Debian 5 Hardening Tips

1,061 views
990 views

Published on

Hardening tips for Debian Linux deployment

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,061
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Debian 5 Hardening Tips

  1. 1. # apt-get install openssh-client openssh-server # ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub 2048 44:c3:7c:1e:0c:f6:24:82:2f:b7:f8:83:93:1f:08:13 /etc/ssh/ssh_host_rsa_key.pub # What to do when CTRL-ALT-DEL is pressed. #ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now ca:12345:ctrlaltdel:/usr/bin/logger -s -p auth.notice -t Protocol 2 [INIT] Port 222 quot;CTRL+ALT+DEL caught but ignored! This is not a SilentDeny yes Windows(r) machine.quot; PasswordAuthentication no PermitRootLogin no RSAAuthentication yes AllowedAuthentications publickey RequiredAuthentications publickey MaxStartups 2 LoginGraceTime 30 IdleTimeout 15m Ciphers anycipher Ciphers anystdcipher ForwardAgent no Forward X11 no /sbin/iptables -L /etc/hosts.allow /etc/hosts.deny. This manual is free software; you may redistribute it and/or modify it under the terms of the GNU General Public License (http://www.debian.org/releases/stable/amd64/apf.html.en)
  2. 2. password --md5 passwordhash # /etc/init.d/openbsd-inetd stop Securing Debian Manual ,” http://www.debian.org/doc/manuals/securing-debian- howto/. # update-rc.d -f openbsd-inetd remove # vi /etc/issue *********************Warning********************* Authorized uses only. All activity may be monitored and reported. ************************************************* serveur:~# apt-get update [...] serveur:~# apt-get dist-upgrade # /etc/fstab: static file system information. [...] /dev/ida/c1d1p3 /home ext3 defaults,nosuid 0 2 /dev/ida/c1d1p1 /srv ext3 defaults 0 2 /dev/ida/c1d1p2 /tmp ext3 defaults,nosuid 0 2 /sbin/grub-md5-crypt. [...] apt-get remove --purge acpid dhcp3-common dhcp3-client klogd

×