Skip to main content

How to secure your Linux

How to secure your linux? (easily)

Now days computer security is on the top trending topics for several reasons, the pandemic confiment also boosted the search for this topic. So you have a linux, is it secure? Most likely yes, is it vulnerable, even if daily updated (also see how to speed up apt-update ) due to default values of some configurations.

An easy way to enhance Linux security or hardening Linux? Using lynis (also works on OSX)
What's hardening?  Basically is just tunning and configuring some features that by default might allow someone to exploit or use that as a vulnerability. (not just one feature per se, but some combined might create something exploitable)

How to install lynis on Linux?

There are two instalation methods, easy and easiest. The main difference is  the version you download from the Lynis site is always the latest one where the apt-get version might take sometime to get to the lastest. 
An example is allowing access to compilers, an intruder can pass a bunch of string and in the end compile them and there you go, someone uploaded some string and created an executable on your machine. Another example is not enforcing secure password, 1234, Joe, and Password aren't exactly secure passwords, but if the system won't allow anything rather than ex: JustATinny123Pass**Again is virtual impossible to guess or crack.
 
In ubuntu/mint lynis installation (easiest):
  • sudo apt install lynis
In ubuntu/mint lynis installation (easy):
  1. Go to Lynis webpage and download the rar
  2. Unrar-It
  3. Done  

How to run Lynis on your Linux machine?

Previous Note: You should always run it as root user 
  • If the installation was done via apt-get the just type "lynis audit system" else, just go to the directory where you extracted Lynis and run "./lynis audit system".
This might take a while depending on our system ( 40sec plus). 

What do you get? Whell for start you get a score! 0-100points... if you use a default ubuntu 20 LTS from scratch you'll get around 65points depending on installed packages.

Lynis score



There's a list of issues to be solved, their solution (if possible in your system), solve one by one and in the end run it again. In the end you improve your score and harden your system.
Examples which I focus a LOT, since some of my machines are only accessible by network: sshd connections hardening.

Lynis recommendations


Labels:

Comments

Post a Comment

Popular posts from this blog

Honeypot deployment on Linux - OpenCanary

What’s a honeypot what what it’s purpose ? It’s basically a computer or Virtual Machine emulating some services (ex: ssh, ftp, telnet, netbios, https, samba server etc) and accepting, logging and sending warnings of all incoming connections. You can use it as intrusion detection or early warning system but it also might go a little further and allow one to get inside the intruders ”head” since you get to log every interaction. How and where should it be placed? Let’s start with “where”. I usually place them in specific areas to get an idea how/or if the network is tested from outside or inside. So I have about three major areas; behind firewalls, in “sensible zones” where only pre-defined machines should have access and in the “public zone” such as administrative/general network. Placing a honeypot behind firewalls/”sensible zones” will ensure that the firewall is doing it’s and if you get a hit that means you have a miss-configurations or a serious intrusion. Honeypots place...
2 comments
Read more

Lenovo X250 tweeking in linux

Why the Lenovo X250? My needs: a daily driver laptop, very cheap, light, small, upgradable and serviceable. (want to swap hdd, thermal paste etc) and Linux friendly. All things considered, I came up with a bargain on eBay, a 12.5"  Lenovo ThinkPad X250, i5 5300U with 8gb RAM, 128gb SSD, 2 batteries and HD screen with a barely noticeable bruise (which shall be swapped latter) for 130Euro. X250 condition X250 keyboard and screen The Lenovo X250 in 2019 It's preparation for linux daily driver. The batteries, yep no typo --two batteries-- this model has 2, one internal the other external were ~82% capacity each, the screen bruise is somehow noticeable, the fan and thermals were alright, yet first things to do; swap thermal paste for a top of the line one and swap the 128gb SSD for one bigger a 256SSD.  Keep in mind that there's a whitelist of LCD screens, if not on the list no brightness control on windows. So price tag till now: X250 + Postage = 130Euro Gri...
2 comments
Read more

Strong unique passwords

Strategies for creating strong, unique passwords and properly managing them: As more and more of our daily activities and personal information are being conducted and stored online, it's crucial to have strong, unique passwords for all of your online accounts. Not only do strong passwords protect your personal information from potential hackers, but they can also prevent unauthorized access to your accounts and protect your privacy. But with so many different online accounts and passwords to remember, it can be tempting to use the same password for multiple accounts or to create passwords that are easy to remember but not very secure. This is a dangerous practice, as it puts all of your accounts at risk if one password is compromised. Here are some tips for creating strong, unique passwords and properly managing them: Use a mix of letters, numbers, and special characters in your passwords. Avoid using dictionary words or common phrases, as these can be easily guessed or cracked by ...
Post a Comment
Read more