This document provides instructions for hardening the security of an Ubuntu 12.04 LTS server by configuring firewall rules with UFW, securing SSH access, restricting access to su, hardening PHP and Apache configurations, installing intrusion detection tools like PSAD and Fail2Ban, and scanning for rootkits with RKHunter and CHKRootkit. The 18 steps outlined include configuration of sysctl settings, Bind9 DNS, ModSecurity, and auditing tools like LogWatch and Tiger.
Martin Čmelík
Security-Portal.cz, Securix.org
http://www.security-session.cz
Přednáška: Hardening Linuxových systemů a představení distribuce Securix GNU/Linux
Přednáška se bude věnovat možnostem zabezpečení Linuxových systémů od té nejnižší až po aplikační vrstvu. Představí možnosti zvýšení bezpečnosti použitelných na všech linuxových distribucích až po MLS (Multi-Level Security) systémy typu Grsec a PaX, které jsou schopné detailního vymezení opravnění a přístupu k resourcům každé aplikace.
Recommended Software and Modifications for Server SecurityHTS Hosting
Certain scripts and software are recommended for ensuring the security of a server. These include some modifications and third-party software that can be installed for gaining enhanced server security.
Martin Čmelík
Security-Portal.cz, Securix.org
http://www.security-session.cz
Přednáška: Hardening Linuxových systemů a představení distribuce Securix GNU/Linux
Přednáška se bude věnovat možnostem zabezpečení Linuxových systémů od té nejnižší až po aplikační vrstvu. Představí možnosti zvýšení bezpečnosti použitelných na všech linuxových distribucích až po MLS (Multi-Level Security) systémy typu Grsec a PaX, které jsou schopné detailního vymezení opravnění a přístupu k resourcům každé aplikace.
Recommended Software and Modifications for Server SecurityHTS Hosting
Certain scripts and software are recommended for ensuring the security of a server. These include some modifications and third-party software that can be installed for gaining enhanced server security.
Presentation from 2008. Compares Lighttpd .vs Apache for static content. Discovery session for scaling http://www.imagesocket.com during it's peak popularity.
This is really old and /outdated/ at this point.
Server security is something that should never be overlooked. One day or another, chances are your server will be under attack and the integrity of your data will be at risk, not mentioning you may lose potential and existing customers in the process. By : http://mazaseo.net
What is squid? What is a proxy server? how it works.., What squid can offer??, How you get a fast internet access using caching server,,
you can download this ppt
Presentation from 2008. Compares Lighttpd .vs Apache for static content. Discovery session for scaling http://www.imagesocket.com during it's peak popularity.
This is really old and /outdated/ at this point.
Server security is something that should never be overlooked. One day or another, chances are your server will be under attack and the integrity of your data will be at risk, not mentioning you may lose potential and existing customers in the process. By : http://mazaseo.net
What is squid? What is a proxy server? how it works.., What squid can offer??, How you get a fast internet access using caching server,,
you can download this ppt
Installation of Odoo 16 on Ubuntu 20.04 LTS | CybrosysCeline George
This slide will represent the installation aspects of Odoo 16 in an Ubuntu server 20.04 LTS and will help to understand its process.
Update Ubuntu: Start by updating the Ubuntu system with the following command:
sql
sudo apt update && sudo apt upgrade
Install Dependencies: Next, install the dependencies required for Odoo 16 with the following command:
sudo apt install git python3-pip build-essential wget python3-dev python3-venv python3-wheel libfreetype6-dev libxml2-dev libzip-dev libldap2-dev libsasl2-dev libssl-dev libjpeg-dev libpq-dev
Install PostgreSQL: Odoo 16 requires PostgreSQL as a database. Install PostgreSQL using the following command:
sudo apt install postgresql
Basic Security
@ Updates
-Update manager
-Enable automatic security updates(Update Setting)
=> Super windows => type the key word (System Setting) =>
@ Firewall
-In Ubuntu all ports are block by default
-Default firewall-ufw (turned off by default)
+sudo ufw status
+sudo ufw enable/disable
-Firestarter for graphical interface (recommanded)
+sudo apt-get install firestarter
+Preferences
@ User Accounts
-User & Groups
+Disable user guest
-Do not use root user (Disable by default)
+sudo passwd
+sudo passwd -l root (disable/changed expiry password)
-Use sudo instead of root (/etc/sudoers)
+sudo visudo OR sudo gedit /etc/sudoers(To set the privilege user authorized)
+sudo adduser tolaleng sudo
-Deleting Users
+sudo deluser canamall
-Removing world readable permission to home directory
+sudo chmod 0750 /home/username
-Locking/Unlocking user
+sudo passwd -l username (enable user expiry)
+sudo passwd -u username (disable user expiry)
-passwords
+sudo chage canamall (Set the password expiration)
+sudo chage-l canamall (show the password expiration)
@ Antivirus
-Clam TK (Under Accessories), other anti-virus
@ Unistall Applications
-Ubuntu Software Center-> Installed software section-> Select application and click remove
@ Processes
-To see processes
+ps aux or top
+system monitor(cacti, nagios,)
-
@ Logs
-Some of logs
+ /var/log/messages : general log messages
+ /var/log/boot : system boot log
+ /var/log/debug/ : debugging log messages
+ /var/log/auth.log : user login and authentication logs
+ /var/log/daemon.log : running services such as squid,ntpd and other log message to this file
+ /var/log/kern.log : kernel log file
-Viewing logs
+ tail, more, cat, less, grep
+ GNOME system log viewer
@Firewall
ufw
=> Security Host
* Create Standard User and enable user passwd (complexity password, strong passwd, passwd expired, invalid day of passwd, Lock and Unlock user, disable user Guest, )
* Secure remote network and host
-Telnet(Secure with the host and address connection)
-SSH (Secure with the authentication encryption key)
=> Security Backup (Data Hosting)
*Make a Full Backup of Your Machine
-Aptik (backup application)
-rsync (Remote synce)
-Gsync (Remote)
-Amanda
-Rsnapshot
Odoo 15 introduces exciting new features, a better user experience, and performance enhancements. The database management system in Odoo 15 needs Python 3.8 and PostgreSQL. Let's get this party started right away.
Webinar Slides: New Tungsten Dashboard - Overview, Installation and ArchitectureContinuent
Tungsten Dashboard is our graphical user interface (GUI) for managing your Tungsten MySQL clusters interactively using a web browser, on your desktop, laptop, tablet or mobile. In our session, we'll provide a Tungsten Dashboard overview and discuss architecture, pre-requisites and security limitations.
AGENDA
- Configure the Tungsten Cluster Manager API
- Install and configure the Tungsten Dashboard
- Configure the Apache 2.4 web server
- Test connectivity to the Tungsten Manager API directly
- Install and configure HA proxy
- Test connectivity to the Tungsten Manager API via HA proxy
- Access the Tungsten Dashboard via a browser
Training Slides: Basics 106: Tungsten Dashboard Overview, Installation and Ar...Continuent
In this training session, we'll provide a Tungsten Dashboard overview and discuss architecture, pre-requisites and security limitations. A simple GUI management tool for Tungsten Clustering for MySQL / MariaDB / Percona Server, the Dashboard is usually installed on a standalone web server with HAProxy installed. This training session uses an example of a 6-node composite cluster.
AGENDA
- Tungsten Dashboard Welcome
- Tungsten Dashboard Overview
- Tungsten Dashboard Prerequisites
- Tungsten Dashboard Security Limitations
- Configure the Tungsten Cluster Manager API
- Test Connectivity to the Tungsten Manager API Directly
- Install the Tungsten Dashboard
- Install and Configure the Apache 2.4 Web Server
- Configure the Tungsten Dashboard
- Install and Configure HAProxy
- Test Connectivity to the Tungsten Manager API via HAProxy
- Access the Tungsten Dashboard GUI via a Browser
Supercharging your PHP pages with mod_lsapi in CloudLinux OSCloudLinux
We’ve got big news - mod_lsapi is the fastest and most reliable way to serve PHP pages with Apache. It is a drop-in replacement for SuPHP, FCGID, RUID2, and ITK, has a low memory footprint and understands PHP directives from .htaccess files. It also supports PHP accelerators. It is fully compatible with PHP Selector, which allows end users to select the specific version of PHP they need. Here, learn more about this new production-ready feature, how it works and why it is so powerful.
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...JohnWilson47710
The first Virtual Machine should be installed and have the BIND (DNS) server installed on it. While you do not own any address space/ name space your name server should manage the following domains:
The name server should answer queries for this domain. In addition to the saffioti.org.au zone, a zone should be set up for the reverse zone – the reverse zone would be whatever the address range is of your virtual machine. You should do some research on how Bind handles reverse zones. Visit: https://myassignmenthelp.com/free-samples/infs5907-managing-security-and-ethics-in-cyberspace/when-implementing-the-virtual-machines.html
Simple tips to improve Server SecurityResellerClub
Simple tips to improve Server Security
In these times, it’s very essential to secure your servers from the outside as well as from customers using the server. This session will show some basic methods on how to protect your server(s).
Pulkit Gupta
CEO & Chief Architect
Softaculous
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
How to secure ubuntu 12.04
1. How to secure an Ubuntu 12.04 LTS server -
Part 1 The Basics
This guide is based on various community forum posts and webpages. Special thanks to all. All comments
and improvements are very welcome as this is purely a personal experimental project at this point and
must be considered a work in progress.
This guide is intended as a relatively easy step by step guide to:
Harden the security on an Ubuntu 12.04 LTS server by installing and configuring the following:
1. Install and configure Firewall - ufw
2. Secure shared memory - fstab
3. SSH - Disable root login and change port
4. Protect su by limiting access only to admin group
5. Harden network with sysctl settings
6. Disable Open DNS Recursion and Remove Version Info - Bind9 DNS
7. Prevent IP Spoofing
8. Harden PHP for security
9. Restrict Apache Information Leakage
10.Install and configure Apache application firewall - ModSecurity
11.Protect from DDOS (Denial of Service) attacks with ModEvasive
12.Scan logs and ban suspicious hosts - DenyHosts and Fail2Ban
13.Intrusion Detection - PSAD
14.Check for RootKits - RKHunter and CHKRootKit
15.Scan open Ports - Nmap
16.Analyse system LOG files - LogWatch
17.SELinux - Apparmor
18.Audit your system security - Tiger
If you are looking for a GUI script to install and configure all the steps explained here automatically,
visit How to secure an Ubuntu 12.04 LTS server - Part 2 The GUI Installer script
Requirements:
• Ubuntu 12.04 LTS server with a standard LAMP stack installed.
2. 1. Firewall - UFW
• A good place to start is to install a Firewall.
• UFW - Uncomplicated Firewall is a basic firewall that works very well and easy to configure with its
Firewall configuration tool - gufw, or use Shorewall, fwbuilder, or Firestarter.
• Use Firestarter GUI to configure your firewall or refer to the Ubuntu Server Guide, UFW manual pages or
the Ubuntu UFW community documentation.
• Install UFW and enable, open a terminal window and enter :
sudo apt-get install ufw
sudo ufw enable
• Check the status of the firewall.
sudo ufw status verbose
• Allow SSH and Http services.
sudo ufw allow ssh
sudo ufw allow http
2. Secure shared memory.
• /dev/shm can be used in an attack against a running service, such as httpd. Modify /etc/fstab to make it
more secure.
• Open a Terminal Window and enter the following :
sudo vi /etc/fstab
• Add the following line and save. You will need to reboot for this setting to take effect :
tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0
3. SSH Hardening - disable root login and change port.
• The easiest way to secure SSH is to disable root login and change the SSH port to something different
than the standard port 22.
• Before disabling the root login create a new SSH user and make sure the user belongs to the admin
group (see step 4. below regarding the admin group).
• If you change the SSH port also open the new port you have chosen on the firewall and close port 22.
• Open a Terminal Window and enter :
sudo vi /etc/ssh/sshd_config
3. • Change or add the following and save.
Port <ENTER YOUR PORT>
Protocol 2
PermitRootLogin no
DebianBanner no
• Restart SSH server, open a Terminal Window and enter :
sudo /etc/init.d/ssh restart
4. Protect su by limiting access only to admin group.
• To limit the use of su by admin users only we need to create an admin group, then add users and limit the
use of su to the admin group.
• Add a admin group to the system and add your own admin username to the group by replacing <YOUR
ADMIN USERNAME> below with your admin username.
• Open a terminal window and enter:
sudo groupadd admin
sudo usermod -a -G admin <YOUR ADMIN USERNAME>
sudo dpkg-statoverride --update --add root admin 4750 /bin/su
5. Harden network with sysctl settings.
• The /etc/sysctl.conf file contain all the sysctl settings.
• Prevent source routing of incoming packets and log malformed IP's enter the following in a terminal
window:
sudo vi /etc/sysctl.conf
• Edit the /etc/sysctl.conf file and un-comment or add the following lines :
# IP Spoofing protection
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
5. # Ignore ICMP redirects
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
# Ignore Directed pings
net.ipv4.icmp_echo_ignore_all = 1
• To reload sysctl with the latest changes, enter:
sudo sysctl -p
6. Disable Open DNS Recursion and Remove Version Info - BIND DNS Server.
• Open a Terminal and enter the following :
sudo vi /etc/bind/named.conf.options
• Add the following to the Options section :
recursion no;
version "Not Disclosed";
• Restart BIND DNS server. Open a Terminal and enter the following :
sudo /etc/init.d/bind9 restart
7. Prevent IP Spoofing.
• Open a Terminal and enter the following :
sudo vi /etc/host.conf
• Add or edit the following lines :
6. order bind,hosts
nospoof on
8. Harden PHP for security.
• Edit the php.ini file :
sudo vi /etc/php5/apache2/php.ini
• Add or edit the following lines an save :
disable_functions = exec,system,shell_exec,passthru
register_globals = Off
expose_php = Off
display_errors = Off
track_errors = Off
html_errors = Off
magic_quotes_gpc = Off
• Restart Apache server. Open a Terminal and enter the following :
sudo /etc/init.d/apache2 restart
9. Restrict Apache Information Leakage.
• Edit the Apache2 configuration security file :
sudo vi /etc/apache2/conf.d/security
• Add or edit the following lines and save :
ServerTokens Prod
ServerSignature Off
TraceEnable Off
Header unset ETag
7. FileETag None
• Restart Apache server. Open a Terminal and enter the following :
sudo /etc/init.d/apache2 restart
10. Web Application Firewall - ModSecurity.
• See : How to install apache2 mod_security and mod_evasive on Ubuntu 12.04 LTS server
11. Protect from DDOS (Denial of Service) attacks - ModEvasive
• See : How to install apache2 mod_security and mod_evasive on Ubuntu 12.04 LTS server
12. Scan logs and ban suspicious hosts - DenyHosts and Fail2Ban.
• DenyHosts is a python program that automatically blocks SSH attacks by adding entries to
/etc/hosts.deny. DenyHosts will also inform Linux administrators about offending hosts, attacked users
and suspicious logins.
• Open a Terminal and enter the following :
sudo apt-get install denyhosts
• After installation edit the configuration file /etc/denyhosts.conf and change the email, and other
settings as required.
• To edit the admin email settings open a terminal window and enter:
sudo vi /etc/denyhosts.conf
• Change the following values as required on your server :
ADMIN_EMAIL = root@localhost
SMTP_HOST = localhost
SMTP_PORT = 25
#SMTP_USERNAME=foo
#SMTP_PASSWORD=bar
SMTP_FROM = DenyHosts nobody@localhost
#SYSLOG_REPORT=YES
8. • Fail2ban is more advanced than DenyHosts as it extends the log monitoring to other services
including SSH, Apache, Courier, FTP, and more.
• Fail2ban scans log files and bans IPs that show the malicious signs -- too many password failures,
seeking for exploits, etc.
• Generally Fail2Ban then used to update firewall rules to reject the IP addresses for a specified amount of
time, although any arbitrary other action could also be configured.
• Out of the box Fail2Ban comes with filters for various services (apache, courier, ftp, ssh, etc).
• Open a Terminal and enter the following :
sudo apt-get install fail2ban
• After installation edit the configuration file /etc/fail2ban/jail.local and create the filter rules as
required.
• To edit the settings open a terminal window and enter:
sudo vi /etc/fail2ban/jail.conf
• Activate all the services you would like fail2ban to monitor by changing enabled = false to enabled = true
• For example if you would like to enable the SSH monitoring and banning jail, find the line below and
change enabled from false to true. Thats it.
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
• If you have selected a non-standard SSH port in step 3 then you need to change the port setting in
fail2ban from ssh which by default is port 22, to your new port number, for example if you have chosen
1234 then port = 1234
[ssh]
enabled = true
port = <ENTER YOUR SSH PORT NUMBER HERE>
9. filter = sshd
logpath = /var/log/auth.log
maxretry = 3
• If you would like to receive emails from Fail2Ban if hosts are banned change the following line to your
email address.
destemail = root@localhost
• and change the following line from :
action = %(action_)s
• to:
action = %(action_mwl)s
• You can also create rule filters for the various services that you would like fail2ban to monitor that is
not supplied by default.
sudo vi /etc/fail2ban/jail.local
• Good instructions on how to configure fail2ban and create the various filters can be found
on HowtoForge - click here for an example
• When done with the configuration of Fail2Ban restart the service with :
sudo /etc/init.d/fail2ban restart
• You can also check the status with.
sudo fail2ban-client status
13. Intrusion Detection - PSAD.
• Cipherdyne PSAD is a collection of three lightweight system daemons that run on Linux machines and
analyze iptables log messages to detect port scans and other suspicious traffic.
• Currently version 2.1 causes errors during install on Ubuntu 12.04, but apparently does work. Version 2.2
resolves these issues but is not yet available on the Ubuntu software repositories. It is recommended to
manually compile and install version 2.2 from the source files available on the Ciperdyne website.
• To install the latest version from the source files follow these instruction : How to install PSAD Intrusion
Detection on Ubuntu 12.04 LTS server
• OR install the older version from the Ubuntu software repositories, open a Terminal and enter the
following :
sudo apt-get install psad
10. • Then for basic configuration see How to install PSAD Intrusion Detection on Ubuntu 12.04 LTS server and
follow from step 2:
14. Check for rootkits - RKHunter and CHKRootKit.
• Both RKHunter and CHKRootkit basically do the same thing - check your system for rootkits. No harm in
using both.
• Open a Terminal and enter the following :
sudo apt-get install rkhunter chkrootkit
• To run chkrootkit open a terminal window and enter :
sudo chkrootkit
• To update and run RKHunter. Open a Terminal and enter the following :
sudo rkhunter --update
sudo rkhunter --propupd
sudo rkhunter --check
15. Scan open ports - Nmap.
• Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing.
• Open a Terminal and enter the following :
sudo apt-get install nmap
• Scan your system for open ports with :
nmap -v -sT localhost
• SYN scanning with the following :
sudo nmap -v -sS localhost
16. Analyse system LOG files - LogWatch.
• Logwatch is a customizable log analysis system. Logwatch parses through your system's logs and creates
a report analyzing areas that you specify. Logwatch is easy to use and will work right out of the package
on most systems.
• Open a Terminal and enter the following :
sudo apt-get install logwatch libdate-manip-perl
11. • To view logwatch output use less :
sudo logwatch | less
• To email a logwatch report for the past 7 days to an email address, enter the following
and replace mail@domain.com with the required email. :
sudo logwatch --mailto mail@domain.com --output mail --format html --range 'between -7
days and today'
17. SELinux - Apparmor.
• National Security Agency (NSA) has taken Linux to the next level with the introduction of Security-
Enhanced Linux (SELinux). SELinux takes the existing GNU/Linux operating system and extends it with
kernel and user-space modifications to make it bullet-proof.
• More information can be found here. Ubuntu Server Guide - Apparmor
• It is installed by default since Ubuntu 7.04.
• Open a Terminal and enter the following :
sudo apt-get install apparmor apparmor-profiles
• Check to see if things are running :
sudo apparmor_status
18. Audit your system security - Tiger.
• Tiger is a security tool that can be use both as a security audit and intrusion detection system.
• Open a Terminal and enter the following :
sudo apt-get install tiger
• To run tiger enter :
sudo tiger
• All Tiger output can be found in the /var/log/tiger
• To view the tiger security reports, open a Terminal and enter the following :
sudo less /var/log/tiger/security.report.*