Hardening Ubuntu Hardy Heron 8.04 OS
Paul Graydon
paul at paulgraydon.co.uk
Wed Aug 11 00:37:43 UTC 2010
On 08/10/2010 02:20 PM, Joe McDonagh wrote:
> On 08/10/2010 04:06 AM, Kaushal Shriyan wrote:
>> Hi
>>
>> Please refer me to a document or wiki to Harden Ubuntu Hardy Heron OS 8.04
>>
>> Thanks
>>
>> Kaushal
>>
> AFAIK there isn't one specifically for Ubuntu; it's just kind of 'apply
> best practices' type thing i.e:
>
> * lock down logins (ssh, interactive, password policy)
> * audit passwd files through scripts
> * don't run non-essential services
> * remove unnecessary packages like samba
> * so on and so forth ad infinitum
>
> Maybe there is a generic Linux hardening guide out there you can follow,
> I'm relying on some years of experience to secure my boxes.
> It's not like RHEL where government agencies use it and push for
> security of the highest levels, thereby increasing the amount of
> hardening documentation available.
>
> I'd say to start off the best thing you can do is install bastille,
> chkrootkit, OSSEC, and snort. All of those are pretty out of the box
> ready to use, save snort. For more advanced security it would be good
> for you to learn PAM and AppArmor.
>
I'd fully agree. Locking down a Linux machine is very dependent on what
it's actually doing. Routines for locking down a web server is rather
different from a file server, etc. etc. Simple rule of thumb: Deny by
default, permit grudgingly. Disable (and later delete if proven
unnecessary) and accounts that aren't needed on the machine. Disable
every unused service, and ultimately look to removing them off the
server if they have no purpose being on there (e.g. cups if it's not a
print server). The list goes on!
There are plenty of good results that come up here:
http://lmgtfy.com/?q=linux+server+hardening+steps
Paul
More information about the ubuntu-server
mailing list