SERVER HARDENING:
This is a concept of making a server secure and to run 24/7 applications.
This is a post installation process, ies: After installing OS, based on the application need we harden the server.
The following tasks are performed :-
1. Removing unnecessary services.
2. Disable auto install scripts so that no user can install any applications.
3. Disable media drives (CD, DVD..etc) and USB.
4. Removing unnecessary user accounts.
5. Maintaining log for all services.
6. Giving permissions for all files and directories.
7. Manage space requirements.
8. Consolidate the server for better performance.
CONCEPTS USED:
- SET UID (User ID) & SET GID (Group ID)
- Stickybit
- ACL (Access control list)
- RBAC (Role based access)
FILES:
- /etc/default/login
- /etc/default/passwd
- /etc/security/policy.conf
- /etc/wtmpx
- /etc/utmpx
- /etc/adm/sulog
- /var/adm/loginlog
- /etc/nologin
- /etc/user_attr
- /etc/security/prof_attr
- /etc/security/auth_attr
- /etc/security/exec_attr
COMMANDS:
#roleadd
#rolemod
#roledel
#chmod
#chown
#newgrp
#useradd
#usermod
#su
Whenever a user logs in, permissions are verified based on UID. The OS also maintains effective UIS which represents the current environment of the user.
No comments:
Post a Comment