Top Banner
CIS 193A – Lesson4 CIS 193A – Lesson4 Bastille Hardening a System
14

CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

Jan 05, 2016

Download

Documents

Madison McCarthy
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

CIS 193A – Lesson4CIS 193A – Lesson4

BastilleHardening a System

Page 2: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

CIS 193A – Lesson4

Focus Question

What Linux utilities, commands, and files are used by Bastille to harden a system?

Page 3: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

CIS 193A – Lesson4

The Bastille Package

• /etc/Bastille - Configuration files (config)• /var/log/Bastille - Reports and log files• /var/log/Bastillerevert - backup files• /usr/lib/Bastille - Perl libraries • /usr/share/Bastille - Documentation

Page 4: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

CIS 193A – Lesson4

Command Syntax

• bastille –a # --assessAssess the system

• bastille –x # -c for cursesCreate config file and implement changes

• bastille –b <config>Harden system with specified configuration

• bastille –rUndoes the configuration

Page 5: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

CIS 193A – Lesson4

Bastille Groupings

• File Permissions• Account Security• Boot Security• Logging• Miscellaneous Daemons• Secure Inetd• Disable User Tools• Services: Sendmail, Printing, Apache, DNS, FTP

Page 6: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

CIS 193A – Lesson4

File Permissions

• Setting permissions in /sbin and /usr/sbin to 750 instead of 755

• Removing setuid bits from:– mount, umount– ping traceroute– dump restore– at– X windows– others

Page 7: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

CIS 193A – Lesson4

Account Security

• Disable clear text r-protocols• Add password aging• Strengthen umask• Disable root loggins on ttys• Remove extraneous accounts and

groups• Restrict use of cron to root account

Page 8: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

CIS 193A – Lesson4

Boot Security

• Password protect grub or lilo• Disable ctrl-alt-del reboot sequence• Password protect single user mode

Page 9: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

CIS 193A – Lesson4

Logging

• Adding additional logging• Activating system auditing• Turning on process accounting

Page 10: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

CIS 193A – Lesson4

Miscellaneous Daemons

• Disable the following services:– apmd / acpid– nfs, nis– samba– pcmcia– gpm– kudzu– etc

Page 11: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

CIS 193A – Lesson4

Secure Inetd

• Disable telnet service• Disable ftp service• Include default deny for hosts.deny• Banners: authorized use warnings

Page 12: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

CIS 193A – Lesson4

Disable User Tools

• Disable compilers

Page 13: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

CIS 193A – Lesson4

Review

Page 14: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

CIS 193A – Lesson4

Focus Question

What Linux utilities, commands, and files are used by Bastille to harden a system?

Bastille uses grub, PAM, chkconfig, chmod, iptables, and edits such files as

issue, securetty, nologin, inittab, login.defs, as well as service

configuration files.


Related Documents
Lesson4 Transaction

Lesson4 Transaction

Category: Documents
CIS 193A - Lesson2

CIS 193A - Lesson2

Category: Documents
Lesson4 Transactions

Lesson4 Transactions

Category: Documents
Ps6 Cib Lesson4

Ps6 Cib Lesson4

Category: Documents
Lesson4 Cpu Basics

Lesson4 Cpu Basics

Category: Documents
CIS 193A – Lesson5

CIS 193A – Lesson5

Category: Documents
Population structure lesson4

Population structure lesson4

Category: Technology
193a Η ΨΥΧΟΛΟΓΙΑ ΤΗΣ ΑΠΙΣΤΙΑΣ

193a Η ΨΥΧΟΛΟΓΙΑ ΤΗΣ ΑΠΙΣΤΙΑΣ

Category: Documents
Lesson4 Sai Cofferdam

Lesson4 Sai Cofferdam

Category: Documents
Unit4, Lesson4

Unit4, Lesson4

Category: Education
CIS 193A – Lesson6

CIS 193A – Lesson6

Category: Documents
Mf 193a Bitel

Mf 193a Bitel

Category: Documents