ShareWiz Ultra Secure Server Setup

base

Base Security

Disable Ctrl-Alt-Delete

Comment out the following line in the /etc/init/control-alt-delete.conf file by placing a hash # sign in front.

Issue the following command:

sudo vi /etc/init/control-alt-delete.conf

…and comment out the following line by placing a hash # sign in front.

#exec /sbin/shutdown -r now "Control-Alt-Delete pressed"

Anyone that has physical access to the keyboard can simply use the Ctrl+Alt+Delete key combination to reboot the server without having to log on. Sure, someone could simply unplug the power source, but you should still prevent the use of this key combination on a production server. This forces an attacker to take more drastic measures to reboot the server, and will prevent accidental reboots at the same time.

top

Setup the correct time zone (Optional, but Highly-Recommended)

Issue the following command:

sudo dpkg-reconfigure tzdata

…and select "Etc" followed by "GMT".

Having the right time zone is a requirement for proper security of the server.

Sharewiz security standards require the time zone to be set to GMT.

This standardizes time in the system and prevents security issues which may occur with unusual time movements.

It also ensures that logs files are consistant.

Naturally, select an alternative timezone as appropriate to your situation.

top

PAM Security

Install pam modules

Issue the following command:

sudo aptitude install libpam-modules libpam-passwdqc libpam0g wamerican wbritish wcanadian

PAM or Pluggable Authentication Modules, is an abstraction layer that enables authentication between a variety of services.

To change the default dictionary, run the following command:

sudo select-default-wordlist

...and select the dictionary that is required.

top

Continue to SSH Security...