Issuu on Google+

# apt-get install openssh-client openssh-server

# What to do when CTRL-ALT-DEL is pressed. #ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now ca:12345:ctrlaltdel:/usr/bin/logger -s -p auth.notice -t [INIT] "CTRL+ALT+DEL caught but ignored! This is not a Windows(r) machine."

# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub 2048 44:c3:7c:1e:0c:f6:24:82:2f:b7:f8:83:93:1f:08:13 /etc/ssh/ssh_host_rsa_key.pub

Protocol 2 Port 222 SilentDeny yes PasswordAuthentication no PermitRootLogin no RSAAuthentication yes AllowedAuthentications publickey RequiredAuthentications publickey MaxStartups 2 LoginGraceTime 30 IdleTimeout 15m Ciphers anycipher Ciphers anystdcipher ForwardAgent no Forward X11 no

/sbin/iptables -L

/etc/hosts.allow

/etc/hosts.deny.

This manual is free software; you may redistribute it and/or modify it under the terms of the GNU General Public License (http://www.debian.org/releases/stable/amd64/apf.html.en)


password --md5 passwordhash # /etc/init.d/openbsd-inetd stop

Securing Debian Manual ,� http://www.debian.org/doc/manuals/securing-debianhowto/.

# update-rc.d -f openbsd-inetd remove

# vi /etc/issue *********************Warning********************* Authorized uses only. All activity may be monitored and reported. *************************************************

serveur:~# apt-get update [...] serveur:~# apt-get dist-upgrade

/sbin/grub-md5-crypt.

apt-get remove --purge acpid dhcp3-common dhcp3-client klogd

# /etc/fstab: static file system information. [...] /dev/ida/c1d1p3 /home ext3 defaults,nosuid 0 2 /dev/ida/c1d1p1 /srv ext3 defaults 0 2 /dev/ida/c1d1p2 /tmp ext3 defaults,nosuid 0 2 [...]


Linux Hardening Tips