-
Notifications
You must be signed in to change notification settings - Fork 2
harden debian server
weakish edited this page Apr 27, 2013
·
2 revisions
apt-get install checksecurity
Just modify /etc/checksecurity.conf and files under /etc/checksecurity.
In fact, you just need to uncomment some lines. The default setup is will check diskfree, passwd, setuid and send report to root if something is wrong.
apt-get install chkrootkit
Just modify /etc/chkrootkit.conf and set diff mode to true.
apt-get install logcheck
Modify /etc/logcheck/logcheck.conf
Modify /etc/ssh/sshd_config to enhance security.
Doesn't allow password login.
For convinience, we allow root login. You may disable root login and configure su/sudo.
After modifying /etc/ssh/sshd_config, we need to reload the configuration file with:
service ssh reload
Then attempt a new ssh connection without breaking the previous one. Therefore, if we made some mistake in sshd_config, we can rollback to the original version.