====== Linux Security ======

===== Tools =====

==== Auditing ====
  * [[https://linux-audit.com/lynis/|Lynis]]
  * [[https://github.com/salesforce/hassh|hassh]] (SSH Fingerprinting)

==== Malware scanning ====

  * Linux Malware Detect
  * clamav
  * [[http://rkhunter.sourceforge.net/|rkhunter]]

===== Best practices =====

==== Limits ====

<file - /etc/pam.d/login>
#
# Resource limits imposed on login sessions via pam_limits
#
session  required  pam_limits.so
</file>

<file - /etc/security/limits.conf>
# /etc/security/limits.conf
#<domain>       <type>  <item>          <value>
#

1000:           hard    nproc           32
1000:           soft    nofile          4096
1000:           hard    nofile          32768
1000:           hard    maxlogins       8
1000:           soft    priority        2
1000:           hard    priority        1
# End of file
</file>

==== hide information from users ====

=== remount /proc with -o hidepid ===
^ hidepid=0 | The old behavior – anybody may read all world-readable /proc/PID/* files (default). |
^ hidepid=1 | It means users may not access any /proc/<pid>/ directories, but their own. Sensitive files like cmdline, sched*, status are now protected against other users. |
^ hidepid=2 | It means hidepid=1 plus all /proc/PID/ will be invisible to other users. It compicates intruder’s task of gathering info about running processes, whether some daemon runs with elevated privileges, whether another user runs some sensitive program, whether other users run any program at all, etc. |

<code bash>
sudo mount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=1 /proc
</code>

Source: [[https://www.cyberciti.biz/faq/linux-hide-processes-from-other-users/|cyberciti.biz]]