Tips to Secure Linux Workstation

Tips to Secure Linux Workstation | Ayman Hourieh's Blog: "TCP (not verified) | Some extra thoughts for security | Tue, 2006/03/21 - 11:59am

Just passing through when I saw your thread, great tips I also have a few that people may find useful. If you add this to the end of your /etc/profile file, it will alert you when an account is created. Unfortuntely I haven't been able to verify if this works just yet

if '$UID' > 1000 ; then
echo 'ALERT - New Account Created (MachineName) on:' `date` `who` | mail -s 'New Account Created on (MachineName) `who | cut -d'(' -f2 | cut -d')' -f1`' you@yourdomain.com
fi

Now just modify it a bit to alert you if someone creates an acount that is part of the root group:

if '$GID' == 0 ; then
echo 'ALERT - New Account Created With Root Group Privileges (MachineName) on:' `date` `who` | mail -s 'New Account Created With Root Group Privileges on (MachineName) `who | cut -d'(' -f2 | cut -d')' -f1`' you@yourdomain.com
fi

Add this line to your /etc/hosts.deny file and it will email you if there is a refused connection from the Inetd daemon ( TCP Wrappers):

ALL:ALL:/bin/mail -s %s connection attempt from %c you@yourdomain.com
Read more...