Scribd
Upload
86 views

Cse Linux Ubuntu

This document provides instructions for hardening a Linux system. It includes steps to strengthen passwords by implementing complexity rules and minimum length, preventing reuse of previous passwords, and setting password aging policies. It also details how to block USB ports and configure a firewall. The document recommends upgrading packages to the latest versions, checking for open connections, and potential future enhancements like configuring time synchronization and updating the system if packages are not reset.

Uploaded by

api-587534219
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
86 views

Cse Linux Ubuntu

This document provides instructions for hardening a Linux system. It includes steps to strengthen passwords by implementing complexity rules and minimum length, preventing reuse of previous passwords, and setting password aging policies. It also details how to block USB ports and configure a firewall. The document recommends upgrading packages to the latest versions, checking for open connections, and potential future enhancements like configuring time synchronization and updating the system if packages are not reset.

Uploaded by

api-587534219
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

Linux Hardening

Mark (202891C)
Table of contents

• Page 3-7:Password hardening


• Page 8-9: Block USB port
• Page 10: Firewall
• Page 11:Upgrade Ubuntu Packages
• Page 12: Checking connections in the system
Password Complexity

cisco@ubuntu:~$ sudo apt-get install libpam-pwquality


cisco@ubuntu:~$ sudo nano /etc/pam.d/common-password
password requisite pam_pwquality.so retry=3 ucredit=-1 dcredit=-1 ocredit=-1 minclass=2
[ucredit: uppercase, dcredit: lowercase, ocredit: other letters, minclass: min num of classes of characters(1,a,$)]
Password Minimum Length

cisco@ubuntu:~$ sudo nano /etc/pam.d/common-password


password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 minlen=5
Remember Previous Passwords

• cisco@ubuntu:~$ sudo nano /etc/pam.d/common-password


• password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass
sha512 minlen=5 remember=5
Password Aging (New users)
cisco@ubuntu:~$ sudo nano /etc/login.defs
PASS_MAX_DAYS 14
PASS_MIN_DAYS 1
PASS_WARN_AGE 5
Password Aging (Old users)

cisco@ubuntu:~$ sudo chage –M 14 (username)[max]


cisco@ubuntu:~$ sudo chage –m 1 (username)[min]
cisco@ubuntu:~$ sudo chage –W 5 (username)[warn]
cisco@ubuntu:~$ sudo chage –l (username)[show settings]
Block USB port

Code:
• cisco@ubuntu:~$ sudo vim /etc/modprobe.d/blacklist.conf
• blacklist usb-storage
• cisco@ubuntu:~$ sudo vim /etc/rc.local
• modprobe -r usb-storage
In /etc/modprobe.d/blacklist.conf using vim

In /etc/rc.local
Activate Firewall • Ufw: Uncomplicated Firewall
Was previously downloaded but
not activated.
Upgrade Ubuntu • cisco@ubuntu:~$ sudo apt-get upgrade (update
packages)
packages to latest • cisco@ubuntu:~$ sudo apt-get update (check updates)

version
Check connections in the system (method)

• cisco@ubuntu:~$ netstat –antp


• To see if there are any connections to the server that are not authorised or not needed.
Future enhancements

• Set the time to automatically get from outside the vm for an accurate time and date to
use other resources in the vm like firefox.
• If the update does not reset my progress, update the ubuntu server.
Thank you

You might also like