====== Linux Security ======
===== Tools =====
==== Auditing ====
* [[https://linux-audit.com/lynis/|Lynis]]
* [[https://github.com/salesforce/hassh|hassh]] (SSH Fingerprinting)
==== Malware scanning ====
* Linux Malware Detect
* clamav
* [[http://rkhunter.sourceforge.net/|rkhunter]]
===== Best practices =====
==== Limits ====
#
# Resource limits imposed on login sessions via pam_limits
#
session required pam_limits.so
# /etc/security/limits.conf
# -
#
1000: hard nproc 32
1000: soft nofile 4096
1000: hard nofile 32768
1000: hard maxlogins 8
1000: soft priority 2
1000: hard priority 1
# End of file
==== hide information from users ====
=== remount /proc with -o hidepid ===
^ hidepid=0 | The old behavior – anybody may read all world-readable /proc/PID/* files (default). |
^ hidepid=1 | It means users may not access any /proc// directories, but their own. Sensitive files like cmdline, sched*, status are now protected against other users. |
^ hidepid=2 | It means hidepid=1 plus all /proc/PID/ will be invisible to other users. It compicates intruder’s task of gathering info about running processes, whether some daemon runs with elevated privileges, whether another user runs some sensitive program, whether other users run any program at all, etc. |
sudo mount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=1 /proc
Source: [[https://www.cyberciti.biz/faq/linux-hide-processes-from-other-users/|cyberciti.biz]]