Linux server Hardening

Posted on by

Linux Server Hardening steps:

1. Setting message of the day, banner /etc/motd

2. Creating Admin service accounts

3. Setting Password ageing policy via /etc/login.defs
echo "PASS_MAX_DAYS 90" >> /etc/login.defs
echo "PASS_MIN_DAYS 1" >> /etc/login.defs
echo "PASS_MIN_LEN 8" >> /etc/login.defs
echo "PASS_WARN_AGE 14" >> /etc/login.defs

4. Enforcing stronger passwords: /etc/pam.d/system-auth
echo $test minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 difok=3 >> /etc/pam.d/system-auth
maximum credit for lower-case, upper-case, numeric (digit), and non-alphanumeric (other) characters, respectively

5. setting root password and disabling direct login of root
chage -M 99999 root
echo "PermitRootLogin no" >> /etc/ssh/sshd_config

6. Changing Run-level from 5 to 3

Post Views: 1,502