8/19/2019 # Forty-Bot's Linux Checklist
1/3
# Forty-Bot's 0x539 Linux Checklist v0.2
## Notes
**! " co"n$ errors or !"ils% try it "&"in ith (su$o( )or (su$o ( to s"ve ty+in&,**
**oo&le "nythin& "n$ everythin&. ! you $on't kno or un$erst"n$ soethin&% &oo&le it.**
hen you see the synt"x (/or$(% $o not ty+e it ver"ti% ut inste"$ sustitute the "++ro+ri"te
or$ )usu"lly re!erence$ in " +revious co"n$,
hen the or$er o! ste+s $oes not "tter% ullet +oints h"ve een use$ inste"$ o! or$in"ls.
## Checklist
1. e"$ the re"$e
Note $on hich +ortsusers "re "lloe$
1. 4ecure root
set (eritootLo&in no( in (etcsshssh$6con!i&(
1. 4ecure 7sers
1. 8is"le the &uest user
1. +en u+ (etc+"ss$( "n$ check hich users
* :re ui$ 0* C"n lo&in
* :re "lloe$ in the re"$e
1. 8elete un"uthori;e$ users
(su$o user$el -r /user(
(su$o &rou+$el /user(
1. Check (etcsu$oers.$( "n$ "ke sure only eers o! &rou+ su$o c"n su$o
1. Check (etc&rou+( "n$ reove non-"$ins !ro su$o "n$ "$in &rou+s
1. Check user $irectories
1. c$ (hoe(1. (su$o ls -" *(
1. Look in "ny $irectories hich sho u+ !or e$i" !ilestools "n$or uisite +"6cr"ckli.so try6!irst6+"ss retry?3 inlen&th?12
8/19/2019 # Forty-Bot's Linux Checklist
2/3
$i!ok?@(
1. Ch"n&e "ll +"ssor$s to s"tis!y this re>uireent
1. =n"le "uto"tic u+$"tes
1. n the &ui :++lic"tions-A4yste),-A:$inistr"tion-A7+$"te)s, "n"&er 1. +en u+ o+tionssettin&s% "n$ u+$"te $"ily "n$ "uto"tic"lly inst"ll stu!!
1. 4ecure +orts
1. (su$o ss -l(
1. ! " +ort h"s (12D.0.0.1E/+ort( in its line% th"t e"ns it's connecte$ to loo+"ck "n$
isn't ex+ose$. therise% there shoul$ only e +orts hich "re s+eci!ie$ in the re"$e o+en
)ut there +ro"ly ill e tons ore,
1. For e"ch o+en +ort hich shoul$ e close$%
1. (su$o lso! -i E/+ort(
1. Co+y the +ro&r" hich is listenin& on the +ort
(hereis /+ro&r"(
1. Co+y here the +ro&r" is )i! there is ore th"n one loc"tion% ust co+y the
!irst one,
($+k& -4 /loc"tion(
1. Ghis shos hich +"ck"&e +rovi$es the !ile )! there is no +"ck"&e% th"t e"ns
you c"n +ro"ly $elete it ith (r /loc"tionH kill"ll -9 /+ro&r"(,
(su$o "+t-&et +ur&e /+"ck"&e(
1. Check to "ke sure you "ren't "cci$ent"lly reovin& critic"l +"ck"&es e!ore
hittin& y
1. (su$o ss -l( to "ke sure the +ort "ctu"lly close$
1. =n"le !ire"ll
(su$o u! en"le(
1. un soe rootkit checkers
Note th"t there "re very likely to e **!"lse +ositives** hen usin& these tools. :l"ys
&oo&le the line !ro the lo& !iles e!ore t"lkin& "ction.
1. (su$o "+t-&et inst"ll rkhunter chkrootkit(
1. (su$o chkrootkit(1. (su$o rkhunter --check(
1. 4ecure cron
1. =nsure correct +erissions "re set
* (su$o chon - rootEroot etc*cron*(
* (su$o cho$ - @00 etc*cron*(
8/19/2019 # Forty-Bot's Linux Checklist
3/3
* (su$o chon - rootEroot v"rs+oolcron(
* (su$o cho$ - @00 v"rs+oolcron(
1. Check "ll cron ossettin&s
* (su$o vi -+ etc*cront"(
* (su$o vi -+ etc*cron**(
1. 7+$"tes
4t"rt this e!ore h"l!-"y
* 7+$"te services s+eci!ie$ in re"$e
1. oo&le to !in$ h"t the l"test st"le version is
1. oo&le uire$ services
7su"lly " ron& settin& in " con!i& !ile !or s>l% "+"che% etc. ill e " +oint.
1. Check !iles !or "$ "ttriutes
* Check orl$-rit"le $irs
(su$o !in$ -x$ev -ty+e $ I) -+er -0002 -" -+er -1000 I, -+rint(
(su$o cho$ Jt /$ir(
* Check !or orl$-rit"le !iles
(su$o !in$ -x$ev -ty+e ! -+er -0002 -+rint(
(su$o cho$ o- /!ile(
* Check !iles ith no &rou+user
(su$o !in$ -x$ev I) -nouser -o -no&rou+ I, -+rint(
:ssi&n "n "++ro+ri"te &rou+user )usu"lly root,
(chon rootEroot /!ile(
Top Related