Skip to content

General Linux Security

November 4, 2007

General Linux Security

Level Keamanan :

  • Kemananan fisik

    • Ruangan khusus (separated, above
      floor)

    • listrik & AC stabil

    • pintu ruangan khusus (Kunci,
      access badge, finger print, dll)

    • satuan pengamanan
      (security/satpam)

    • Level keamanan ruangan

  • Keamana Bios Komputer

    • Password yang baik

      ( min 6 chars, not general &
      prvacy, mix alphabhet, number, special char)

    • no boot from removable device

    • kunci/gembok casing/rack komputer

  • Kemanan boot loader

    • password boot loader (clear
      text/enkripsi)

    • timeout yang cepat

    • no boot from single user mode.

      /etc/inittab tambahkan

      # Single user mode

      ~~:S:wait:/bin/sh >> bila
      diberi tanda “#”, tidak bisa masuk ke level 1

      ~~:S:wait:/bin/false >>>
      tambahkan (bila masuk failsafe, tetap dipaksa masuk ke level 5,
      atau dilarang masuk ke level 1)

      ~~:S:wait:/sbin/sulogin >>>
      masuk ke level 1 dengan password

  • keamanan authentikasi user

    • shadow password

      /etc/passwd. isi filenya ada di
      /etc/shadow

      pwunconf untuk menyimpan password di
      /etc/passwd, bukan di /etc/shadow

      pwconf untuk menyimpan password di
      /etc/shadow kembali

  • kemananan login terminal

    • restriksi root login di konsole

      /etc/securetty

      beri tanda “#” selain tty1,
      berfungsi untuk melarang konsole lain di pc lokal

    • subtitute user (su)

      /etc/pam.d/su

#%PAM-1.0

auth
sufficient pam_rootok.so

# Uncomment the
following line to implicitly trust users in the “wheel”
group.

#auth
sufficient pam_wheel.so trust use_uid

# Uncomment the
following line to require a user to be in the “wheel”
group.

auth
required pam_wheel.so group=siswa13

user=siswa13

hanya memberikan
akses su kepada grup siswa13 dan user siswa13.

    • sudo (subtitute user do)

    • disable ctrl+alt+del

notes :

/etc/lilo.conf

# File generated by DrakX/drakboot

# WARNING: do not forget to run lilo
after modifying this file

default=”linux”

boot=/dev/hda

map=/boot/map

keytable=/boot/us.klt

menu-scheme=wb:bw:wb:bw

compact

prompt

nowarn

timeout=100

message=/boot/message

password= password >> pemberian
password pada lilo

image=/boot/vmlinuz

label=”linux”

root=/dev/hda6

[root@lp3tnf13 ~]# lilo >> untuk
mengaktifkan lilo

Added linux *

Added linux-nonfb

Added failsafe

Added windows

[root@lp3tnf13 ~]# grub-install
/dev/hda >>> untuk mengaktifkan grub kembali.

SHARING SSH KEY

buat file ssh key

[siswa13@lp3tnf13 ~]$ ssh-keygen -t dsa
-f .ssh/id_dsa

Generating public/private dsa key pair.

Enter passphrase (empty for no
passphrase):

Enter same passphrase again:

Your identification has been saved in
.ssh/id_dsa.

Your public key has been saved in
.ssh/id_dsa.pub.

The key fingerprint is:

7c:e9:0b:e3:8b:35:99:88:98:d9:48:32:a7:2e:95:e3
siswa13@lp3tnf13

copy ke tujuan

[siswa13@lp3tnf13 ~]$ scp
.ssh/id_dsa.pub siswa10@192.168.1.10:~/.ssh/

Warning: Permanently added
‘192.168.1.10’ (RSA) to the list of known hosts.

siswa10@192.168.1.10’s password:

scp: /home/siswa10/.ssh/: Is a
directory

[siswa13@lp3tnf13 ~]$ scp
.ssh/id_dsa.pub siswa10@192.168.1.10:~/.ssh/

siswa10@192.168.1.10’s password:

id_dsa.pub
100% 606 0.6KB/s 00:00

ssh ke tujuan lalu masukkan
id_dsa.pub ke authorized_keys, dan chmod 640 file tersebut.

[siswa10@lp3tnf10 ~]$ cd .ssh/

[siswa10@lp3tnf10 .ssh]$ ls

id_dsa.pub known_hosts

[siswa10@lp3tnf10 .ssh]$ cat id_dsa.pub
/>> authorized_keys

[siswa10@lp3tnf10 .ssh]$ chmod 640
authorized_keys

[siswa10@lp3tnf10 .ssh]$ ssh
siswa13@192.168.1.13

Warning: Permanently added
‘192.168.1.13’ (RSA) to the list of known hosts.

From → Linux

2 Comments
  1. oh, man. i wish I could read the bylines. the codes are all right but the explanations are lost along the way. nothing personal or racist. thanks.

  2. Insya Alloh bermanfaat…selamat berkarya terus

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: