Praji’s Weblog

Welcome to praji’s world

Initial Hardening of the operating system

leave a comment »

Log into each server as root.

Then copy and paste the following to your command line to execute (please double check directory locations as applicable):

userdel adm
userdel lp
userdel shutdown
userdel halt
userdel news
userdel uucp
userdel operator
userdel games
userdel gopher
groupdel adm
groupdel lp
groupdel news
groupdel uucp
groupdel games
groupdel dip
chmod 700 /bin/linuxconf
chmod 750 /bin/mt
chmod 750 /bin/setserial
chmod 750 /sbin/badblocks
chmod 750 /sbin/ctrlaltdel
chmod 750 /sbin/chkconfig
chmod 750 /sbin/debugfs
chmod 750 /sbin/depmod
chmod 6750 /sbin/dump
chmod 750 /sbin/dumpe2fs
chmod 750 /sbin/fdisk
chmod 750 /sbin/fsck
chmod 750 /sbin/fsck.ext2
chmod 750 /sbin/fsck.minix
chmod 750 /sbin/ftl_check
chmod 750 /sbin/ftl_format
chmod 750 /sbin/halt
chmod 750 /sbin/hdparm
chmod 750 /sbin/hwclock
chmod 750 /sbin/ifconfig
chmod 750 /sbin/ifdown
chmod 750 /sbin/ifport
chmod 750 /sbin/ifup
chmod 750 /sbin/ifuser
chmod 750 /sbin/init
chmod 750 /sbin/insmod
chmod 750 /sbin/killall5
chmod 750 /sbin/lilo
chmod 750 /sbin/mingetty
chmod 750 /sbin/mkbootdisk
chmod 750 /sbin/mke2fs
chmod 750 /sbin/mkfs
chmod 750 /sbin/mkfs.ext2
chmod 750 /sbin/mkfs.minix
chmod 750 /sbin/mkfs.msdos
chmod 750 /sbin/mkinitrd
chmod 750 /sbin/mkraid
chmod 750 /sbin/mkswap
chmod 750 /sbin/modinfo
chmod 750 /sbin/modprobe
chmod 2750 /sbin/netreport
chmod 750 /sbin/portmap
chmod 750 /sbin/quotaon
chmod 6750 /sbin/restore
chmod 750 /sbin/runlevel
chmod 750 /sbin/stinit
chmod 750 /sbin/swapon
chmod 750 /sbin/tune2fs
chmod 750 /usr/bin/eject
chmod 4750 /usr/bin/gpasswd
chmod 4755 /usr/bin/lpr
chmod 750 /usr/sbin/atd
chmod 750 /usr/sbin/atrun
chmod 750 /usr/sbin/crond
chmod 750 /usr/sbin/edquota
chmod 750 /usr/sbin/exportfs
chmod 750 /usr/sbin/groupadd
chmod 750 /usr/sbin/groupdel
chmod 750 /usr/sbin/groupmod
chmod 750 /usr/sbin/grpck
chmod 750 /usr/sbin/grpconv
chmod 750 /usr/sbin/grpunconv
chmod 750 /usr/sbin/in.identd
chmod 750 /sbin/klogd
chmod 750 /usr/sbin/logrotate
chmod 2750 /usr/sbin/lpc
chmod 740 /usr/sbin/lpd
chmod 755 /usr/sbin/lsof
chmod 550 /usr/sbin/makemap
chmod 750 /usr/sbin/mouseconfig
chmod 750 /usr/sbin/newusers
chmod 750 /usr/sbin/ntpdate
chmod 750 /usr/sbin/ntpq
chmod 750 /usr/sbin/ntptime
chmod 750 /usr/sbin/ntptrace
chmod 750 /usr/sbin/ntsysv
chmod 750 /usr/sbin/pwck
chmod 750 /usr/sbin/pwconv
chmod 750 /usr/sbin/pwunconv
chmod 550 /usr/sbin/quotastats
chmod 750 /usr/sbin/rdev
chmod 550 /usr/sbin/repquota
chmod 750 /usr/sbin/rpc.mountd
chmod 750 /usr/sbin/rpc.nfsd
chmod 750 /usr/sbin/rpc.rquotad
chmod 750 /sbin/rpc.statd
chmod 750 /usr/sbin/rpcinfo
chmod 750 /usr/sbin/setup
chmod 750 /usr/sbin/showmount
chmod 750 /sbin/syslogd
chmod 750 /usr/sbin/tcpd
chmod 750 /usr/sbin/timeconfig
chmod 750 /usr/sbin/tmpwatch
chmod 750 /usr/sbin/tunelp
chmod 750 /usr/sbin/useradd
chmod 750 /usr/sbin/userdel
chmod 4750 /usr/sbin/userhelper
chmod 750 /usr/sbin/usermod
chmod 4750 /usr/sbin/usernetctl
chmod 750 /usr/sbin/vipw
chmod 755 /bin/mount
chmod 755 /bin/umount
chmod 755 /bin/ping
chmod 755 /usr/bin/at
chmod 0 /usr/bin/rcp
chmod 0 /usr/bin/rlogin
chmod 0 /usr/bin/rsh
chmod 750 /usr/sbin/usernetctl
chmod 755 /usr/sbin/traceroute
chmod 500 /usr/bin/lpr
chmod 500 /usr/bin/lprm
chmod 500 /usr/bin/lpq

Written by praji

June 28, 2008 at 4:15 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: