15. Enforcing Stronger Passwords
Ø Most of the users use
default/weak password, which are very vulnerable to the brute-force or
Ø Users should provide stronger
Ø ‘pam_cracklib’ module in
PAM(Pluggable Authentication Module) will force the user to set stronger
Ø Open the file in editor : # vi /etc/pam.d/system-authØ Add line using credit parameters : /lib/security/$ISA/pam_cracklib.so retry=3 minlen=8 lcredit=-1 ucredit=-2 dcredit=-2 ocredit=-1 (lcredit, ucredit, dcredit and/or ocredit respectively lower-case, upper-case, digit and other)
16. Enable Iptables (Firewall)
Ø Usage of Firewall is highly
Ø You can apply rules in iptables
to filter the incoming and outgoing packects
Ø We can specify the source and
destination address to whether allow or deny in specific udp/tcp port number based upon their trust and necessity
17. Disable Ctrl+Alt+Delete in Inittab
Ø In most of the Linux variants, by
pressing ‘CTRL + ALT + DEL’ will reboot the system
Ø It is not good if it reboots in
middle when you press this combination by mistake
Ø This is defined in ‘/etc/inittab’ .
# Trap CTRL-ALT-DELETE
-t3 -r now
Ø here ‘CTRL + ALT + DEL’ is not commented. To
avoid rebooting when we press this combination we should comment it
18. Checking Accounts for Empty Passwords
Ø If any user has kept no password
for his account then it’s open for all
Ø If there is no password attacker
can easily get the access
Ø User should keep the strong
password to avoid dictionary attack
19. Display SSH Banner Before Login
Ø It is better to display some
banner with some legal warnings before SSH authentications
20. Monitor User Activities
Ø When we are dealing with lots of users, its
important to collect information of each user activites and process consumed by
them and analyse them at later time or in case of any security issues.
Ø But how we can monitor and collect user activities
Ø There are 2 useful tools called ‘psacct’ and
‘acct’ are used to monitoring user activities an processes on a system.
Ø These tools will be tracking the user
activities and processes in the behind by services such as Apache, Mysql, SSH,FTP.
21. Review Logs Regularly
Ø Move logs in dedicated log servers,
this may prevents intruders to easily modify local logs. Below are the common
linux default log file names and its usage.
/var/log/message – Where whole system logs or current activity logs are available.
/var/log/auth.log – Authentication logs.
/var/log/kern.log – Kernel logs.
/var/log/cron.log – Crond logs (cron job).
/var/log/maillog – Mail server logs.
/var/log/boot.log – System boot log.
/var/log/mysqld.log – MySQL database server log file.
/var/log/secure – Authentication log.
/var/log/utmp or /var/log/wtmp : Login records file.
/var/log/yum.log: Yum log files.
22. Important file Backup
Ø It is necessary to take important files
backup and keep them in safety vault, remote site or off-site for Disaster
23. NIC Bonding
2 types of mode in NIC bonding.
1. Mode=0 – Round robin
2. Mode=1 – Active and back up
Ø NIC bonding helps us to avoid single point of
Ø We bond 3 or more network Ethernet cards
together to make one single virtual interface where we can assign IP address to
talk with each other servers.
Ø Network will be ON in case of one NIC card is
down or unavailable due to any reason.
24. Keep /boot as read-only
Ø Linux kernel and its related files are in /boot
directory which is by default as read-write. If we change it into read only
reduces the risk of unauthorized modification of critical boot files. To do
this open “/etc/fstab” file.
# vi /etc/fstab
Ø Add the following line at the bottom, save it and
ext2 defaults,ro 1 2
25. Ignore ICMP or Broadcast Request
Ø Add following line in
“/etc/sysctl.conf” file to ignore ping or broadcast request.
Ignore ICMP request:
Ø Load new settings or changes, by
running following command