about summary refs log tree commit diff stats
path: root/core/hardening.html
diff options
context:
space:
mode:
Diffstat (limited to 'core/hardening.html')
-rw-r--r--core/hardening.html48
1 files changed, 37 insertions, 11 deletions
diff --git a/core/hardening.html b/core/hardening.html
index 1455398..8e9788f 100644
--- a/core/hardening.html
+++ b/core/hardening.html
@@ -2,25 +2,51 @@
 <html dir="ltr" lang="en">
     <head>
         <meta charset='utf-8'>
-        <title>2.2. Hardening</title>
+        <title>2.6. Hardening</title>
     </head>
     <body>
 
         <a href="index.html">Core OS Index</a>
 
-        <h1>2.2. Hardening</h1>
+        <h1>2.6. Hardening</h1>
 
-        <p>Check <a href="apparmor.html">apparmor</a>,
-        <a href="sysctl.html">sysctl</a>, 
-        <a href="toolchain.html">toolchain</a> and
-        <a href="samhain.html">samhain</a> before running tests.</p>
+        <h2>2.6.0.1 System configuration</h2>
 
-        <p>Mount some filesystems in read only</p>
-        <p>Check processes running as root</p>
-        <p>Check processes users premissions</p>
+        <dl>
+            <dt>File systems</dt>
+            <dd>Check <a href="install.html#fstab">fstab</a> and current mount options. Mount filesystems in read only, only strict necessary in rw.</dd>
+            <dt>Sys</dt>
+            <dd>Check kernel settings with <a href="sysctl.html">sysctl</a>.</dd>
+            <dt>Iptables</dt>
+            <dd>Check if <a href="network.html#iptables">iptables</a> rules are loaded and are correctly logging.</dd>
+            <dt>Apparmor</dt>
+            <dd>Check if <a href="apparmor.html">apparmor</a> is active and enforcing policies.</dd>
+            <dt>Samhain</dt>
+            <dd>Check if <a href="samhain.html">samhain</a> is running.</dd>
+            <dt>Toolchain</dt>
+            <dd>Build ports using hardened <a href="toolchain.html">toolchain</a> settings.</dd>
+        </dl>
+
+        <h2>System security</h2>
+
+        <pre>
+        $ sudo prt-get depinst checksec
+        </pre>
+
+        <dl>
+            <dt>User / Pam</dt>
+            <dd>Normal user is not part of wheel group
+            or have administration rights.</dd>
+            <dd>Disable su.</dd>
+            <dt>Processes</dt>
+            <dd>Check processes running as root</dd>
+            <dd>Check processes users premissions</dd>
+        </dl>
+
+        <h2>2.6.0.2 Lynis</h2>
 
         <pre>
-        $ sudo prt-get depinst checksec lynis
+        $ sudo prt-get depinst lynis
         </pre>
 
         <p>Lynis gives a view of system overall configuration, without changing
@@ -44,7 +70,7 @@
 
         <a href="index.html">Core OS Index</a>
         <p>This is part of the Hive System Documentation.
-        Copyright (C) 2018
+        Copyright (C) 2019
         Hive Team.
         See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
         for copying conditions.</p>
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-12-12 01:45:19 +0000