sudo vi /etc/fstab tmpfs /dev/shm tmpfs defaults,noexec,nosuid

1. sudo vi /etc/fstab
2.  
3. tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0
4.  
5. sudo vi /etc/sysctl.conf
6.  
7. # IP Spoofing protection
8. net.ipv4.conf.all.rp_filter = 1
9. net.ipv4.conf.default.rp_filter = 1
10.  
11. # Ignore ICMP broadcast requests
12. net.ipv4.icmp_echo_ignore_broadcasts = 1
13.  
14. # Disable source packet routing
15. net.ipv4.conf.all.accept_source_route = 0
16. net.ipv6.conf.all.accept_source_route = 0
17. net.ipv4.conf.default.accept_source_route = 0
18. net.ipv6.conf.default.accept_source_route = 0
19.  
20. # Ignore send redirects
21. net.ipv4.conf.all.send_redirects = 0
22. net.ipv4.conf.default.send_redirects = 0
23.  
24. # Block SYN attacks
25. net.ipv4.tcp_syncookies = 1
26. net.ipv4.tcp_max_syn_backlog = 2048
27. net.ipv4.tcp_synack_retries = 2
28. net.ipv4.tcp_syn_retries = 5
29.  
30. # Log Martians
31. net.ipv4.conf.all.log_martians = 1
32. net.ipv4.icmp_ignore_bogus_error_responses = 1
33.  
34. # Ignore ICMP redirects
35. net.ipv4.conf.all.accept_redirects = 0
36. net.ipv6.conf.all.accept_redirects = 0
37. net.ipv4.conf.default.accept_redirects = 0
38. net.ipv6.conf.default.accept_redirects = 0
39.  
40. # Ignore Directed pings
41. net.ipv4.icmp_echo_ignore_all = 1
42.  
43. sudo sysctl -p
44.  
45. sudo vi /etc/host.conf
46.  
47. order bind,hosts
48. nospoof on
49.  
50. sudo vi /etc/php5/apache2/php.ini
51.  
52. disable_functions = exec,system,shell_exec,passthru
53. register_globals = Off
54. expose_php = Off
55. magic_quotes_gpc = On
56.  
57. sudo apt-get install denyhosts
58.  
59. sudo vi /etc/denyhosts.conf
60.  
61. ADMIN_EMAIL = root@localhost
62. SMTP_HOST = localhost
63. SMTP_PORT = 25
64. #SMTP_USERNAME=foo
65. #SMTP_PASSWORD=bar
66. SMTP_FROM = DenyHosts nobody@localhost
67. #SYSLOG_REPORT=YES
68.  
69. sudo apt-get install fail2ban
70.  
71. sudo vi /etc/fail2ban/jail.conf
72.  
73. [ssh]
74.  
75. enabled = true
76. port = ssh
77. filter = sshd
78. logpath = /var/log/auth.log
79. maxretry = 3
80.  
81. destemail = root@localhost
82.  
83. action = %(action_)s
84.  
85. action = %(action_mwl)s
86.  
87. sudo vi /etc/fail2ban/jail.local
88.  
89. sudo /etc/init.d/fail2ban restart
90.  
91. sudo fail2ban-client status
92.  
93. sudo apt-get install rkhunter chkrootkit
94.  
95. sudo chkrootkit
96.  
97. sudo rkhunter --update
98. sudo rkhunter --propupd
99. sudo rkhunter --check
100.  
101. sudo apt-get install nmap
102.  
103. nmap -v -sT localhost
104.  
105. sudo nmap -v -sS localhost
106.  
107. sudo apt-get install logwatch libdate-manip-perl
108.  
109. sudo logwatch | less
110.  
111. sudo logwatch --mailto mail@domain.com --output mail --format html --range 'between -7 days and today'
112.  
113. sudo apt-get install tiger
114.  
115. sudo tiger
116.  
117. sudo less /var/log/tiger/security.report.*
118.  
119. **My heartiest best wishes to you. good luck.**