{"id":65,"date":"2013-01-09T15:18:41","date_gmt":"2013-01-09T21:18:41","guid":{"rendered":"http:\/\/gimpland.org\/now\/?p=65"},"modified":"2013-01-09T15:18:41","modified_gmt":"2013-01-09T21:18:41","slug":"small-changes-to-increase-security-on-ubuntu-servers","status":"publish","type":"post","link":"https:\/\/gimpland.org\/now\/2013\/01\/small-changes-to-increase-security-on-ubuntu-servers\/","title":{"rendered":"Small Changes to Increase Security on Ubuntu Servers"},"content":{"rendered":"

Here is somethings I’ve done to help increase security on my Ubuntu boxes. \u00a0The goal when securing a linux system you need to prevent, detect, and react. \u00a0These small changes will help in that goal.<\/p>\n

Be careful with these changes, as you can lock yourself out of the server.<\/strong>
\nAlso, Ubuntu can use admin(<10.x) or adm(>12.x) is the admin group!!<\/strong><\/p>\n

    \n
  1. Increase SSH security by reducing grace time, not allowing root to login (Ubuntu has no root user, but incase you are\u00a0compromised\u00a0and a root account is added), and only allow groups you want to login the box. \u00a0I run a shell for friends, so in order to allow them to login, I create a “ssh” group and put them into that group.
    \nOpen \/etc\/ssh\/sshd_config
    \nLoginGraceTime 20
    \nPermitRootLogin no
    \nAllowGroups adm ssh<\/code><\/li>\n
  2. “su” program available to non-admin users
    \nsudo chown root:adm \/bin\/su
    \nsudo chmod 4750 \/bin\/su<\/code><\/li>\n
  3. Install more\u00a0apparmor\u00a0profiles, read up on apparmor and make sure to think about it when troubleshooting issues. \u00a0Sometimes when you don’t use default file paths, apparmor will not allow an application to read\/write to locations not whitelisted.
    \nsudo apt-get install apparmor-profiles<\/code><\/li>\n
  4. Install denyhosts, this will block bots trying to brutforce you.
    \nsudo apt-get install denyhosts<\/li>\n
  5. Here is an example of my changes to denyhosts
    \nEdit\u00a0\/etc\/denyhosts.conf\u00a0(diff -U3 denyhosts.conf.orig denyhosts.conf)
    \n--- denyhosts.conf.orig\u00a02009-07-21\u00a009:54:25.000000000\u00a0-0500
    \n+++ denyhosts.conf\u00a0 \u00a0 \u00a0\u00a02009-07-21\u00a010:00:59.000000000\u00a0-0500
    \n@@\u00a0-57,13\u00a0+57,15\u00a0@@
    \n# \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0'y' = years
    \n#
    \n# never purge:
    \n-PURGE_DENY =
    \n+#PURGE_DENY =
    \n#
    \n# purge entries older than\u00a01\u00a0week
    \n#PURGE_DENY = 1w
    \n#
    \n# purge entries older than\u00a05\u00a0days
    \n#PURGE_DENY = 5d
    \n+# purge entries older than\u00a04\u00a0weeks
    \n+PURGE_DENY = 4w
    \n#######################################################################<\/code><\/code>#######################################################################
    \n@@\u00a0-90,9\u00a0+92,9\u00a0@@
    \n# eg. \u00a0 sshd:\u00a0127.0.0.1\u00a0\u00a0# will block sshd logins from\u00a0127.0.0.1
    \n#
    \n# To block all services for the offending host:
    \n-#BLOCK_SERVICE = ALL
    \n+BLOCK_SERVICE = ALL
    \n# To block only sshd:
    \n-BLOCK_SERVICE \u00a0= sshd
    \n+#BLOCK_SERVICE \u00a0= sshd
    \n# To only record the offending host and nothing else\u00a0(if using
    \n# an auxilary file to list the hosts). \u00a0Refer to:
    \n# http:\/\/denyhosts.sourceforge.net\/faq.html#aux
    \n@@\u00a0-218,7\u00a0+220,7\u00a0@@
    \n# Multiple email addresses can be delimited by a comma, eg:
    \n# ADMIN_EMAIL = foo@bar.com, bar@foo.com, etc@foobar.com
    \n#
    \n-ADMIN_EMAIL = root@localhost
    \n+#ADMIN_EMAIL = root@localhost
    \n#
    \n#######################################################################@@\u00a0-285,7\u00a0+287,7\u00a0@@
    \n#
    \n#SYSLOG_REPORT=NO
    \n#
    \n-#SYSLOG_REPORT=YES
    \n+SYSLOG_REPORT=YES
    \n#
    \n######################################################################<\/li>\n
  6. In order to whitelist a host from getting into denyhosts, list the ips in this file:\u00a0\/var\/lib\/denyhosts\/allowed-hosts<\/li>\n
  7. Make sure changes have been applied:
    \nsudo \/etc\/init.d\/denyhosts restart<\/li>\n
  8. Install performance monitor SAR
    \nsudo apt-get install sysstat
    \nEdit\u00a0\/etc\/default\/sysstat
    \nSet:\u00a0ENABLE=\"true\"
    \nsudo \/etc\/init.d\/sysstat start<\/code><\/li>\n
  9. Install logwatch and monitor the emails it sends you (root). \u00a0This will give you a good overview of your system if you don’t have a syslog server.
    \nsudo apt-get install logwatch<\/code><\/li>\n
  10. Install Root Kit Hunter, this a cron job that will check your system for root kits. \u00a0It keeps track of your binaries and in case their MD5 changes.
    \nsudo apt-get install rkhunter<\/li>\n
  11. Edit this file \/etc\/rkhunter.conf<\/strong>\u00a0and add these changes to the very bottom, these may not work for you but they have been some false\u00a0positives\u00a0I needed to whitelist.
    \nMAIL-ON-WARNING=root@localhost
    \nENABLE_TESTS=\"all\"
    \nDISABLE_TESTS=\"suspscan hidden_procs deleted_files packet_cap_apps apps\"ALLOWHIDDENDIR=\/etc\/.java
    \nALLOWHIDDENDIR=\/dev\/.static
    \nALLOWHIDDENDIR=\/dev\/.udev
    \nALLOWHIDDENDIR=\/dev\/.initramfs
    \nALLOWHIDDENFILE=\/dev\/.blkid.tab
    \nALLOWHIDDENFILE=\/dev\/.blkid.tab.old
    \nSCRIPTWHITELIST=\/usr\/local\/bin\/lwp-request<\/code><\/li>\n
  12. After installing rkhunter, you will get emails indicating if there is anything odd happening on your box. \u00a0Most of the time it’s from updates, so if you run apt-get upgrade or apt-get dist-upgrade, you need to run this command to update rkhunter:
    \nsudo rkhunter --propupd<\/code><\/li>\n
  13. Shared Memory, edit\u00a0\/etc\/fstab<\/strong> and add:
    \ntmpfs \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \/dev\/shm \u00a0 \u00a0 \u00a0 \u00a0tmpfs \u00a0 defaults,noexec,nosuid \u00a00 \u00a00<\/code><\/li>\n
  14. sudo mount -o remount \/dev\/shm<\/code><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

    Here is somethings I’ve done to help increase security on my Ubuntu boxes. \u00a0The goal when securing a linux system you need to prevent, detect, and react. \u00a0These small changes will help in that goal. Be careful with these changes, as you can lock yourself out of the server. Also, Ubuntu can use admin(<10.x) or … Continue reading “Small Changes to Increase Security on Ubuntu Servers”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wprm-recipe-roundup-name":"","wprm-recipe-roundup-description":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7],"tags":[17,35,10,19,2,38,34,37,33,36,4],"class_list":["post-65","post","type-post","status-publish","format-standard","hentry","category-linux-2","tag-cli","tag-denyhosts","tag-hackers","tag-howto","tag-linux","tag-performance","tag-rkhunter","tag-sar","tag-security","tag-ssh","tag-ubuntu"],"aioseo_notices":[],"yoast_head":"\nSmall Changes to Increase Security on Ubuntu Servers<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/gimpland.org\/now\/2013\/01\/small-changes-to-increase-security-on-ubuntu-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Small Changes to Increase Security on Ubuntu Servers\" \/>\n<meta property=\"og:description\" content=\"Here is somethings I’ve done to help increase security on my Ubuntu boxes. \u00a0The goal when securing a linux system you need to prevent, detect, and react. \u00a0These small changes will help in that goal. Be careful with these changes, as you can lock yourself out of the server. Also, Ubuntu can use admin(<10.x) or … Continue reading "Small Changes to Increase Security on Ubuntu Servers"\" \/>\n<meta property=\"og:url\" content=\"https:\/\/gimpland.org\/now\/2013\/01\/small-changes-to-increase-security-on-ubuntu-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"gimpland.org\" \/>\n<meta property=\"article:published_time\" content=\"2013-01-09T21:18:41+00:00\" \/>\n<meta name=\"author\" content=\"imp7\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"imp7\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/gimpland.org\\\/now\\\/2013\\\/01\\\/small-changes-to-increase-security-on-ubuntu-servers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/gimpland.org\\\/now\\\/2013\\\/01\\\/small-changes-to-increase-security-on-ubuntu-servers\\\/\"},\"author\":{\"name\":\"imp7\",\"@id\":\"https:\\\/\\\/gimpland.org\\\/now\\\/#\\\/schema\\\/person\\\/5a73603e0ec30511d5b90534c76679fb\"},\"headline\":\"Small Changes to Increase Security on Ubuntu Servers\",\"datePublished\":\"2013-01-09T21:18:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/gimpland.org\\\/now\\\/2013\\\/01\\\/small-changes-to-increase-security-on-ubuntu-servers\\\/\"},\"wordCount\":488,\"commentCount\":0,\"keywords\":[\"cli\",\"denyhosts\",\"hackers\",\"howto\",\"linux\",\"performance\",\"rkhunter\",\"sar\",\"security\",\"ssh\",\"ubuntu\"],\"articleSection\":[\"Linux\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/gimpland.org\\\/now\\\/2013\\\/01\\\/small-changes-to-increase-security-on-ubuntu-servers\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/gimpland.org\\\/now\\\/2013\\\/01\\\/small-changes-to-increase-security-on-ubuntu-servers\\\/\",\"url\":\"https:\\\/\\\/gimpland.org\\\/now\\\/2013\\\/01\\\/small-changes-to-increase-security-on-ubuntu-servers\\\/\",\"name\":\"Small Changes to Increase Security on Ubuntu Servers\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/gimpland.org\\\/now\\\/#website\"},\"datePublished\":\"2013-01-09T21:18:41+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/gimpland.org\\\/now\\\/#\\\/schema\\\/person\\\/5a73603e0ec30511d5b90534c76679fb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/gimpland.org\\\/now\\\/2013\\\/01\\\/small-changes-to-increase-security-on-ubuntu-servers\\\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/gimpland.org\\\/now\\\/#website\",\"url\":\"https:\\\/\\\/gimpland.org\\\/now\\\/\",\"name\":\"gimpland.org\",\"description\":\"Donate by bitcoin: 12E1LyKb9Wwzw3iy6V4oWpHDXkTRC6UHJ9\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/gimpland.org\\\/now\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/gimpland.org\\\/now\\\/#\\\/schema\\\/person\\\/5a73603e0ec30511d5b90534c76679fb\",\"name\":\"imp7\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d0544d7ec7cea4e1a78e16ae627707fdc0a3f9d32087dd9a87038b079316ac2d?s=96&d=identicon&r=x\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d0544d7ec7cea4e1a78e16ae627707fdc0a3f9d32087dd9a87038b079316ac2d?s=96&d=identicon&r=x\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d0544d7ec7cea4e1a78e16ae627707fdc0a3f9d32087dd9a87038b079316ac2d?s=96&d=identicon&r=x\",\"caption\":\"imp7\"},\"url\":\"https:\\\/\\\/gimpland.org\\\/now\\\/author\\\/imp7\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Small Changes to Increase Security on Ubuntu Servers","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/gimpland.org\/now\/2013\/01\/small-changes-to-increase-security-on-ubuntu-servers\/","og_locale":"en_US","og_type":"article","og_title":"Small Changes to Increase Security on Ubuntu Servers","og_description":"Here is somethings I’ve done to help increase security on my Ubuntu boxes. \u00a0The goal when securing a linux system you need to prevent, detect, and react. \u00a0These small changes will help in that goal. Be careful with these changes, as you can lock yourself out of the server. Also, Ubuntu can use admin(<10.x) or … Continue reading \"Small Changes to Increase Security on Ubuntu Servers\"","og_url":"https:\/\/gimpland.org\/now\/2013\/01\/small-changes-to-increase-security-on-ubuntu-servers\/","og_site_name":"gimpland.org","article_published_time":"2013-01-09T21:18:41+00:00","author":"imp7","twitter_misc":{"Written by":"imp7","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/gimpland.org\/now\/2013\/01\/small-changes-to-increase-security-on-ubuntu-servers\/#article","isPartOf":{"@id":"https:\/\/gimpland.org\/now\/2013\/01\/small-changes-to-increase-security-on-ubuntu-servers\/"},"author":{"name":"imp7","@id":"https:\/\/gimpland.org\/now\/#\/schema\/person\/5a73603e0ec30511d5b90534c76679fb"},"headline":"Small Changes to Increase Security on Ubuntu Servers","datePublished":"2013-01-09T21:18:41+00:00","mainEntityOfPage":{"@id":"https:\/\/gimpland.org\/now\/2013\/01\/small-changes-to-increase-security-on-ubuntu-servers\/"},"wordCount":488,"commentCount":0,"keywords":["cli","denyhosts","hackers","howto","linux","performance","rkhunter","sar","security","ssh","ubuntu"],"articleSection":["Linux"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/gimpland.org\/now\/2013\/01\/small-changes-to-increase-security-on-ubuntu-servers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/gimpland.org\/now\/2013\/01\/small-changes-to-increase-security-on-ubuntu-servers\/","url":"https:\/\/gimpland.org\/now\/2013\/01\/small-changes-to-increase-security-on-ubuntu-servers\/","name":"Small Changes to Increase Security on Ubuntu Servers","isPartOf":{"@id":"https:\/\/gimpland.org\/now\/#website"},"datePublished":"2013-01-09T21:18:41+00:00","author":{"@id":"https:\/\/gimpland.org\/now\/#\/schema\/person\/5a73603e0ec30511d5b90534c76679fb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/gimpland.org\/now\/2013\/01\/small-changes-to-increase-security-on-ubuntu-servers\/"]}]},{"@type":"WebSite","@id":"https:\/\/gimpland.org\/now\/#website","url":"https:\/\/gimpland.org\/now\/","name":"gimpland.org","description":"Donate by bitcoin: 12E1LyKb9Wwzw3iy6V4oWpHDXkTRC6UHJ9","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/gimpland.org\/now\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/gimpland.org\/now\/#\/schema\/person\/5a73603e0ec30511d5b90534c76679fb","name":"imp7","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d0544d7ec7cea4e1a78e16ae627707fdc0a3f9d32087dd9a87038b079316ac2d?s=96&d=identicon&r=x","url":"https:\/\/secure.gravatar.com\/avatar\/d0544d7ec7cea4e1a78e16ae627707fdc0a3f9d32087dd9a87038b079316ac2d?s=96&d=identicon&r=x","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d0544d7ec7cea4e1a78e16ae627707fdc0a3f9d32087dd9a87038b079316ac2d?s=96&d=identicon&r=x","caption":"imp7"},"url":"https:\/\/gimpland.org\/now\/author\/imp7\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p4dqkb-13","jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/gimpland.org\/now\/wp-json\/wp\/v2\/posts\/65","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gimpland.org\/now\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gimpland.org\/now\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gimpland.org\/now\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gimpland.org\/now\/wp-json\/wp\/v2\/comments?post=65"}],"version-history":[{"count":7,"href":"https:\/\/gimpland.org\/now\/wp-json\/wp\/v2\/posts\/65\/revisions"}],"predecessor-version":[{"id":72,"href":"https:\/\/gimpland.org\/now\/wp-json\/wp\/v2\/posts\/65\/revisions\/72"}],"wp:attachment":[{"href":"https:\/\/gimpland.org\/now\/wp-json\/wp\/v2\/media?parent=65"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gimpland.org\/now\/wp-json\/wp\/v2\/categories?post=65"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gimpland.org\/now\/wp-json\/wp\/v2\/tags?post=65"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}