Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Would doing any of this harm my PC? I'm mainly concerned with removing a user or group that i need and not being able to add it back with everything it needs...
Shutting down services
Code:
/etc/rc.d/rc.S:
Lines 171-175: comment out isapnp.conf
Lines 193-195: comment out rc.pcmcia
/etc/rc.d/rc.M:
Lines 50-53: comment out lpd
Line 67: comment out atd
Lines 117-122: comment out apmd
Lines 141-143: comment out rc.ibcs2
#Lines 146-148: comment out rc.httpd
Lines 155-157: comment out samba
/etc/rc.d/rc.4:
Line 23 add: -udpPort 0
/etc/rc.d/rc.inet2:
Line 22: IPV4_FORWARD=0
Lines 48-51: comment out rpc.portmapper
Lines 83-88: comment out inetd
Lines 108-110: comment out rc.nfsd
Lines 114-117: comment out lpd
/etc/rc.d/:
chmod -R go-rwx /etc/rc.d
chmod 600 /usr/lib/news/bin/rc.news
/etc/inetd.conf:
grep -v "^#" /etc/inetd.conf
Comment the results
/etc/orbitrc:
ORBIIOPUSock=1
ORBIIOPIPv4=0
ORBIIOPIPv6=0
/usr/X11R6/bin/startx:
serverargs="-nolisten tcp"
Removing users and groups
Code:
/etc/shells:
Delete the following:
/bin/csh
/bin/ksh
/bin/zsh
Add the following:
/bin/sh
/bin/false
/etc/passwd & /etc/shadow:
Delete the following:
adm
uucp
operator
Add /bin/false as the shell to the following:
bin
daemon
ftp
games
lp
mail
mysql
news
http
nobody
Note: Don't run these if you like to make the passwd and shadow
file immutabled (chattr +i ...). It gets ugly.
/usr/bin/passwd -x 30 -w 7 root
/usr/bin/passwd -x 30 -w 7 dentonj
/etc/group:
Delete the following:
adm
lp
uucp
/usr/sbin/pwck
/usr/sbin/grpck
The above may create a long list of programs that no longer
belong to any group.
find / -nouser -o -nogroup -ls > nouser
chown root.root <the results>
/etc/sudoers:
ALL ALL=/usr/local/sbin/logit
ALL ALL=/usr/bin/tail
Haven't seen anything weird, but then again I don't use Slack. Making backups and permission listings or using filesystem integrity app comes in handy... Before commenting services out, you better deinstall SW you don't need. Easier, saves doing upgrades and curbs risks. BTW, I hope this is not the only filesystem hardening you'll be doing, right?
Thanks, just out of curiosity what the adm user/group for? I've tried searching google with various keywords but theres just to many irrelevant results that comes up.
"BTW, I hope this is not the only filesystem hardening you'll be doing, right?"
Nope, i'm going through the links on your stickey thread now... Great post
Thanks, just out of curiosity what the adm user/group for? Historically, the group that owns part of the administration trail, logfiles, it's home being /var/adm. Think /var/adm/messages, /var/adm/wtmp and on. Since the FSSTND deprecated in favour of /var/log.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.