CIS 290 LINUX Security - PowerPoint PPT Presentation

About This Presentation
Title:

CIS 290 LINUX Security

Description:

CIS 290 LINUX Security Basic OS Hardening Procedures Physical security Lock it up! BIOS Password Disable BIOS alternate boot devices Disable interactive boot: vi /etc ... – PowerPoint PPT presentation

Number of Views:50
Avg rating:3.0/5.0
Slides: 5
Provided by: RRDonn7
Learn more at: https://www.oakton.edu
Category:

less

Transcript and Presenter's Notes

Title: CIS 290 LINUX Security


1
CIS 290LINUX Security
  • Basic OS Hardening Procedures

2
Physical security
  • Lock it up!
  • BIOS Password
  • Disable BIOS alternate boot devices
  • Disable interactive boot
  • vi /etc/sysconfig/init
  • PROMPTno
  • Password protected GRUB boot
  • Console locking yum install vlock, xlock
  • Lock desktop GUI, or no Xwindows at all.
  • Disable Ctrl/Alt/Del (procedure varies)

3
Software maintenance
  • Install Red Hat GPG key from installation CD-ROM
    or DVD.
  • rpm --import /mnt/cdrom/RPM-GPG-KEY
  • Display a list of all keys installed for RPM
    verification
  • rpm -qa gpg-pubkey
  • Display specific key
  • rpm -qi gpg-pubkey-db4 2a60e-37ea5438
  • Verify package keys
  • rpm -K /root/updates/.rpm
  • Automatic GPG signature verification enabled
    under the main section of your /etc/yum.conf
  • gpgcheck1
  • Cleanup Yum Repositories. Only what you need.
  • Remove unneeded software.

4
Filesystem security
  • Mount options (-o ) noexec (especially /tmp),
    nosetuid, nosuid, ro (!)
  • Encrypted File System (Dangerous), TruCrypt
    containers , encrypted hardrive (hardware,
    software)
  • Noowner Files
  • find /dir -xdev \( -nouser -o -nogroup \) print
  • World-Writable Files
  • find /dir -xdev -type d \( -perm -0002 -a !
    -perm -1000 \) -print
  • Disable Unwanted SUID and SGID Binaries
  • See all set user id filesfind / -perm 4000
    See all group id filesfind / -perm 2000 Or
    combine both in a single commandfind / \( -perm
    -4000 -o -perm -2000 \) -printfind / -path
    -prune -o -type f -perm 6000 ls
Write a Comment
User Comments (0)
About PowerShow.com