Cybersecurity

10.2 Project 1 Day 2 Activity Guide

Project 1 Day 2 Scenario:

Today, you will continue to play the role of a security professional tasked with auditing
and hardening a Linux server owned by BSC.

Today’s focus is on BSC’s Linux server’s SSH settings, system packages, services, and
logging configurations:

● (1) Auditing and securing SSH

● (2) Reviewing and updating system packages
● (3) Disabling unnecessary services
● (4) Enabling and configuring logging

Instructions
Lab access:
Please return to your same lab used in the previous class

To return to the lab, run the following command to reconnect:

To connect to the container: sudo docker exec -it project1_v4 /bin/bash

If the lab doesn’t connect, run the following 2 commands:

1. To start the container: sudo docker start project1_v4

2. To connect to the container: sudo docker exec -it project1_v4 /bin/bash

© 2024 edX Boot Camps LLC. Confidential and Proprietary. All Rights Reserved.
If the lab doesn’start, you can rebuild the lab with the following 2 commands:

3. To start the container: sudo docker run -d --

hostname=Baker_Street_Linux_Server --network=host --name project1_v4
cyberxsecurity/container_project1_v4:latest

4. To connect to the container: sudo docker exec -it project1_v4 /bin/bash

Part 1: Auditing and Securing SSH

In Part 1 of today’s activity, you will be hardening the SSH setting for BSC’s Linux
server. As SSH is a common method attackers use to breach remote Linux servers, it is
important to harden SSH with strict controls.

● Use the following SSH configuration manual to assist with your tasks:
sshd_config(5): OpenSSH SSH daemon config file - Linux man page

Complete the following:

1. Configure SSH to not allow the ability to:

a. SSH with empty passwords
b. SSH with the root user
c. SSH with any other ports besides 22
2. Enable SSH protocol 2.
3. Restart the SSH service to set your updates
a. Use the following command: `service ssh restart`
4. Be sure to note on your checklist what you have completed.
a. Don’t forget to add in your screenshots!

Part 2: Review, Update, and Add System Packages

In Part 2, you will be reviewing and updating your system packages. This is important
because app developers often release patches to protect from security vulnerabilities.
Having the latest version of your packages minimizes your security risks.

Complete the following:

1. Run apt update to update your package manager to make sure it has the latest
version of all packages.
2. Next, run apt upgrade -y to update all already installed packages to the latest
versions.
© 2024 edX Boot Camps LLC. Confidential and Proprietary. All Rights Reserved.
 3. Create a file called package_list.txt, which contains all installed packages.
a. Hint: To view installed packages, run the following: apt list --installed.
4. Identify if any of the following packages are on the list as having these could
introduce a security issue:
a. telnet
b. rsh-client
5. If they are on the list, remove those packages.
a. Research and note why these could have security issues.
6. Remove all unnecessary dependencies of those packages with apt autoremove -
y.
7. Add the following packages:
a. ufw
b. lynis
c. tripwire
8. Once the packages have been installed, research and document the hardening
features these packages can provide.
9. Be sure to note on your checklist what you have completed.
a. Don't forget to add in your screenshots!

Part 3: Disabling Unnecessary Services

In Part 3, you will be reviewing and disabling any unnecessary services. This is
important because having unnecessary services running increases your attack surface.
Follow the below steps to identify and remove any unnecessary services.

Complete the following:

(Hint: View Lesson 4.3 to assist with the commands.)
1. Run the command to list out all services. Output this into a file called
service_list.txt.
2. Identify if any of the following services are running:
a. mysql
b. samba
3. If any of the above services are running,
a. Stop them
b. Disable them
c. Remove them
4. For Step 2&3, use the `service` command, as systemctl is not installed.
5. Be sure to note on your checklist what you have completed.

© 2024 edX Boot Camps LLC. Confidential and Proprietary. All Rights Reserved.
Part 4: Enabling and Configuring Logging

In Part 4, you will be configuring and checking logging settings on Baker Street’s Linux
server. Logging is a crucial part of the hardening process as logging can help identify
security issues such as suspicious network activity, unauthorized access, or other
anomalous activity.

Complete the following:

1. Access the journald.conf file located /etc/systemd/.
2. Use nano to edit the following settings in the file. Be sure to uncomment the
lines!
a. Set “storage=persistent”
i. This setting will save the logs locally on the machine.
b. Set “systemMaxUse=300M”
i. This setting configures the maximum disk space the logs can
utilize.
3. To prevent logs from taking up too much space, you will need to configure log
rotation.
(Use the following guide to assist: https://linux.die.net/man/8/logrotate)
a. Edit the file: /etc/logrotate.conf with the following settings:
i. Change the log rotation from weekly to daily.
ii. Rotate out the logs after 7 days.
4. Save your changes
5. Be sure to note on your checklist what you have completed.
6. Exit the lab by entering:
a. exit

© 2024 edX Boot Camps LLC. Confidential and Proprietary. All Rights Reserved.