entry are not contained in the new password.reject_username: Rejects the password if contains the name of the user in either straight or reversed form.enforce_for_root: Enforce password policy for root userremember=10 : store history of last 10 passwordsonerr=fail : what to do when max deny reached (fail = lock)deny=5 : 5 attempts before lockingunlock_time=1800 : auto-unlock after timeno_magice_root : do not lockout root, prevents DoS on root.
10
Example Screenshot
11
Additional Password Settings
1. Log sudo use.2. Log successful and unknown attempts.3. Password aging and time between changes
12
Install Anti-Malware
>sudo apt-get -y install clamav clamtk
13
Install Rootkit detection
>sudo apt-get -y install chkrootkit rkhunter
14
Security Configuration/Hardening Tools
SELinux AppArmor Grsecurity Bastille Lynis
15
File Integrity Monitoring/HIDS Tools
OSSEC – Open Source HIDS SECurity
AIDE – Advanced Intrusion Detection Environment opensource Tripwire
samhain
16
Vulnerability Scanners
Nessus Essentials (formerly Nessus Home)
OpenVAS
Zenmap
Nexpose
17
Built-in Commands and Tools
pwd – present working directory ps – list current process ls – list directory contents stat – display file status file – determine file type netstat – network statistics, connections, interfaces, tables ifconfig – show interface information uname – system information dig – DNS lookup utility top – display detailed process information last – show last login information whoami, who, id – shows information on the current user man – reference manual (help pages) for commands
18
lsof – list open files
19
Server and Other Considerations
SSH configurationsNTP configurationsDNS configurationsWeb server configurations
20
Questions ??
21Additional Resources and References
https://www.comparitech.com/blog/information-security/linux-security-guide/
https://sensorstechforum.com/10-best-methods-improve-linux-security/
https://wiki.ubuntu.com/BasicSecurity
https://computingforgeeks.com/enforce-strong-user-password-policy-ubuntu-debian/
http://www.deer-run.com/~hal/linux_passwords_pam.html
https://poweruphosting.com/blog/ubuntu-security/
https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1604-lts-server-part-1-basics
https://linux-audit.com/ubuntu-server-hardening-guide-quick-and-secure/
http://bhami.com/rosetta.html
https://www.tecmint.com/photorec-recover-deleted-lost-files-in-linux/