Skip to content

corrected a typo and added in some suggestions #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
colonket wants to merge 2 commits into
base: master
Choose a base branch
from
Open

corrected a typo and added in some suggestions #7

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
80b8874
corrected typo at 'ocredit' of pamcracklib guide
colonket Mar 27, 2021
19f5063
using netstat instead of ss and suggesting sudo -s
colonket Mar 27, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 7 additions & 6 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ When the order of steps does not matter, bullet points have been used instead of

To edit files, run `gedit`, a graphical editor akin to notepad; `nano`, a simple command-line editor; or `vim`, a powerful but less intuitive command-line editor. Note that vim may need to be installed with `apt-get install vim`.

If you don't want to type sudo every time, you can switch to the root user with `sudo -s`

## Checklist

1. Read the readme
Expand Down Expand Up @@ -63,7 +65,7 @@ To edit files, run `gedit`, a graphical editor akin to notepad; `nano`, a simple
1. Add `minlen=8` to the end of the line that has `pam_unix.so` in it.
1. Add `remember=5` to the end of the line that has `pam_unix.so` in it.
1. Locate the line that has pam.cracklib.so in it. If you cannot find that line, install cracklib with `sudo apt-get install libpam-cracklib`.
1. Add `ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-` to the end of that line.
1. Add `ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1` to the end of that line.
3. Implement an account lockout policy.
1. Open `/etc/pam.d/common-auth`.
2. Add `deny=5 unlock_time=1800` to the end of the line with `pam_tally2.so` in it.
Expand All @@ -76,18 +78,17 @@ To edit files, run `gedit`, a graphical editor akin to notepad; `nano`, a simple
In the GUI set Update Manager->Settings->Updates->Check for updates:->Daily.

1. Secure ports
1. `sudo ss -ln`
1. If a port has `127.0.0.1:$port` in its line, that means it's connected to loopback and isn't exposed. Otherwise, there should only be ports which are specified in the readme open (but there probably will be tons more).
1. For each open port which should be closed:
1. `sudo lsof -i :$port`
1. `sudo netstat -ntulp`
4. If a port has `127.0.0.1:$port` in its line, that means it's connected to loopback and isn't exposed. Otherwise, there should only be ports which are specified in the readme open (but there probably will be tons more).
5. For each open port which should be closed:
1. Copy the program which is listening on the port.
`whereis $program`
1. Copy where the program is (if there is more than one location, just copy the first one).
`dpkg -S $location`
1. This shows which package provides the file (If there is no package, that means you can probably delete it with `rm $location; killall -9 $program`).
`sudo apt-get purge $package`
1. Check to make sure you aren't accidentally removing critical packages before hitting "y".
1. `sudo ss -l` to make sure the port actually closed.
1. `sudo netstat -ntulp` to make sure the port actually closed.

1. Secure network
1. Enable the firewall
Expand Down