How to Secure Ubuntu 12.04

1 minute read

This is just a list of a few tweaks and apps you can use to secure your Ubuntu 12.04 LTS system (These also apply to other versions of Ubuntu). These are definitely worth implementing on any system that may be accessible from the internet.

Secured Shared Memory

NOTE: By default /dev/shm is mounted as read/write and the default permissions allow execute on programs, and many times httpd is attacked this way. So let’s secure this by making the following changes

sudo nano /etc/fstab
tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0

NOTE: This will mount /dev/shm as read/write, but no execute and no permission to change the UID of a running program.

Harden SSH

NOTE: The best way to secure SSH is to disable root login and change the standard port tcp/22 to another port number.

We can do this by the following.

sudo nano /etc/ssh/sshd_config
Port # <change to another port other than 22>
PermitRootLogin no

Restart sshd

sudo /etc/init.d/ssh restart

Prevent IP Spoofing

sudo nano /etc/host.conf
nospoof on #add this line to the end of the file

Log scanner and banning suspicious hosts

Install DenyHosts and Fail2Ban

sudo apt-get install denyhosts fail2ban
sudo nano /etc/denyhosts.conf

modify the mail settings as needed

sudo nano /etc/fail2ban/jail.conf

Enable or disable the services you want to use by changing enabled = true or enabled=false Also change the SSH port if you changed from the default port of 22 from the above section on hardening SSH

sudo /etc/init.d/fail2ban restart

IDS (Intrusion Detection System)

We will use PSAD for Intrusion Detection

sudo apt-get install psad

Create IPTables rules so PSAD will scan the logs

sudo iptables -A INPUT -j LOG
sudo iptables -A FORWARD -j LOG_
sudo nano /etc/psad/psad.conf

NOTE: Reference this link for more settings that can be changed within the psad.conf file_)

change the following line _IPT_SYSLOG_FILE          

/var/log/messages;_ to _IPT_SYSLOG_FILE            
/var/log/syslog;_

Reload psad

sudo psad -R && sudo psad --sig-update && sudo psad -H_

Rootkit checking tools

We will use chkrootkit and rkhunter. Both of these tools can be used together.

sudo apt-get install chkrootkit rkhunter
sudo chkrootkit
sudo rkhunter --update
sudo rkhunter --propupd
sudo rkhunter --check

Log analysis

We are going to use logwatch for this

sudo apt-get install logwatch libdate-manip-perl

Follow the steps here to finish the installation of logwatch

System Audit Security

We will be using tiger to do this.

sudo apt-get install tiger

Updated:

Leave a comment