Whitelist

11 - Linux Security: system auditing with LYNIS open source tool

SYSTEM AUDITING WITH LYNIS OPEN SOURCE TOOL

- Layout for this exercise:

- Lynis is a open source security auditing tool for UNIX derivatives like Linux, macOS, BSD, Solaris, AIX, and others, performing an in-depth security scan.

https://cisofy.com/

- Creating a directory for lynis:

- Downloading lynis:

- Extracting:

- Contents of folder lynis:

- Running lynis without commands/parameters/options gives us information about the possibilities of this application:

- Commands to be used:

- Options:

- Now let's run lynis audit system. As its name indicates linys performs auditing for the system in a really deep way so the displayed output is huge.

- Let's see some of the information generated by linys:

......... etc .............

- Also some suggestions are provided:

......... etc .............

- A final summary:

- The whole report can be found at files lynis.log and lynis-report.dat inside the folder /var/log:

- Opening lynis-report.dat:

- At the suggestions section there is a lot of interesting information:

- For instance, the consideration of setting to no the directive PermitRootLogin with the purpose of disabling SSH root connection, like we saw in a previous exercise:

10 - Linux Security: restricting SSH users connections

RESTRICTING SSH USERS CONNECTIONS

- Layout for this exercise:

- At any of the cases studied in this exercise the configuration file to be changed is /etc/ssh/sshd_config:

1 - SSH root restrictions

- By default the authentication for the root is set to PermitRootLogin without-password, meaning that the root is only allowed to SSH login with a key:

- To disable the SSH root login change to PermitRootLogin no:

- Restarting SSH service:

- Now there is no successful access for the root:

- Changing the root permission to yes:

- Now the access is successful:

2 - SSH other users restrictions

- Editing the file /etc/ssh/sshd_config and adding a line with directive AllowUsers to allow johndoe:

- Restarting SSH service:

- SSH connection for johndoe is successful:

- However, SSH access it is not possible for user marie because this user is not included in the line AllowUsers:

- Adding user marie to the directive AllowUsers:

- Restarting SSH service:

- Connecting successfully to user marie:

- Another way to deny a user to connect with SSH (apart of not including into the directive AllowUsers line) is to write an specific DenyUsers directive for the non allowed users. For instance let's take user kevin:

- Restarting SSH service:

- Now user kevin cannot connect to the SSH service:

- Same configurations and directives can be followed for groups in the same way of users.

9 - Linux Security: generating a pair of SSH keys (public/private)

GENERATING A PAIR OF SSH KEYS (PUBLIC/PRIVATE)

- Layout for this exercise:

- Public key cryptography or asymmetrical cryptography is a cryptographic system that uses a pair of keys.

- Public keys may be disseminated widely, and private keys are known only to the owner.

- This accomplishes two functions: authentication, which is when the public key is used to verify that a holder of the paired private key sent the message, and encryption, whereby only the holder of the paired private key can decrypt the message encrypted with the public key:

https://en.wikipedia.org/wiki/Public-key_cryptography

- Generating a pair of keys (private and public) according to the RSA asymmetric cryptographic algorithm. Notice that a passphrase is optionally asked for:

https://en.wikipedia.org/wiki/RSA_(cryptosystem)