How to Secure Ubuntu 12.04

This is just a list of a few tweaks and apps you can use to secure your Ubuntu 12.04 LTS system (These also apply to other versions of Ubuntu). These are definitely worth implementing on any system that may be accessible from the internet.

1. Secured Shared Memory

  • By default /dev/shm is mounted as read/write and the default permissions allow execute on programs, and many times httpd is attacked this way. So let’s secure this by making the following changes
    • sudo nano /etc/fstab
    • tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0
  • This will mount /dev/shm as read/write, but no execute and no permission to change the UID of a running program.

2. Harden SSH

  • The best way to secure SSH is to disable root login and change the standard port tcp/22 to another port number.
  • We can do this by the following.
    • sudo nano /etc/ssh/sshd_config
    • Port <change to another port other than 22>
    • PermitRootLogin no
  • Restart sshd
    • sudo /etc/init.d/ssh restart

3. Prevent IP Spoofing

  • sudo nano /etc/host.conf
  • nospoof on (add this line to the end of the file)

4. Log scanner and banning suspicious hosts

  • Install DenyHosts and Fail2Ban
    • sudo apt-get install denyhosts fail2ban
  • sudo nano /etc/denyhosts.conf
  • modify the mail settings as needed
    • sudo nano /etc/fail2ban/jail.conf
      • Enable or disable the services you want to use by changing enabled = true or enabled=false
      • Also change the SSH port if you changed from the default port of 22 from the above section on hardening SSH
    • sudo /etc/init.d/fail2ban restart

5. IDS (Intrusion Detection System)

  • We will use PSAD for Intrusion Detection
    • sudo apt-get install psad
  • Create IPTables rules so PSAD will scan the logs
    • sudo iptables -A INPUT -j LOG
    • sudo iptables -A FORWARD -j LOG
    • sudo nano /etc/psad/psad.conf (Reference this link for more settings that can be changed within the psad.conf file)
      • change the following line IPT_SYSLOG_FILE             /var/log/messages; to IPT_SYSLOG_FILE             /var/log/syslog;
  • Reload psad
    • sudo psad -R && sudo psad –sig-update && sudo psad -H

6. Rootkit checking tools

  • We will use chkrootkit and rkhunter. Both of these tools can be used together.
    • sudo apt-get install chkrootkit rkhunter
    • sudo chkrootkit
    • sudo rkhunter –update
    • sudo rkhunter –propupd
    • sudo rkhunter –check

7. Log analysis

  • We are going to use logwatch for this
    • sudo apt-get install logwatch libdate-manip-perl
  • follow the steps here to finish the installation of logwatch

8. System Audit Security

  • We will be using tiger to do this.
    • sudo apt-get install tiger
Technorati Tags: ,,

Leave a Reply

Your email address will not be published. Required fields are marked *