Security - linux

Auditing Tools

1. Lynis
2. chkrootkit
        

Prevention

1. 
        

These are some of the important takeaways I had from Lynis recommendations

- Install fail2ban
- Protect rescue.service by using sulogin [BOOT-5260]
      https://cisofy.com/controls/BOOT-5260/
- purge old packages with sudo aptitude purge
- Change the HTTPS and SSL settings for enhanced protection of sensitive data and privacy [HTTP-6710]
      https://cisofy.com/controls/HTTP-6710/
- Check your nginx access log for proper functioning [HTTP-6712]
      https://cisofy.com/controls/HTTP-6712/
- Consider hardening SSH configuration [SSH-7408]
      https://cisofy.com/controls/SSH-7408/
    - Details  : ClientAliveCountMax (3 --> 2)
    - Details  : Compression (YES --> (DELAYED|NO))
    - Details  : LogLevel (INFO --> VERBOSE)
    - Details  : MaxAuthTries (6 --> 2)
    - Details  : MaxSessions (10 --> 2)
    - Details  : Port (22 --> )
    - Details  : TCPKeepAlive (YES --> NO)
    - Details  : X11Forwarding (YES --> NO)
    - Details  : AllowAgentForwarding (YES --> NO)
- Add legal banner to /etc/issue.net, to warn unauthorized users [BANN-7130]
      https://cisofy.com/controls/BANN-7130/
- Enable process accounting [ACCT-9622]
      https://cisofy.com/controls/ACCT-9622/
- Enable sysstat to collect accounting (no results) [ACCT-9626]
      https://cisofy.com/controls/ACCT-9626/
- Enable auditd to collect audit information [ACCT-9628]
      https://cisofy.com/controls/ACCT-9628/
- Run 'docker info' to see warnings applicable to Docker daemon [CONT-8104]
      https://cisofy.com/controls/CONT-8104/
- Test output of both 'docker ps -a' and 'docker info', to determine why they report a different amount of containers [CONT-8106]
      https://cisofy.com/controls/CONT-8106/
- Install a file integrity tool to monitor changes to critical and sensitive files [FINT-4350]
      https://cisofy.com/controls/FINT-4350/
- Determine if automation tools are present for system management [TOOL-5002]
      https://cisofy.com/controls/TOOL-5002/
- Harden compilers like restricting access to root user only [HRDN-7222]
      https://cisofy.com/controls/HRDN-7222/
        

Fail2ban Basic Installation

sudo apt-get install -y fail2ban &&
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local &&
sudo service fail2ban restart