Harden a Linux Machine

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search

harden-your-boxen.txt

Scrappy Notes for Newbs trying to Harden a Linux Machine

(this is a work in progress)


Tell MySQL server not to listen for outside connections if you are only using it for the localhost. Add the following parameter to the /etc/mysql/my.cnf file under [mysqld]

 skip-networking

If you are not using the machine as a pop mail server, disable the pop3 xinetd service

 vi /etc/xinetd.d/ipop3

Disable portmapper

 /etc/rc.d/rc3.d

If you are running Samba tell it not to listen on the public interface. Under the [Global] section of /etc/samba/smb.conf add:

 interfaces = ethX

Where X is the interface of your internal NIC.

If LDAP is running and you are not using directory services then disable it

 S61ldap

Check your box to see what all ports are listening (check it from another machine by scanning it with nmap)

 nmap -v -sS -p0- 10.10.0.1

You might have to specify the port range depending on your version.

 nmap -v -sS -p 1-65535 10.10.0.1

The -p is for 'prots' and 0- means starting at zero scan all 65536

If you are using mod_php with Apache, you should disable php register_globals which was enabled by default on many version of PHP.

 vi php.ini
 register_globals = Off