cis 193a – lesson4 bastille hardening a system. cis 193a – lesson4 focus question what linux...
TRANSCRIPT
![Page 1: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56649f315503460f94c4d27e/html5/thumbnails/1.jpg)
CIS 193A – Lesson4CIS 193A – Lesson4
BastilleHardening a System
![Page 2: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56649f315503460f94c4d27e/html5/thumbnails/2.jpg)
CIS 193A – Lesson4
Focus Question
What Linux utilities, commands, and files are used by Bastille to harden a system?
![Page 3: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56649f315503460f94c4d27e/html5/thumbnails/3.jpg)
CIS 193A – Lesson4
The Bastille Package
• /etc/Bastille - Configuration files (config)• /var/log/Bastille - Reports and log files• /var/log/Bastillerevert - backup files• /usr/lib/Bastille - Perl libraries • /usr/share/Bastille - Documentation
![Page 4: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56649f315503460f94c4d27e/html5/thumbnails/4.jpg)
CIS 193A – Lesson4
Command Syntax
• bastille –a # --assessAssess the system
• bastille –x # -c for cursesCreate config file and implement changes
• bastille –b <config>Harden system with specified configuration
• bastille –rUndoes the configuration
![Page 5: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56649f315503460f94c4d27e/html5/thumbnails/5.jpg)
CIS 193A – Lesson4
Bastille Groupings
• File Permissions• Account Security• Boot Security• Logging• Miscellaneous Daemons• Secure Inetd• Disable User Tools• Services: Sendmail, Printing, Apache, DNS, FTP
![Page 6: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56649f315503460f94c4d27e/html5/thumbnails/6.jpg)
CIS 193A – Lesson4
File Permissions
• Setting permissions in /sbin and /usr/sbin to 750 instead of 755
• Removing setuid bits from:– mount, umount– ping traceroute– dump restore– at– X windows– others
![Page 7: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56649f315503460f94c4d27e/html5/thumbnails/7.jpg)
CIS 193A – Lesson4
Account Security
• Disable clear text r-protocols• Add password aging• Strengthen umask• Disable root loggins on ttys• Remove extraneous accounts and
groups• Restrict use of cron to root account
![Page 8: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56649f315503460f94c4d27e/html5/thumbnails/8.jpg)
CIS 193A – Lesson4
Boot Security
• Password protect grub or lilo• Disable ctrl-alt-del reboot sequence• Password protect single user mode
![Page 9: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56649f315503460f94c4d27e/html5/thumbnails/9.jpg)
CIS 193A – Lesson4
Logging
• Adding additional logging• Activating system auditing• Turning on process accounting
![Page 10: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56649f315503460f94c4d27e/html5/thumbnails/10.jpg)
CIS 193A – Lesson4
Miscellaneous Daemons
• Disable the following services:– apmd / acpid– nfs, nis– samba– pcmcia– gpm– kudzu– etc
![Page 11: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56649f315503460f94c4d27e/html5/thumbnails/11.jpg)
CIS 193A – Lesson4
Secure Inetd
• Disable telnet service• Disable ftp service• Include default deny for hosts.deny• Banners: authorized use warnings
![Page 12: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56649f315503460f94c4d27e/html5/thumbnails/12.jpg)
CIS 193A – Lesson4
Disable User Tools
• Disable compilers
![Page 13: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56649f315503460f94c4d27e/html5/thumbnails/13.jpg)
CIS 193A – Lesson4
Review
![Page 14: CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56649f315503460f94c4d27e/html5/thumbnails/14.jpg)
CIS 193A – Lesson4
Focus Question
What Linux utilities, commands, and files are used by Bastille to harden a system?
Bastille uses grub, PAM, chkconfig, chmod, iptables, and edits such files as
issue, securetty, nologin, inittab, login.defs, as well as service
configuration files.