Monday, 25 June 2012

Hardening the linux server or cenos 5/6.2

How to harden the centos 5 or centos 6.2



SPRI (Priority Scheduler)
cd /root/
wget http://www.rfxn.com/downloads/spri-current.tar.gz
tar xvfz spri-*.tar.gz
cd spri-*
./install.sh
spri -v



PRM (Process Resource Monitor)
cd /root
wget http://www.rfxn.com/downloads/prm-current.tar.gz
tar xvfz prm-*.tar.gz
cd prm-*
./install.sh
prm -j




Temporary Directory Hardening
-----------------------------

/bin/cp /etc/fstab /etc/fstab.bak


Use df to check if a /tmp partition is already present.

[if no /tmp partition present]
cd /usr
dd if=/dev/zero of=/usr/tmpMnt bs=1024 count=2000000


mke2fs -j /usr/tmpMnt


cd / 
cp -R /tmp /tmp_backup 


mount -o loop,noexec,nosuid,rw /usr/tmpMnt /tmp 
chmod 0777 /tmp 
/bin/cp -R /tmp_backup/* /tmp/ 
rm -rf /tmp_backup 


nano -w /etc/fstab 




At the very bottom add 
/usr/tmpMnt /tmp ext3 loop,noexec,nosuid,rw 0 0


nano -w /etc/fstab
change “defaults” to loop,noexec,nosuid,rw
mount /tmp


rm -rf /var/tmp
ln -s /tmp /var/tmp



If a symlink is not possible, then /var/tmp is most likely also a partition. In this case, /var/tmp must be hardened with loop,noexec,nosuid,rw in fstab as well.



IF /tmp is hardened by cpanel’s /scripts/securetmp. Remove the line from /etc/rc.d/rc.local and then reboot. It will come back without a /tmp partition and then you can follow the instructions above



SSH Server Hardening
---------------------

nano -w /etc/ssh/sshd_config



Uncomment #Protocol 2, 1
Change to Protocol 2


Append these lines to the bottom:
LoginGraceTime 120 


IgnoreRhosts yes 


X11Forwarding no 




/etc/rc.d/init.d/sshd restart


DISABLE DIRECT ROOT LOGIN


If he already has an su user, good. If not:


REPLACE XXX with 3 numbers


groupadd anyuserxxx
useradd anyuserXXX –ganyuserXXX
passwd anyuserXXX
type password


nano -w /etc/group
Search for wheel, then append “anyuserxxx” 


So it should be “root,anyuserXXX”


nano -w /etc/ssh/sshd_config


PermitRootLogin no (and uncomment)


At the bottom add
AllowUsers anyuserXXX




ChkRootKit
--------------
cd /root/
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
mv chkrootkit.tar.gz /usr/local/src/
cd /usr/local/src/
tar -zxf chkrootkit.tar.gz
cd /usr/local/src/chkrootkit*
make sense
cd /root
mv /usr/local/src/chkrootkit* /usr/local/chkrootkit



cd /etc/cron.weekly

Code: Select all

#!/bin/bash


EMAIL=your@domain.com


/usr/local/chkrootkit/chkrootkit -q | mail -s "ChrootKit Scan Report - $(hostname)" $EMAIL


chmod 755 /etc/cron.weekly/chkrootkit.sh




RkHunter
------------

cd /root

wget http://space.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz

wget http://space.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz
tar -zxf rkhunter-1.3.4.tar.gz
cd rkhunter*
./installer.sh --layout default --install




cd /etc/cron.weekly

Code: Select all


#!/bin/bash

EMAIL=your@domain.com
rkhunter  -c --sk --summary -q |  mail -s "Rkhunter Scan Report - $(hostname)" $EMAIL


chmod 755 /etc/cron.weekly/rkhunter.sh




Installing CSF firewall
------

wget http://www.configserver.com/free/csf.tgz

tar -xzf csf.tgz

cd csf

sh install.sh



Next, test whether you have the required iptables modules:



perl /etc/csf/csftest.pl


3 comments:

Unknown said...

Astonishing illustration about the installation process of linux server as we generally faces the problem in installation.

Unknown said...

Hello,

The installation packages where upgraded over period of time where the packages are being changes.

kindly follow these two url for the chkrootkit and rkhunder.

http://sourceforge.net/projects/rkhunter/

http://www.chkrootkit.org/download.htm


---
Hemanth

Unknown said...

This is extremely helpful for me as i have problem in hardening centos in linux operating system