Locking Down a Linux box

I want to spend the next week looking at some of the different utilities used to lock down a Linux box and make it harder for someone to hack into it.

PS command
PS stands for process status. This command lists the current running processes on a system appropriate for the privilege of the user using the command and also their characteristics, when used with certain options. Used to check and minimize security breaches, unwanted accesses, and idle processes. If pid arguments are specified then only those processes are listed, otherwise all processes with the same effective user id and controlling terminal are listed.

Older versions of the PS program will return an error if the dash (-) is used. hence sometimes ps -aux will be shown as ps aux.

OPTIONS

-a, --interactive
List all processes associated with terminals.
-t, --terminals|ttys=tty...
List processes with controlling terminals in the tty list.
-T, --tree|forest
Display the process tree hierarchy in the COMMAND field list.
-u|U, --users=user...
List processes with real user id names or numbers in the user list.
-v, --verbose
List verbose error messages for inaccessible processes.
-x, --hex
List numeric entries in hexadecimal notation.

Useful Apt-Get commands

Here are some useful Apt-Get commands that I've found.

apt-get install rdate
This will install the rdate program once it's installed then you can decide which time server to set your clock against. The two time servers I've found are the National Research Council, Ottawa, Canada or the NIST Laboratories, Boulder, CO. The respective commands to be used are either rdate time.nrc.ca or rdate time.nist.gov

apt-get install makepasswd
This will install the makepasswd utility for randomly generated passwords. The command after the makepasswd utility is installed is makepasswd --count=10 this would generate 10 passwords of various lengths.

apt-get -s (command) (package name)
The -s option tells apt-get to simulate the events that would occur if the command were actually ran. Simulate prints out a series of lines representing the command action, but does not actually change the system.

InstallShield X and Linux

InstallShield has released a version of their popular Installation software for Linux.

Here is the Press Release with some of the features:

1. Easily create installations that will run on Linux using a dedicated
point-and-click interface
2. Compact Project Type for smallest footprint
3. Instantly Notify Users of Updates
4. Easily mark files that will always need to be overwritten at installation time
5. Mobile Device Support

Newsforge has an interview with Bob Corrigan, the product manager for InstallShield X, and Gerold Franke, InstallShield public relations, regarding their push into the Linux world.

One of the issues they've identified is the indivudual or corporation who are moving towards Linux and want an easy way to install software without having to get down and dirty with the install process. I think this is an important step in Linux making a move into mainstream use where users are focused on using the applications which can be used with Linux and not having users focus on specific installation processes.

********************* UPDATE

Linux Journal has a review of the Installshield utility for Linux. The following statement pretty much sums up what I talked aobut above, "in the Linux world, most of us are used to tweaking config files and compiling from source. This is not done in any other consumer OS. To be able to expand our user base, we need tools such as InstallShield X to make the experience of installing and upgrading as painless as possible."

Last command

last, lastb - show listing of last logged in users

The Last command searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and out) since that file was created. Names of users and tty's can be given, in which case last will show only those entries matching the arguments.

The Lastb command is the same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts.

The pseudo user reboot logs in each time the system is rebooted. Thus last reboot will show a log of all reboots since the log file was created.

OPTIONS

-num
This is a count telling last how many lines to show.

-n num
The same.

-t YYYYMMDDHHMMSS
Display the state of logins as of the specified time. This is useful, e.g., to determine easily who was logged in at a particular time -- specify that time with -t and look for "still logged in".

-R
Suppresses the display of the hostname field.

-a
Display the hostname in the last column. Useful in combination with the next flag.

-d
For non-local logins, Linux stores not only the host name of the remote host but its IP number as well. This option translates the IP number back into a hostname.

-i
This option is like -d in that it displays the IP number of the remote host, but it displays the IP number in numbers-and-dots notation.

-o
Read an old-type wtmp file (written by linux-libc5 applications).

-x
Display the system shutdown entries and run level changes.