##Linux Hardening Automation Project
This program comes with ABSOLUTELY NO WARRANTY!
Be Advised, do NOT use in production environments!
Wikipedia's description for Hardening: In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability. A system has a larger vulnerability surface the more functions it fulfills; in principle a single-function system is more secure than a multipurpose one. Reducing available vectors of attack typically includes the removal of unnecessary software, unnecessary usernames or logins and the disabling or removal of unnecessary services.
Clone the repository.
git clone https://github.com/emirozer/nixarmor.git
Run the related automation script based on your distribution.
You can try the environment via using vagrant. Go to the /vagrant/.. dir and pick the distro you are interested in.
vagrant on your system packages for this task. ###CHKROOTKIT & Cron JobI am assuming you have
Chkrootkit is installed for ubuntu/debian/fedora and ran once.
For centOS, yum won't serve this package so you have to get it manually.
It is in your best interest to run chkrootkit daily. Here are some basic universal instructions:
vi /etc/cron.daily/chkrootkit.sh #!/bin/bash cd /your_installpath/chkrootkit-0.42b/ ./chkrootkit | mail -s “Daily chkrootkit from Servername” firstname.lastname@example.org
Replace ‘your_installpath’ with the actual path to where you unpacked Chkrootkit.
Change ‘Servername’ to the server which you are running.
Change ‘email@example.com’ to your actual email address where the script will mail you.
Save the file.
Change the file permissions
chmod 755 /etc/cron.daily/chkrootkit.sh
Small note about unattanded updates: It is a good idea if and only if you compose your own black list..Meaning put everything that you find upgrading without supervision risky. http://askubuntu.com/questions/193773/can-i-configure-unattended-upgrades-to-not-upgrade-packages-that-require-a-reboo