diff options
| author | Silvino <silvino@bk.ru> | 2019-06-09 02:19:01 +0100 |
|---|---|---|
| committer | Silvino <silvino@bk.ru> | 2019-06-09 02:19:01 +0100 |
| commit | 44ee76746ec6f23f3e67602770e4a04ab8471e95 (patch) | |
| tree | 683431688f592c1fb87b03e1e7d7e1e985fd2045 /core/hardening.html | |
| parent | f905c797c8f2ec87a8aa641a44c49fc1d0a23ebe (diff) | |
| download | doc-44ee76746ec6f23f3e67602770e4a04ab8471e95.tar.gz | |
core index re-ordering and tools storage revision
Diffstat (limited to 'core/hardening.html')
| -rw-r--r-- | core/hardening.html | 48 |
1 files changed, 37 insertions, 11 deletions
diff --git a/core/hardening.html b/core/hardening.html index 1455398..8e9788f 100644 --- a/core/hardening.html +++ b/core/hardening.html @@ -2,25 +2,51 @@ <html dir="ltr" lang="en"> <head> <meta charset='utf-8'> - <title>2.2. Hardening</title> + <title>2.6. Hardening</title> </head> <body> <a href="index.html">Core OS Index</a> - <h1>2.2. Hardening</h1> + <h1>2.6. Hardening</h1> - <p>Check <a href="apparmor.html">apparmor</a>, - <a href="sysctl.html">sysctl</a>, - <a href="toolchain.html">toolchain</a> and - <a href="samhain.html">samhain</a> before running tests.</p> + <h2>2.6.0.1 System configuration</h2> - <p>Mount some filesystems in read only</p> - <p>Check processes running as root</p> - <p>Check processes users premissions</p> + <dl> + <dt>File systems</dt> + <dd>Check <a href="install.html#fstab">fstab</a> and current mount options. Mount filesystems in read only, only strict necessary in rw.</dd> + <dt>Sys</dt> + <dd>Check kernel settings with <a href="sysctl.html">sysctl</a>.</dd> + <dt>Iptables</dt> + <dd>Check if <a href="network.html#iptables">iptables</a> rules are loaded and are correctly logging.</dd> + <dt>Apparmor</dt> + <dd>Check if <a href="apparmor.html">apparmor</a> is active and enforcing policies.</dd> + <dt>Samhain</dt> + <dd>Check if <a href="samhain.html">samhain</a> is running.</dd> + <dt>Toolchain</dt> + <dd>Build ports using hardened <a href="toolchain.html">toolchain</a> settings.</dd> + </dl> + + <h2>System security</h2> + + <pre> + $ sudo prt-get depinst checksec + </pre> + + <dl> + <dt>User / Pam</dt> + <dd>Normal user is not part of wheel group + or have administration rights.</dd> + <dd>Disable su.</dd> + <dt>Processes</dt> + <dd>Check processes running as root</dd> + <dd>Check processes users premissions</dd> + </dl> + + <h2>2.6.0.2 Lynis</h2> <pre> - $ sudo prt-get depinst checksec lynis + $ sudo prt-get depinst lynis </pre> <p>Lynis gives a view of system overall configuration, without changing @@ -44,7 +70,7 @@ <a href="index.html">Core OS Index</a> <p>This is part of the Hive System Documentation. - Copyright (C) 2018 + Copyright (C) 2019 Hive Team. See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> for copying conditions.</p> |