Pick a Free OS

User login

Navigation

GNU Linux Security

can make the /etc/lilo.conf as an immutable file so that normally no one can edit and add any changes. You can do this by executing.

chattr +i /etc/lilo.conf

Note: But when you again modify something in this file please remove the immutable bit and edit any changes.

Disabling the CTRL+ALT+DEL - 3 finger salute

You can edit the /etc/inittab file and find out the entry. You can edit the /etc/inittab file and find out the

entry

ca::ctrlaltdel:/sbin/shutdown -t3 -r now

and put a #, so that line looks like this

#ca::ctrlaltdel:/sbin/shutdown

-t3 -r now

Where # represents a comment. after this you need to execute

/sbin/init q

This will make sure that after pressing the key combinations the system does not reboot. Also set the immutable bit on the /etc/services file like this

chattr +i /etc/services

Edit the /etc/securetty file. This file allows you to specify on which tty's and Virtual Consoles(VC) root is allowed to login

The tty and VC's listed here, will allow root to login on certain tty's or VC's. On other tty or vs root user will not be allowed and user has to "su" to become root. Disable all accounts on the system which you do not use like for e.g.

userdel adm
userdel operator

also,remove the groups

groupdel adm
groupdel operator

then make the following file immutable

chattr +i /etc/passwd
chattr +i /etc/shadow
chattr +i /etc/gshadow
chattr +i /etc/group

Note:if you are editing this file for some reason,please remove the immutable bit like this:

chattr -i /etc/

Change the mode of "rpm" binary so that only root is able to use it.

chmod 700 /bin/rpm

Increase the Security of /etc/rc.d/init.d/ files. So change the permissions if all the file to 700 like this:

#chmod

-R 700 /etc/init.d/*
#chmod -R 700 /etc/init.d/*

Remove the /etc/issue and /etc/issue.net files. /etc/issue.net is the banner

which users see when they remote login to the system. Find the

SUID and SGID file on the system and make a list for your reference

in case system gets compromised then you can compare the changes

happened in the system. To find out the files use:

find / -type f \( -perm -04000 -o -perm -02000 \) -exec ls -l \{\} \; >

SuSgfiles

it will create a file "SuSgfile" of file

on whome suid and sgid bits have been set.

find the unusual or hidden file

s

find / -name ".. " -print

-xdev
find / -name ".*" -print -xdev |cat