linux server hardening chapter two

this is a general hardening that i used to apply on my server

1. securing /tmp partition

dd if=/dev/zero of=/opt/tmpMnt bs=1024 count=512000
mke2fs /opt/tmpMnt
mkdir /tmp.bak
mv /tmp/* /tmp.bak/ (verify that dot-files are also moved)
mount -o loop,noexec,nosuid,rw /opt/tmpMnt /tmp
mv /tmp.bak/* /tmp/ (again, very that dot-files are also moved)
rm -rf /tmp.bak
chmod 1777 /tmp
vi /etc/fstab (add: /opt/tmpMnt /tmp ext2 loop,nosuid,noexec,rw 0 0)

2. use secure password
use utilities like http://strongpasswordgenerator.com/ to have a strong password for your server
you can also use other tool with the same similarities
write down your password and make sure u are the only person that know about this document
if possible password protected your document as well

3. monitor your server by using hids and logwatch

4. move this binaries to other secure location
wget, lwp-download, ssh, scp, curl

5. modified your /etc/host file
declare "search.cpan.org" as "0.0.0.0" in /etc/host
most hacker get all of their stuff their need here

6. monitor outgoing connection on your server using iptables

7. remove all development packages and test your server for the newest local exploit

PS:
if you have a webserver running on your server
disable function like ("passthru","exec","shell_exec","system","popen") in php.ini
and install mod_security

my fav doctor - Dr Thirteen

Olivia Wilde is an American actress and fashion model. She began acting in the early 2000s, and has since appeared in a number of film and television parts, including roles in the serial-drama The O.C. and The Black Donnellys. She portrays Dr. Remy "Thirteen" Hadley in the TV drama House, and in 2010 starred as Quorra in Tron: Legacy.

How do you expect kids to listen

How do you expect kids to listen to their parents when Tarzan lives half naked, Cinderella comes home at midnight, Pinocchio lies all the time, Aladdin is the king of thieves, Batman drives at 200 mph, Sleeping Beauty is lazy & Snow White lives with 7 guys. We shouldn't be surprised when kids misbehave, they get it from their story books.

hardening howto chapter one

In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability. A system has a larger vulnerability surface the more that it does; in principle a single-function system is more secure than a multipurpose one. Reducing available vectors of attack typically includes the removal of unnecessary software, unnecessary usernames or logins and the disabling or removal of unnecessary services.

------
I will share several of my knowledge on hardening with you guys
and it will take several part

goodbye mac hello lenovo

anna torv late night show

now i'm gonna write a bit about my favorite actress on fringe anna torv. here's a bit about her
-----
Anna Torv (born June, 1979 in Melbourne, Victoria) is an Australian actress best known for her role as FBI agent Olivia Dunham on the Fox television series Fringe.

i also like the interview that she did in the late night talk show hosted by craig ferguson
here's the video

vanilla kernel on debian

first do the usual thing on the kernel, such as :
- download the kernel
- extract
- make the link
- make clean && make distclean && make mrproper
- make menuconfig
- choose the kernel based on the HW on your debian box
- save the configuration file

this is the part on debian things :
make-kpkg --revision=net0.5 --initrd --bzImage linux_image

note:
--revision is when you want to mark your own kernel...
make sure you put a version on it
--initrd is for making the initrd...
you'll need this to boot
--bzImage is for the type of compression you used on your new kernel

if you failed and want to remove the kernel, do this :

dpkg --remove linux-image-2.6.17.7

make sure that it the same version of your kernel

do this to clean up the mess :

make-kpkg clean
make clean && make mrproper

and start all over again from the top.... :p

happy compile...

PS: make sure you only load the necessary module and built in...
or the compilation will take years.. :p (kidding)