Linux Security
Tools
Auditing
Malware scanning
- Linux Malware Detect
- clamav
Best practices
Limits
- /etc/pam.d/login
# # Resource limits imposed on login sessions via pam_limits # session required pam_limits.so
- /etc/security/limits.conf
# /etc/security/limits.conf #<domain> <type> <item> <value> # 1000: hard nproc 32 1000: soft nofile 4096 1000: hard nofile 32768 1000: hard maxlogins 8 1000: soft priority 2 1000: hard priority 1 # End of file
hide information from users
remount /proc with -o hidepid
hidepid=0 | The old behavior – anybody may read all world-readable /proc/PID/* files (default). |
---|---|
hidepid=1 | It means users may not access any /proc/<pid>/ directories, but their own. Sensitive files like cmdline, sched*, status are now protected against other users. |
hidepid=2 | It means hidepid=1 plus all /proc/PID/ will be invisible to other users. It compicates intruder’s task of gathering info about running processes, whether some daemon runs with elevated privileges, whether another user runs some sensitive program, whether other users run any program at all, etc. |
sudo mount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=1 /proc
Source: cyberciti.biz