Tag Archives: hardening

Protect Boot & Single user mode

as a physical security is the main factor in our security perspective

we all need to protect unauthorised access to our Linux box after we protect bios

and we all know that anyone can rest the root password via accessing the single mode

so we have 3 ways 1st thing to disable single user mode entirely  2nd adding a password 3rd encrypt the disk with luks

single use mode configuration located under /etc/sysconfig/init

the last line of the init configuration instructs the user shell for single user mode

sushell  this shell allows access with full root privilege  we can change the shell type to control the single user mode

if we sit it /sbin/nologin no single user mode will be activated on the boot and the machine will continue booting to default run level 😉

we can set it to sulogin to make boot asks for the root password before it continues to give a full root access

 

we can add more password layer for grub configuration via adding password –encrypt HASH from grub-crypt command

one important thing an attacker can manipulate boot start services by pressing (i) in the boot sequence

an attacker can disable any running service example I disabled iptables in the boot 😀

Screen Shot 2015-08-17 at 3.32.33 AM

we can protect from this disaster by disable hotkeys in /etc/sysconfig/init

protect the console from reboot via ctrl-alt-delete

an attacker can press ctrl-alt-delete to your machine to make it reboot

to disable it we need to change the behaviour of this intercept in /etc/init/control-alt-delete.conf

by adding a comment to the exec line to disable reboot

AIDE : Intrusion Detection Environment

this article about Intrusion Detection for file system changes like modification changing owner extra, for critical files or directories in our environment

we using a software called AIDE

Advanced Intrusion Detections Environment
this software base on a library called mhash this lib used to calculate file hashes
and AIDE save the file info inside DB with base64 formate
the information that will be saved depends on the aide configuration file

example of default info for the Linux image file

let’s decode this Continue reading AIDE : Intrusion Detection Environment

RPM integrity and scripts

Yum repository comes with gpg  and md5 support to verify the validity of the package

You can list installed gpg keys in your system via

It will show the unique id for the installed keys in your  system

gpg-pubkey-e8562897-459f07a4
gpg-pubkey-217521f6-45e8a532

To list all information related to a key
rpm -qi pgp-key-unique-id

 

It will show version, vendor  and much more useful for debugging
To verify a package against the  installed keys

U can use parameter  k with rpm

Continue reading RPM integrity and scripts

RedHat Packaging Security with yum

RedHat comes with a mitigated package called RHSA (RedHat security advisory)

This RHSA comes with a unique id  like CVE Contain the date of fix and these type packages  come for the applications that shipped from RedHat

Example RHSA-2015:0291
For listing available updates for application

For quick installation to security batches

Continue reading RedHat Packaging Security with yum