Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- sudo vi /etc/fstab
- tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0
- sudo vi /etc/sysctl.conf
- # IP Spoofing protection
- net.ipv4.conf.all.rp_filter = 1
- net.ipv4.conf.default.rp_filter = 1
- # Ignore ICMP broadcast requests
- net.ipv4.icmp_echo_ignore_broadcasts = 1
- # Disable source packet routing
- net.ipv4.conf.all.accept_source_route = 0
- net.ipv6.conf.all.accept_source_route = 0
- net.ipv4.conf.default.accept_source_route = 0
- net.ipv6.conf.default.accept_source_route = 0
- # Ignore send redirects
- net.ipv4.conf.all.send_redirects = 0
- net.ipv4.conf.default.send_redirects = 0
- # Block SYN attacks
- net.ipv4.tcp_syncookies = 1
- net.ipv4.tcp_max_syn_backlog = 2048
- net.ipv4.tcp_synack_retries = 2
- net.ipv4.tcp_syn_retries = 5
- # Log Martians
- net.ipv4.conf.all.log_martians = 1
- net.ipv4.icmp_ignore_bogus_error_responses = 1
- # Ignore ICMP redirects
- net.ipv4.conf.all.accept_redirects = 0
- net.ipv6.conf.all.accept_redirects = 0
- net.ipv4.conf.default.accept_redirects = 0
- net.ipv6.conf.default.accept_redirects = 0
- # Ignore Directed pings
- net.ipv4.icmp_echo_ignore_all = 1
- sudo sysctl -p
- sudo vi /etc/host.conf
- order bind,hosts
- nospoof on
- sudo vi /etc/php5/apache2/php.ini
- disable_functions = exec,system,shell_exec,passthru
- register_globals = Off
- expose_php = Off
- magic_quotes_gpc = On
- sudo apt-get install denyhosts
- sudo vi /etc/denyhosts.conf
- ADMIN_EMAIL = root@localhost
- SMTP_HOST = localhost
- SMTP_PORT = 25
- #SMTP_USERNAME=foo
- #SMTP_PASSWORD=bar
- SMTP_FROM = DenyHosts nobody@localhost
- #SYSLOG_REPORT=YES
- sudo apt-get install fail2ban
- sudo vi /etc/fail2ban/jail.conf
- [ssh]
- enabled = true
- port = ssh
- filter = sshd
- logpath = /var/log/auth.log
- maxretry = 3
- destemail = root@localhost
- action = %(action_)s
- action = %(action_mwl)s
- sudo vi /etc/fail2ban/jail.local
- sudo /etc/init.d/fail2ban restart
- sudo fail2ban-client status
- sudo apt-get install rkhunter chkrootkit
- sudo chkrootkit
- sudo rkhunter --update
- sudo rkhunter --propupd
- sudo rkhunter --check
- sudo apt-get install nmap
- nmap -v -sT localhost
- sudo nmap -v -sS localhost
- sudo apt-get install logwatch libdate-manip-perl
- sudo logwatch | less
- sudo logwatch --mailto mail@domain.com --output mail --format html --range 'between -7 days and today'
- sudo apt-get install tiger
- sudo tiger
- sudo less /var/log/tiger/security.report.*
- **My heartiest best wishes to you. good luck.**
Add Comment
Please, Sign In to add comment