Security & Hardening

User Authentication and Access Control

User Account Management

# User creation with security settings
useradd -m -s /bin/bash -G sudo username  # Create user with home and sudo access
passwd username                           # Set strong password
chage -M 90 -W 7 username                # Password expires in 90 days, warn 7 days before
chage -l username                         # View password aging info

# Account lockout settings
passwd -l username                        # Lock account
passwd -u username                        # Unlock account
usermod -L username                       # Lock account (alternative)
usermod -U username                       # Unlock account (alternative)

SSH Security

# SSH server configuration (/etc/ssh/sshd_config)
Port 2222                               # Change default port
PermitRootLogin no                      # Disable root login
PasswordAuthentication no               # Disable password auth
PubkeyAuthentication yes                # Enable key-based auth
MaxAuthTries 3                          # Limit auth attempts

# Generate SSH keys
ssh-keygen -t rsa -b 4096 -C "user@host"        # RSA key
ssh-keygen -t ed25519 -C "user@host"            # Ed25519 key (recommended)

# Copy public key to remote host
ssh-copy-id -i ~/.ssh/id_rsa.pub user@host      # Copy specific key
ssh-copy-id user@host                           # Copy default key

Firewall Management

UFW (Uncomplicated Firewall)

# UFW basic operations
ufw enable                              # Enable firewall
ufw disable                             # Disable firewall
ufw status                              # Show firewall status
ufw allow 22                            # Allow SSH
ufw allow 80/tcp                        # Allow HTTP
ufw deny 23                             # Deny telnet

iptables

# View iptables rules
iptables -L                             # List rules
iptables -L -n                          # List rules with numeric output

# Basic iptables rules
iptables -A INPUT -p tcp --dport 22 -j ACCEPT      # Allow SSH
iptables -A INPUT -p tcp --dport 80 -j ACCEPT      # Allow HTTP
iptables -A INPUT -j DROP                          # Drop everything else

Security Auditing

System Auditing

# Lynis - Security auditing
lynis audit system                      # Run security audit
lynis show categories                   # Show audit categories

# Rootkit detection
chkrootkit                             # Check for rootkits
rkhunter --check                       # Check for rootkits
rkhunter --update                      # Update definitions

File Security

File Permissions and ACLs

# Special permissions
chmod +t /tmp                          # Sticky bit
chmod g+s /shared                      # SGID bit
chmod u+s /usr/bin/program             # SUID bit

# Access Control Lists
setfacl -m u:username:rwx /path/file   # Set user ACL
setfacl -m g:groupname:rx /path/file   # Set group ACL
getfacl /path/file                     # View ACLs

File Integrity Monitoring

# AIDE (Advanced Intrusion Detection Environment)
aide --init                            # Initialize database
aide --check                           # Check file integrity
aide --update                          # Update database

Certificate Management

SSL/TLS Certificates

# Generate self-signed certificate
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

# View certificate information
openssl x509 -in cert.pem -text -noout         # View certificate details
openssl x509 -in cert.pem -dates -noout        # View validity dates

# Let's Encrypt with Certbot
certbot --nginx                        # Get certificate for nginx
certbot --apache                       # Get certificate for apache
certbot renew                          # Renew certificates

Security Monitoring

Log Security

# Monitor failed logins
grep "Failed password" /var/log/auth.log | tail -10
grep "authentication failure" /var/log/auth.log

# Monitor sudo usage
grep "sudo" /var/log/auth.log | tail -10

# Monitor system changes
find /etc -type f -mtime -1            # Files changed in last day
find /usr/bin -type f -mtime -1        # Binaries changed in last day

Intrusion Detection

# Fail2Ban
apt install fail2ban                   # Install (Debian/Ubuntu)
systemctl enable fail2ban              # Enable service
systemctl start fail2ban               # Start service

# Fail2Ban management
fail2ban-client status                 # Show status
fail2ban-client status sshd            # Show jail status
fail2ban-client unban IP               # Unban IP address

Best Practices

Security Checklist

1. Keep system updated: Regular security updates
2. Strong authentication: Use SSH keys, strong passwords
3. Network security: Configure firewall, close unused ports
4. Regular monitoring: Check logs, run security audits
5. Backup strategy: Regular backups, test restoration
6. Minimal installation: Install only necessary packages
7. File permissions: Proper file and directory permissions
8. Service hardening: Disable unnecessary services

Emergency Procedures

# Incident response
# 1. Isolate system
iptables -P INPUT DROP                 # Block all incoming
iptables -P OUTPUT DROP                # Block all outgoing

# 2. Preserve evidence
dd if=/dev/sda of=/backup/evidence.img # Create disk image
netstat -tulpn > /backup/netstat.txt   # Save network state

# 3. Analyze logs
grep -i "attack\|intrusion\|breach" /var/log/syslog
journalctl --since "1 hour ago" | grep -i "error\|fail"