Linux Tuning

Rootkit

Rootkit is a term for a software package that grants root access to your system for an attacker. They are the death of a Linux system, unlike a Windows server, there is not much you can do to solve the problem. It is always best to know when this has occurred so you can reinstall and restore the system. Because most rootkits are created by script-kiddies, sometimes knowing a specific rootkit exists will be sufficient to remove and repair. Google the rootkit to determine the best solution.

rkhunter is a great method for detecting rootkits, Trojans and changes required on the system to make it more secure. To obtain the package:

sudo apt-get install rkhunter

Just like an AV system, the package will have updates that will help detect signatures of rootkits, Trojans and security changes. To update the package:

sudo rkhunter--update

sudo rkhunter --check or -c

Forcing Password Aging

We have talked about this throughout our class, but an important security measure that should always be taken is to assure that our users have their password limitations. On most Linux and Unix distros, the chage command will help us enforce this for users.

To view a users’ configuration:

sudo chage -l username

Linux Secure Server

Rootkit

Rootkit is a term for a software package that grants root access to your system for an attacker. They are the death of a Linux system, unlike a Windows server, there is not much you can do to solve the problem. It is always best to know when this has occurred so you can reinstall and restore the system. Because most rootkits are created by script-kiddies, sometimes knowing a specific rootkit exists will be sufficient to remove and repair. Google the rootkit to determine the best solution.

rkhunter is a great method for detecting rootkits, Trojans and changes required on the system to make it more secure. To obtain the package:

sudo apt-get install rkhunter

Just like an AV system, the package will have updates that will help detect signatures of rootkits, Trojans and security changes. To update the package:

sudo rkhunter--update

sudo rkhunter --check or -c

Forcing Password Aging

We have talked about this throughout our class, but an important security measure that should always be taken is to assure that our users have their password limitations. On most Linux and Unix distros, the chage command will help us enforce this for users.

To view a users’ configuration:

sudo chage -l username

Fedora: how to add a sudo user (no password)

To avoid this needing to type password for sudo, you can edit /etc/sudoers and add this command at the end of the file:

$ sudo visudo

Note if you want to change the default editor use

$ sudo update-alternatives --config editor

Use the safe command sudo visudo to edit and check the syntax of the edits, otherwise if you directly edit and make a mistake you computer might not work.

%admin ALL=(ALL) NOPASSWD: ALL

Save and exit. Finally, you will also need to create the admin group:

groupadd admin

and again, you need to be part of the admin group. So type this command in a shell:

# usermod -a -G admin <your username>

You should be able to use sudo without password.

To increase timeout for sudo

Defaults timestamp_timeout=1800   # increase the sudo timeout