ShareWiz Ultra Secure Server Setup
Anti-Hacking Security
Setup chkrootkit
Install chkrootkit
Issue the following command:
sudo aptitude install chkrootkit
The chkrootkit security scanner searches the local system for signs that it is infected with a 'rootkit'.
Rootkits are set of programs and hacks designed to take control of a target machine by using known security flaws.
Configure chkrootkit
Issue the following command:
sudo vi /etc/chkrootkit.conf
…and modify the RUN_DAILY line as follows:
RUN_DAILY="true"
Setup rkhunter
Install rkhunter
Issue the following command:
sudo aptitude install rkhunter
Rootkit Hunter (rkhunter) scans systems for known and unknown rootkits, backdoors, sniffers and exploits.
Configure rkhunter email
Issue the following command:
sudo vi /etc/default/rkhunter
…and enter the mail recipient:
REPORT_EMAIL=sysadmin@sharewiz.net
DB_UPDATE_EMAIL="yes"
Update rkhunter
Issue the following command:
sudo rkhunter --update
Update rkhunter properties
Issue the following command:
sudo rkhunter --propupd
rkhunter keeps a summary of each file it monitors within an internal database. This command brings the database up to date with the files as they exist on the system.
Create rkhunter property update cronjob
Create a cron job to regularly keep the system’s time in sync, by issuing the command:
sudo vi /etc/cron.daily/rkhunter-sharewiz
…and populate with the following contents:
#!/bin/bash
#
# Updates the rkhunter internal database so that the same items are not reported on more than once
rkhunter –propupd
…and finally make the cron job executable, by issuing the following command:
sudo chmod 755 /etc/cron.daily/rkhunter-sharewiz
This will update the internal database used by rkhunter on a daily basis.
By having this cron job run daily means that any discrepancies found by rkhunter will only be reported by email once.
Configure rkhunter
sudo vi /etc/rkhunter.conf
…and update the following entries:
MAIL-ON-WARNING="sysadmin@sharewiz.net"
SCRIPTWHITELIST=/sbin/chkconfig
ALLOWHIDDENDIR=/dev/.udev
ALLOWHIDDENDIR=/dev/.initramfs
ALLOWHIDDENFILE=/dev/.blkid.tab
ALLOWHIDDENFILE=/dev/.blkid.tab-old
APP_WHITELIST="openssl:0.9.8g gpg sshd:5.1p1"
If running Java, then also modify the following entry in the /etc/rkhunter.conf file to include:
ALLOWHIDDENDIR=/dev/.java
If running PHP, then also modify the following entry in the /etc/rkhunter.conf file to include:
APP_WHITELIST="php"
If running Snort, then also modify the following entry in the /etc/rkhunter.conf file to include:
DISABLE_TESTS="promisc"
Older versions of rkhunter occasionally report network ports being used by malware (Possible rootkits). If sure that these are not malware, then also modify the following entry in the /etc/rkhunter.conf file to include:
PORT_WHITELIST="/usr/sbin/mysqld"
or
PORT_WHITELIST="TCP:2006"
rkhunter keeps a summary of each file it monitors within an internal database. These lines fine-tune it for a default install of Ubuntu which brings the database up to date with the files as they exist on the system.
Test rkhunter
Issue the following command:
sudo /etc/cron.daily/rkhunter-sharewiz
An email should be sent out with a report on the system if any warnings are found.
Setup AppArmor
Add additional AppArmor security profiles
Issue the following command:
sudo aptitude install apparmor-profiles
By default, Ubuntu has Apparmor installed. Still, you can enhance this setting even more. This will add more readily set profiles for your Apparmor to protect zero day attacks from hackers.
Setup Compilers
Restrict Access to Compilers
Add a compiler group
Issue the following command:
sudo /usr/sbin/groupadd compiler
…and issue the following commands:
sudo chgrp compiler *cc*
sudo chgrp compiler *++*
sudo chgrp compiler ld
sudo chgrp compiler as
…and set permissions:
sudo chmod 750 *cc*
sudo chmod 750 *++*
sudo chmod 750 ld
sudo chmod 750 as