The Mega Guide to Hardening and Securing CentOS 7 – Part 2

Continuing the previous tutorial on how to secure CentOS 7, in this article we’ll discuss other security tips that will be presented on the below checklist. Requirements The Mega Guide To Harden and Secure...

Spread the love

Continuing the previous tutorial on how to secure CentOS 7, in this article we’ll discuss other security tips that will be presented on the below checklist.

Hardening and Securing of CentOS 7 Server

Hardening and Securing of CentOS 7 Server

Requirements

  1. The Mega Guide To Harden and Secure CentOS 7 – Part 1

21. Disable Useless SUID and SGID Commands

If the setuid and setgid bits are set on binary programs, these commands can run tasks with other user or group rights, such as root privileges which can expose seriously security issues.

Often, buffer overrun attacks can exploit such executables binaries to run unauthorized code with the rights of a root power user.

# find / -path /proc -prune -o -type f \( -perm -4000 -o -perm -2000 \) -exec ls -l {} \;

To unset the setuid bit execute the below command:

# chmod u-s /path/to/binary_file


To unset the setgid bit run the below command:

# chmod g-s /path/to/binary_file

22. Check for Unowned Files and Directories

Files or directories not owned by a valid account must be deleted or assigned with permissions from a user and group.

Issue the below command to list files or directories with no user and group.

# find / -nouser -o -nogroup -exec ls -l {} \;

23. List World-Writeable Files

Keeping word-writable file on the system can be dangerous due to the fact that anyone can modify them. Execute the below command in order to display word-writeable files, except Symlinks, which are always world-writeable.

# find / -path /proc -prune -o -perm -2 ! -type l –ls

24. Create Strong Passwords

Create a password of minimum of eight characters. The password must contain digits, special characters and uppercase letters. Use pwmake to generate a password of 128 bits from /dev/urandom file.

# pwmake 128

25. Apply Strong Password Policy

Force the system to use strong passwords by adding the below line in /etc/pam.d/passwd file.

password required pam_pwquality.so retry=3

Adding the above line, the password entered cannot contain more than 3 characters in a monotonic sequence, such as abcd, and more than 3 identical consecutive characters, such as 1111.

To force users to use a password with a minimum length of 8 characters, including all classes of characters, strength-check for character sequences and consecutive characters add the following lines to the /etc/security/pwquality.conf file.

minlen = 8
minclass = 4
maxsequence = 3
maxrepeat = 3
Facebook Comments

More Stuff

15 Useful MySQL/MariaDB Performance Tuning and Optimization Tips MySQL is a powerful open source Relational Database Management System or in short RDBMS. It was released back in 1995 (20 years old). It uses Structur...
Installation Guide of Fedora 24 Workstation with Screenshots After breaking the news on TecMint news section to our readers and followers about the official release of Fedora 24 which was earlier on that day ann...
Password-protecting an entire WordPress site It’s quite a common scenario – you’ve developed a great WordPress site, and you need to show it to your client, but you don’t want the rest of the wor...
RHCE Series: Implementing HTTPS through TLS using Network Security... If you are a system administrator who is in charge of maintaining and securing a web server, you can’t afford to not devote your very best efforts to ...
Spread the love

Posted by News Monkey