Protect Boot & Single user mode

as a physical security is main factor in our security prospective

we all need to to protect unauthorised access to our linux box after we protect bios

and we all know that anyone can rest the root password via accessing the single mode

so we have 3 ways 1st thing to disable single use mode entirely  2nd adding a password 3rd encrypt the disk with luks

single use mode configuration located under /etc/sysconfig/init

the last line of the init configuration instruct the user shell for single user mode

sushell  this shell allow access with full root privilege  we can change the shell type to control the single user mode

if we sit it /sbin/nologin no single user mode will be activated on the boot and the machine will continue booting to default run level 😉

we can set it to sulogin to make boot asks for root password before it continue to give a full root access

 

we can add more password layer for grub configuration via adding password –encrypt HASH from grub-crypt command

one important thing attacker can manipulate boot start services by pressing (i) in the boot sequence

attacker can disable any running service  example i disabled iptables in the boot 😀

Screen Shot 2015-08-17 at 3.32.33 AM

we can protect from this disaster by disable hot keys in /etc/sysconfig/init

protect console from reboot via ctrl-alt-delete

attacker can press ctrl-alt-delete to your machine to make it reboot

to disable it we need to change behaviour of this intercept in /etc/init/control-alt-delete.conf

by add comment to the exec line to disable reboot

AIDE : Intrusion Detection Environment

this article about Intrusion Detection for file system changes like modification changing owner extra , for critical files or directories in our environment

we using a software called AIDE

Advanced Intrusion Detections Environment
this software base on library called mhash this lib used to calculate file hashes
and AIDE save the file info inside db with base64 formate
the information that will be saved depends on the aide configuration file

example of default info for the linux image file

lets decode this Continue reading AIDE : Intrusion Detection Environment

umask permissions explanation

what is umask ?
umask is the default permissions for writing file in system

where the settings for umask ?
1 – /etc/profile
2 – /etc/bashrc

Continue reading umask permissions explanation

RPM integrity and scripts

Yum repository comes with gpg  and md5 support to verify the validity of the package

You can list installed gpg keys in your system via

It will show the unique id for the installed keys in your  system

gpg-pubkey-e8562897-459f07a4
gpg-pubkey-217521f6-45e8a532

To list all information related to a key
rpm -qi pgp-key-unique-id

 

It will show version , vendor  and many more useful for debugging
To verify package against the  installed keys

U can use parameter  k with rpm

Continue reading RPM integrity and scripts

RedHat Packaging Security with yum

RedHat comes with a mitigated packages called RHSA (redhat security advisory)

This RHSA comes with a unique id  like CVE Contain the date of fix and this type packages  come for the applications that shipped from redhat

Example RHSA-2015:0291
For listing available updates for appliaction

For quick installation to security batches

Continue reading RedHat Packaging Security with yum