Securing Debian


One thing I do when I have installed Debian is to tighten it down slightly. There are some great scripts to do this, such as bastille and also the securing debian howto but here is my top 10 lockdowns:

  1. Secure users home directories

    chmod -R 700 /home<br /> vi /etc/adduser.conf

  2. Disable all services not used and make sure that sshd is running on protocol2.

  3. Disable ftp (use ftpd-ssl or scp instead) and telnet (you should be using ssh)

  4. Disable root from accessing sshd, so only a normal user can log on then su.

  5. Configure logcheck to send logs to an outside email address.

    apt-get install logcheck

    vi /etc/logcheck/logcheck.conf

    If you need to change the frequency, edit the cron file here:

    vi /etc/cron.d/logcheck

  6. Get regular updates from your apt sources

  7. Restrict system reboots/shutdown on the console:

    vi /etc/inittab

    ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now

    vi /etc/shutdown.allow<br /> Add your users in that are allowed to shutdown the system when logged in

comments powered by Disqus