Its not enough to harden just Ubuntu. Its necessary to harden the rest of LAMP as well. So here is how I do it. Harden MYSQL sudo mysql_secure_installation answer Yes to all questions (but no need to change password) Harden PHP – and tune performance sudo apt-get install php5-suhosin sudo vi /etc/php5/apache2/php.ini uncomment this code or update setting max_execution_time =...
sudo fdisk -l sudo fdisk /dev/sdc1 p d n p 1 w sudo mkfs -t ntfs /dev/sdc1
sysctl -w vm.swappiness=0 sudo vi /etc/sysctl.conf vm.swappiness=0
sudo vi /etc/apt/sources.list update/add deb http://cdn.debian.net/debian/ wheezy main deb-src http://cdn.debian.net/debian/ wheezy main deb http://security.debian.org/ wheezy/updates main deb-src http://security.debian.org/ wheezy/updates main # wheezy-updates, previously known as ‘volatile’ deb http://cdn.debian.net/debian/ wheezy-updates main deb-src http://cdn.debian.net/debian/ wheezy-updates main deb http://download.virtualbox.org/virtualbox/debian wheezy contrib deb-src http://download.virtualbox.org/virtualbox/debian wheezy contrib deb http://http.debian.net/debian/ wheezy-backports main contrib deb-src http://http.debian.net/debian/ wheezy-backports main contrib
A useful script to remove duplicate files, especially designed for saving space for backup purposes. What the program does; finds all files in a Source Directory, puts them into an array, then finds all files in a Target Directory, putting those into another array (edit accordingly). The arrays are compared for matching file names. Matches are then compared for file...
df unmount fdisk -l dd if=debian-live-7.6.0-i386-standard.iso of=sdc bs=4M; sync
Script to Update and Upgrade #! /bin/bash chmod 700 /usr/bin/apt-get chmod 700 /usr/bin/aptitude chmod 700 /usr/bin/dpkg swapoff -a chown username:username /home/username/* chmod 700 /home/username/* apt-get update && apt-get upgrade –show-upgraded -y Script to End session and Harden some critical files #! /bin/bash swapon -a chmod 000 /usr/bin/apt-get chmod 000 /usr/bin/aptitude chmod 000 /usr/bin/dpkg find /home/username/ -size 0 -exec rm '{}'...
sudo tail -f /var/log/apache2/other_vhosts_access.log | grep “404”
Delete all matching lines containing a string :g/46.223.1./d Replace all matching text in a file :.,$s/wrong/right/
When it comes to manipulating files, you can do almost anything with GREP SED AWK VI and FIND (and I’m a novice). My notes (taken from far more capable individuals online than I. Thank you all for the education.) File manipulation using AWK, GREP, SED, FIND, VI AWK AWK to extract IPs from logs Lists of IPs from log file...
Rsync Installation Instuctions sudo apt-get install rsync sudo vi /etc/rsyncd.conf copy into rsyncd.conf motd file = /etc/rsyncd.motd path = /home/username comment = This is the path to folder on the server uid = nobody gid = nobody read only = false auth users = username secrets file = /etc/rsyncd.scrt change username/servername sudo vi /etc/rsyncd.motd any message you want sudo vi...
Enter at the prompt $ bash If command not found error, install BASH # pkg_add -r -v bash Now find where BASH is installed $ which bash You should see (Ubuntu) /bin/bash Change shell to BASH $ chsh -s /bin/bash username username is your User Name You should see: Password: Provide your login password You’ll need to logout (exit) and...
Users and Groups Users are located in /etc/passwd Groups are located in /etc/group The administrative ROOT account is disabled by default in Ubuntu . If you wish to enable the root account, simply give it a password by typing sudo passwd To disable the root account sudo passwd -l root The initial user created by the Ubuntu installer is a...
Customize apache2 other_vhosts_access.log format so fail2ban can use it. sudo vi /etc/apache2/apache2.conf On line 255 insert LogFormat “%t %v:%p %h %l %u \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” fail2ban Comment out the following line #LogFormat “%v:%p %h %l %u %t \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” vhost_combined sudo vi /etc/apache2/conf.d/other-vhosts-access-log change the end of the line (or duplicate and comment out) as...
Changing banaction to ROUTE worked, while IPTABLES-ALLPORTS failed with error No Host Found 2014-09-26 10:55:24,662 fail2ban.filter : ERROR No ‘host’ found in ‘113.71.191.49 – – [ +0000] “GET /phpMyAdmin/scripts/setup.php HTTP/1.1” 500 833 “-” “-” ‘ using ‘‘ [apache-phpmyadmin-access] enabled = true #banaction = iptables-allports banaction = route port = http,https filter = apache-phpmyadmin-access logpath = /var/log/apache2/access.log maxretry = 0 #...