Hacking defence

Secure tmp directory CentOS 7

October 16, 2017 Hacking defence

This is quick how to on basic steps securing /tmp directory on CentOS 7

dd if=/dev/zero of=/dev/tmpDIR bs=1024 count=1000000
/sbin/mkfs.ext3 /dev/tmpDIR
cp -Rpf /tmp /tmpbak

Mount /tmp directory

mount -o loop,noexec,nosuid,rw /dev/tmpDIR /tmp

Adjust permissions on /tmp directory

chmod 1777 /tmp

Copy backup files back to /tmp directory

cd /tmpbak
cp -Rpf * /tmp/

Add the following line to /etc/fstab file

/dev/tmpDIR /tmp	 ext3	loop,nosuid,noexec,rw	 0 0

Secure /var/tmp

mv /var/tmp /var/tmpbak
ln -s /tmp /var/tmp
cp -pR /var/tmpbak/* /tmp

The other way is to mount it on tmpfs
Add below to your /etc/fstab file

tmpfs /tmp tmpfs size=512m,loop,nosuid,noexec,mode=1777,rw 0 0
tmpfs /dev/shm	tmpfs	defaults,nodev,nosuid,noexec	0 0
/tmp /var/tmp none rw,noexec,nosuid,nodev,bind 0 0

Basic ssh security on Linux servers with password based authentication

September 25, 2017 Hacking defence

Most common are dictionary attacks against an SSH server. The attacker uses the fact that SSH servers usually offer their services on port 22 and that every Linux server has a root account. This can easily be mitigated by few simple steps.

  • Disable root login
  • Configure non-default port for SSH to listen on
  • Allow specific users only to log in on SSH
  • Disable root login

    vi /etc/ssh/sshd_config
    Change 
    #PermitRootLogin yes
    to 
    PermitRootLogin no
    systemctl restart sshd
    

    Configure non-default port for SSH to listen on

    vi /etc/ssh/sshd_config
    #Port 22
    Port 222
    systemctl restart sshd
    

    Note: if selinux is running you may need to make some adjustments

    semanage port -a -t ssh_port_t -p tcp 2022 
    

    Note: correct firewall port also must be open

    firewall-cmd --add-port=222/tcp --permanent
    

    Allow specific users only to log in on SSH

    vi /etc/ssh/sshd_config
    AllowUsers user1 user2 user3
    systemctl restart sshd
    

    Note: this is good option to restrict only specific users to be able to login it will overwrite PermitRootLogin option and will still allow to su as root.

    How to use firewalld

    April 7, 2017 Hacking defence

    How to restrict access to port from specific source IP

    firewall-cmd --permanent --zone=public --add-rich-rule='
      rule family="ipv4"
      source address="10.109.10.10/32"
      port protocol="tcp" port="3000" accept'
    
    cat /etc/firewalld/zones/public.xml
    
    firewall-cmd --reload
    

    Intrusion Detection Systems

    November 21, 2016 Hacking defence

    Intrusion Detection System or IDS is a system that gathers and analyse information that passes across the network or host. It is designed to report or stop any violation or misuse. In its core IDS is a packet sniffer with set of rules build into it.
    (more…)

    DOS Basic defence

    November 8, 2016 Hacking defence

    Some of the basic defensive strategies against DOS include but not limited to:
    (more…)

    Run postfix in chrooted environment on Linux systems

    September 28, 2016 Hacking defence

    In some cases you will want to secure postfix by running it in chrooted environment. he processes run at a fixed low privilege and with file system access limited to the Postfix queue directories (/var/spool/postfix). This provides a significant barrier against intrusion.
    (more…)