January 19, 2010

Securing Ubuntu

Forums: 

I ran Lynis auditing software and it gave me back some things I need to do to my computer. Some of these I just cannot figure out. Can someone please help? Here is the output of Lynis:

-[ Lynis 1.2.9 Results ]-

Tests performed: 160
Warnings:
----------------------------
- [10:46:25] Warning: Couldn't find 2 responsive nameservers [test:NETW-2705] [impact:L]
- [10:46:26] Warning: iptables module(s) loaded, but no rules active [test:FIRE-4512] [impact:L]

Suggestions:
----------------------------
- [10:45:56] Suggestion: Configure password aging limits to enforce password changing on a regular base [test:AUTH-9286]
- [10:45:57] Suggestion: To decrease the impact of a full /tmp file system, place /tmp on a separated partition [test:FILE-6310]
- [10:45:58] Suggestion: Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [test:STRG-1840]
- [10:45:58] Suggestion: Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [test:STRG-1846]
- [10:46:25] Suggestion: Install package apt-show-versions for patch management purposes [test:PKGS-7394]
- [10:46:25] Suggestion: Check your resolv.conf file and fill in a backup nameserver if possible [test:NETW-2705]
- [10:46:26] Suggestion: Disable iptables kernel module if not used or make sure rules are being used [test:FIRE-4512]
- [10:46:26] Suggestion: Configure a firewall/packet filter to filter incoming and outgoing traffic [test:FIRE-4590]
- [10:46:35] Suggestion: Enable logging to an external logging host for archiving purposes and additional protection [test:LOGG-2154]
- [10:46:38] Suggestion: Enable auditd to collect audit information [test:ACCT-9628]
- [10:46:44] Suggestion: Check ntpq peers output for time source candidates [test:TIME-3128]
- [10:46:48] Suggestion: Install a file integrity tool [test:FINT-4350]
- [10:46:52] Suggestion: Harden the system by removing unneeded compilers. This can decrease the chance of customized trojans, backdoors and rootkits to be compiled and installed [test:HRDN-7220]

Click Here!