# Forty-Bot's Linux Checklist

8/19/2019 # Forty-Bot's Linux Checklist

1/3

# Forty-Bot's 0x539 Linux Checklist v0.2

## Notes

**! " co"n$ errors or !"ils% try it "&"in ith (su$o( )or (su$o ( to s"ve ty+in&,**

**oo&le "nythin& "n$ everythin&. ! you $on't kno or un$erst"n$ soethin&% &oo&le it.**

hen you see the synt"x (/or$(% $o not ty+e it ver"ti% ut inste"$ sustitute the "++ro+ri"te

or$ )usu"lly re!erence$ in " +revious co"n$,

hen the or$er o! ste+s $oes not "tter% ullet +oints h"ve een use$ inste"$ o! or$in"ls.

## Checklist

1. e"$ the re"$e

Note $on hich +ortsusers "re "lloe$

1. 4ecure root

set (eritootLo&in no( in (etcsshssh$6con!i&(

1. 4ecure 7sers

1. 8is"le the &uest user

1. +en u+ (etc+"ss$( "n$ check hich users

* :re ui$ 0* C"n lo&in

* :re "lloe$ in the re"$e

1. 8elete un"uthori;e$ users

(su$o user$el -r /user(

(su$o &rou+$el /user(

1. Check (etcsu$oers.$( "n$ "ke sure only eers o! &rou+ su$o c"n su$o

1. Check (etc&rou+( "n$ reove non-"$ins !ro su$o "n$ "$in &rou+s

1. Check user $irectories

1. c$ (hoe(1. (su$o ls -" *(

1. Look in "ny $irectories hich sho u+ !or e$i" !ilestools "n$or uisite +"6cr"ckli.so try6!irst6+"ss retry?3 inlen&th?12


2/3

$i!ok?@(

1. Ch"n&e "ll +"ssor$s to s"tis!y this re>uireent

1. =n"le "uto"tic u+$"tes

1. n the &ui :++lic"tions-A4yste),-A:$inistr"tion-A7+$"te)s, "n"&er 1. +en u+ o+tionssettin&s% "n$ u+$"te $"ily "n$ "uto"tic"lly inst"ll stu!!

1. 4ecure +orts

1. (su$o ss -l(

1. ! " +ort h"s (12D.0.0.1E/+ort( in its line% th"t e"ns it's connecte$ to loo+"ck "n$

isn't ex+ose$. therise% there shoul$ only e +orts hich "re s+eci!ie$ in the re"$e o+en

)ut there +ro"ly ill e tons ore,

1. For e"ch o+en +ort hich shoul$ e close$%

1. (su$o lso! -i E/+ort(

1. Co+y the +ro&r" hich is listenin& on the +ort

(hereis /+ro&r"(

1. Co+y here the +ro&r" is )i! there is ore th"n one loc"tion% ust co+y the

!irst one,

($+k& -4 /loc"tion(

1. Ghis shos hich +"ck"&e +rovi$es the !ile )! there is no +"ck"&e% th"t e"ns

you c"n +ro"ly $elete it ith (r /loc"tionH kill"ll -9 /+ro&r"(,

(su$o "+t-&et +ur&e /+"ck"&e(

1. Check to "ke sure you "ren't "cci$ent"lly reovin& critic"l +"ck"&es e!ore

hittin& y

1. (su$o ss -l( to "ke sure the +ort "ctu"lly close$

1. =n"le !ire"ll

(su$o u! en"le(

1. un soe rootkit checkers

Note th"t there "re very likely to e **!"lse +ositives** hen usin& these tools. :l"ys

&oo&le the line !ro the lo& !iles e!ore t"lkin& "ction.

1. (su$o "+t-&et inst"ll rkhunter chkrootkit(

1. (su$o chkrootkit(1. (su$o rkhunter --check(

1. 4ecure cron

1. =nsure correct +erissions "re set

* (su$o chon - rootEroot etc*cron*(

* (su$o cho$ - @00 etc*cron*(


3/3

* (su$o chon - rootEroot v"rs+oolcron(

* (su$o cho$ - @00 v"rs+oolcron(

1. Check "ll cron ossettin&s

* (su$o vi -+ etc*cront"(

* (su$o vi -+ etc*cron**(

1. 7+$"tes

4t"rt this e!ore h"l!-"y

* 7+$"te services s+eci!ie$ in re"$e

1. oo&le to !in$ h"t the l"test st"le version is

1. oo&le uire$ services

7su"lly " ron& settin& in " con!i& !ile !or s>l% "+"che% etc. ill e " +oint.

1. Check !iles !or "$ "ttriutes

* Check orl$-rit"le $irs

(su$o !in$ -x$ev -ty+e $ I) -+er -0002 -" -+er -1000 I, -+rint(

(su$o cho$ Jt /$ir(

* Check !or orl$-rit"le !iles

(su$o !in$ -x$ev -ty+e ! -+er -0002 -+rint(

(su$o cho$ o- /!ile(

* Check !iles ith no &rou+user

(su$o !in$ -x$ev I) -nouser -o -no&rou+ I, -+rint(

:ssi&n "n "++ro+ri"te &rou+user )usu"lly root,

(chon rootEroot /!ile(

# Forty-Bot's Linux Checklist

Documents

Transcript of # Forty-Bot's Linux Checklist