Security Check Lists on AWS and Linux Servers.

By | April 13, 2019
0 Comment

We already have a blog on AWS Security Best Practices which is much in details and theoretical. You can refer that blog from here. I’m writing this blogs to to easily identify the contents in a form of checklists.

This article will also cover server level security checklists as well. Security checklists has been categorized based on the AWS Services for ease.

IAM:

  • Identify the API credentials Permissions: Make sure the API credentials is having least permission only specific to the application need
  • Check for active API credentials: Make sure API credentials is inactive if not in use
  • Enforce MFA: Enforce MFA on APIs whether access is through the console or via APIs.
  • Unused API keys and IAM users: Delete API keys immedietly is not in use or an employee left organization
  • Provision access to resources using IAM roles: make sure to use roles rather than using API credentials
  • Disable root API access keys and secret key: Check if not
  • Permissions Granted To IAM Users: Verifies that permissions are granted to groups, not directly to users.
  • IAM Users That Do Not Belong To Groups: Verifies that all users belong to an IAM User Group.
  • IAM Users Not Using Multi-Factor Authentication: Ensures users have Multi-Factor Authentication device attached to their account credentials.
  • IAM Access Keys That Needs To Be Rotated: Checks each IAM Access Key to see if any are older than 90 days.
  • Passwords Not Reset For > 90 Days: Displays an alert showing any IAM user with an active password older than 90 days.
  • IAM user passwords can be forced to comply with a policy IAM user: passwords can be forced to comply with a policy you define (that is, you can require minimum password length or the use of non-alphanumeric characters etc).
  • Passwords Not Reset For > 90 Days: Displays an alert showing any IAM user with an active password older than 90 days.
  • IAM User Configuration: Check the the service management is not down from the root account. Must have IAM users
  • Least IAM Privileged: Check Users does not have permissions related to services they are not using
  • IAM Admin User Password Changed: Checks if any IAM Admin user passwords have changed within a configurable time period.
  • IAM Password Policy Disabled: Verifies that IAM has a Password Policy enabled.
  • No IAM Administrators Group Found: Verifies that an IAM Group is established for Administrators.
  • Stale IAM Admin: Remove any admin IAM user who are not active from last 180 days
  • Root Account Has Access Keys: Checks to see if Access Keys have been granted to the Root user account
  • Cross account access: users from one account might need to access resources in the other account, so they can use cross region switch role policy to manage multiple AWS accounts.
  • Identity federation: Users might already have identities outside of AWS, such as in your corporate directory. However, those users might need to work with AWS resources.
  • least privilege: checks using IAM user Access Advisor Regularly run least privilege checks using IAM user Access Advisor and IAM user Last Used Access

S3:

  • S3 Buckets That Allow Authenticated Users To Access Billing Report Log Files : Checks each S3 bucket to see if any allow Authenticated Users to access Billing Report log files.
  • S3 Buckets That Allow Authenticated Users To Access CloudFront Log Files : Checks each S3 bucket to see if any allow Authenticated Users to access CloudFront Logs.
  • S3 Buckets That Allow Authenticated Users To Access CloudTrail Log Files : Checks each S3 bucket to see if any allow Authenticated Users to access CloudTrail Logs.
  • S3 Buckets That Allow Everyone Access to Billing Reports : Checks each S3 bucket containing billing reports to see if any have ‘List’ permission set to Everyone.
  • S3 Buckets That Allow Everyone Access to CloudFront Log Files : Checks each S3 bucket containing CloudFront logs to see if any have ‘List’ permission set to Everyone.
  • S3 Buckets That Allow Everyone Access to CloudTrail Log Files : Checks each S3 bucket containing CloudTrail logs to see if any have ‘List’ permission set to Everyone
  • S3 Buckets With ‘Edit Permission’ Permission Set To Authenticated Users : Checks each S3 bucket to see if any have ‘Edit Permissions’ permission set to ‘Authenticated Users’.
  • S3 Buckets With ‘Edit Permissions’ Permission Set To Everyone : Checks all S3 buckets to see if any have Edit Permissions permissions granted to Everyone.
  • S3 Buckets Not Enforcing Server-Side Encryption : Checks each S3 bucket to see if any have a policy forcing all objects to use server-side encryption.
  • S3 Buckets Not Utilizing KMS Keys For Encryption : Checks each S3 bucket to see if any have a policy forcing all objects to use KMS keys for encryption.
  • S3 Buckets Not Utilizing Network Encryption : Checks each S3 bucket to see if any are enforcing encryption of data over the network.
  • S3 Buckets With Logging Not Enabled : Verifies that logging is enabled on all S3 buckets.
  • S3 Buckets With Any Permission Set To Authenticated Users : Checks each S3 bucket to see if any have permissions set to ‘Authenticated Users’.
  • S3 Buckets With Any Permission Set To Everyone : Checks all S3 buckets to see if any have any permissions granted to Everyone.
  • S3 Buckets With ‘List’ Permission Set To Authenticated Users : Checks each S3 bucket containing billing reports to see if any have ‘List’ permission set to Authenticated Users.
  • S3 Buckets With ‘List’ Permission Set To Everyone : Checks all S3 buckets to see if any have List permissions granted to Everyone.
  • S3 Buckets With ‘View Permissions’ Permission Set To Authenticated Users : Checks each S3 bucket to see if any have ‘View Permissions’ permission set to ‘Authenticated Users’.
  • S3 Buckets With ‘View Permissions’ Permission Set To Everyone : Checks all S3 buckets to see if any have View Permissions permissions granted to Everyone.
  • S3 Buckets That Allow Authenticated Users To Access S3 Log Files : Checks each S3 bucket to see if any allow Authenticated Users to S3 log files.
  • S3 Buckets That Allow Everyone Access to S3 Log Files : Checks each S3 Bucket containing S3 log files to see if any have ‘List’ Permission set to Everyone.
  • S3 Buckets With ‘Upload/Delete’ Permission Set To Authenticated Users : Checks each S3 bucket to see if any have ‘Upload/ Download’ permissions set to ‘Authenticated Users
  • S3 Buckets With ‘Upload/Delete’ Permission Set To Everyone : Checks all S3 buckets to see if any have Upload/Delete permissions granted to Everyone.
  • S3 Public Sensitive Objects Stored : Checks for any potentially sensitive objects stored within S3 buckets that have permissions set to Everyone.
  • Sensitive Directory Publicly Accessible In S3 : Checks for publicly accessible ‘dot’ directories within S3.
  • S3 data deletion: Use MFA for S3 image deletion or any other sensitive data.

Security Groups:

  • EC2-VPC Security Groups Inbound Rules Allowing Traffic From Any IP Address : Checks each VPC security group to see if it allows inbound traffic from any IP address.
  • EC2-VPC Security Groups Inbound Rules Set To All Ports : Checks each VPC security group to see if it allows inbound traffic from all ports.
  • EC2-Classic Security Groups Inbound Rules Allowing Traffic from All IPs and All Ports : Checks each EC2 Security Group to see if any are open to all IP addresses and all ports.
  • EC2-Classic Security Groups Inbound Rules Allowing Traffic from Any IP Address : Checks each EC2 security group to see if it allows inbound traffic from any IP address.
  • EC2-Classic Security Groups Inbound Rules Allowing Traffic From Broad IP Ranges : Checks each EC2 Security Group to see if any allow access to a broad IP range.
  • EC2-Classic Security Groups Inbound Rules Set To All IPs And All Ports : Checks each EC2-Classic security group to see if it allows inbound traffic from all IPs and all ports.
  • EC2-Classic Security Groups Inbound Rules Set To All Ports : Checks each EC2 security group to ensure they do not allow traffic from all ports.
  • EC2-Classic Security Groups Inbound Rules With Dangerous Ports Exposed : Checks each EC2 security group to ensure it does not allow traffic from dangerous ports.
  • EC2-Classic Security Groups Inbound Rules With Possible CIDR Prefix Mistake : Checks each EC2 security group to see if any might have been inadvertently set to use a CIDR routing prefix of /0.
  • EC2-Classic Security Groups Inbound Rules With Potentially Dangerous Ports Exposed : Checks each EC2 security group to ensure it does not allow traffic from potentially dangerous ports.
  • EC2-VPC Security Groups Inbound Rules Set To All IPs And All Ports : Checks each VPC security group to see if it allows inbound traffic from all IPs and all ports.
  • EC2-VPC Security Groups Inbound Rules With Potentially Dangerous Ports Exposed : Checks each VPC security group to see if it allows inbound traffic from a potentially dangerous port.
  • EC2-VPC Security Groups Outbound Rules Allowing Traffic From Any IP Address : Checks each VPC security group to see if it allows outbound traffic from any IP address.
  • EC2-VPC Security Groups Outbound Rules Set To All IPs And All Ports : Checks each VPC security group to see if it allows outbound traffic from all IPs and all ports.
  • EC2-VPC Security Groups Outbound Rules Set To All Ports : Checks each VPC security group to see if it allows outbound traffic from all ports.
  • EC2-VPC Security Groups Outbound Rules With Dangerous Ports Exposed : Checks each VPC security group to see if it allows outbound traffic from a dangerous port.
  • EC2-VPC Security Groups Outbound Rules With Potentially Dangerous Ports Exposed : Checks each VPC security group to see if it allows outbound traffic from a potentially dangerous port.
  • EC2-VPC Security Groups With Possible CIDR Prefix Mistake : Checks each EC2-VPC security group to see if any might have been inadvertently set to use a CIDR routing prefix of /0.
  • EC2-VPC Security Groups Inbound Rules Allowing Traffic From Broad IP Ranges : Checks each VPC security group to see if it allows inbound traffic from a broad IP range.
  • EC2-VPC Security Groups Inbound Rules With Dangerous Ports Exposed : Checks each VPC security group to see if it allows inbound traffic from a dangerous port.
  • EC2-VPC Security Groups Outbound Rules Allowing Traffic From Broad IP Ranges : Checks each VPC security group to see if it allows outbound traffic from a broad IP range.
  • Restrict access to RDS and Application server : Make sure only authorized and frequently access user have permission to login and operate db and app instances
  • Use security groups and NACLs. : Use it with restricted inbound and outbound rules.
  • DB Security Groups Inbound Rules Set To Allow Access To Broad IP Ranges : Check the RDS DB Security Groups and ensure that none are set to broad IP ranges.
  • DB Security Groups Inbound Rules Set To Allow Traffic From Any IP Address : Check the RDS DB Security Groups and ensure that none are set to 0.0.0.0/0. List any that are
  • Use security groups and NACLs. : Use it with restricted inbound and outbound rules.
  • DB Security Groups Inbound Rules Set To Allow Access To Broad IP Ranges : Check the RDS DB Security Groups and ensure that none are set to broad IP ranges.
  • DB Security Groups Inbound Rules Set To Allow Traffic From Any IP Address : Check the RDS DB Security Groups and ensure that none are set to 0.0.0.0/0. List any that are
  • DB Security Groups Inbound Rules With Possible CIDR Prefix Mistake : Checks each DB security group to see if any might have been inadvertently set to use a CIDR routing prefix of /0.
  • Use security groups and NACLs. : Use it with restricted inbound and outbound rules.
  • number of discrete security groups: Check and Minimize the number of discrete security groups.

NACL’s:

  • Restrict access to RDS and Application server : Make sure only authorized and frequently access user have permission to login and operate db and app instances
  • Use security groups and NACLs. : Use it with restricted inbound and outbound rules.
  • Use security groups and NACLs. : Use it with restricted inbound and outbound rules.
  • Use security groups and NACLs. : Use it with restricted inbound and outbound rules.
  • Ineffective Network ACL Deny Rule : Checks each Network ACL rule with ‘Deny’ permissions to determine their effectiveness
  • Network ACLs Allowing All Inbound Traffic : Checks each Network ACL rule to see if any are allowing inbound traffic from all ports.
  • Network ACLs Allowing All Outbound Traffic : Checks each Network ACL rule to see if any are allowing outbound traffic from all ports.
  • Blocklisted IP Address in AWS Infrastructure : Detect any IP addresses within your AWS infrastructure that are marked as potentially malicious IP addresses
  • Blocklisted IP Address Making API Calls : Detects API calls originating from a potentially malicious IP address.

RDS

  • Multiple MySQL Vulnerabilities : Checks for any MySQL DB Instances that have not been patched with the Critical Patch Update.
  • MySQL Vulnerability (CVE-2012-1702 – DoS) : Checks for any MySQL DB Instances that have not been patched for the vulnerability CVE-2012-1702.
  • MySQL Vulnerability (CVE-2012-2122 – Incorrect Passwords Authenticated : Check each MySQL database to ensure it does not contain the CVE-2012-2122 vulnerability that allows attackers to bypass its password verification.
  • MySQL Vulnerability (CVE-2013-0383 – DoS In Server Locking) : Checks for any MySQL DB Instances that have not been patched for the vulnerability CVE-2013-0383.
  • Rotate DB Credentials : Check and Rotate DB Credentials Periodically.
  • Publicly Accessible RDS DB Instances : Checks each RDS DB Instance to find any that are publicly accessible.
  • Publicly Accessible RDS DB Instances With Open Security Group : Checks each RDS DB Instance to find any that are publicly accessible and have an open security group.
  • RDS DB Instances With MySQL Security Alert : Check each MySQL database to ensure it does not contain the CVE-2014-6491, CVE-2014-6494, CVE-2014-6500, or CVE-2014-6559 vulnerability.
  • RDS encryption: Check and encrypt the RDS for super critical data.

CloudTrail:

  • CloudTrail Unauthorized Access Attempts : Checks your Trails to locate any attempts to access a resource that are unauthorized.
  • Regions Without CloudTrail Enabled : Checks that CloudTrail is configured within each region where it’s available.
  • CloudTrail Access Outside of Normal Business Hours : Checks your Trails to see if anyone is interacting with your AWS account outside of normal business hours.
  • CloudTrail Access From A New Location : Checks your Trails to see if your account has been accessed from a new country.
  • Event In CloudTrail That Disabled CloudTrail : Checks the CloudTrail logs to see if any CloudTrails have been disabled.
  • CloudTrail Aggregate Buckets Not Set To Read-Only : Checks if any aggregated CloudTrail buckets have non-read permissions to users outside the local account.
  • CloudTrail Delivery Failing : Checks the delivery of the CloudTrail log files to ensure they are not failing.
  • CloudTrail Include Global Services enabled in multiple regions : Checks to verify that only a single CloudTrail is configured to include global services events.
  • CloudTrail Include Global Services Not Enabled : Displays an alert if CloudTrail Global Service Events is not enabled.
  • CloudTrail Notification Failing : Checks the SNS Notifications being sent from CloudTrail to ensure they are not failing.
  • CloudTrail SNS Topic Missing : Checks each CloudTrail to ensure they are not configured with a missing SNS Topic.

SNS

  • SNS Subscriptions not using HTTPS: Checks each SNS Subscription to find any that are not using HTTPS
  • SNS Topic not set to Limit Subscriptions to HTTPS: Checks each SNS Topic to find any that are not limiting subscriptions to HTTPS
  • SNS Topic not using HTTPS: Checks each SNS Topic to find any that are not using HTTPS
  • SNS Topic With Permission Set To Everyone: Checks all SNS Topics to see if any have permissions granted to Everyone. 

VPC

  • EC2 Instances That Are Not Isolated Within A VPC: Checks each EC2 Instance to see which are not running within a VPC.
  • Number Of ElastiCache Clusters That Are Not Isolated Within A VPC: Checks each ElastiCache Cluster to identify any which may not be isolated within a VPC.
  • Number Of RDS DB Instances That Are Not Isolated Within A VPC: Checks each RDS DB Instance to see which are not running within a VPC.
  • Number Of Redshift Clusters That Are Not Isolated Within A VPC: Checks each Redshift Cluster to identify any which may not be isolated within a VPC.
  • Use Virtual Gateway (VGW): Use Virtual Gateway (VGW) where Amazon VPC-based resources require remote network connectivity.
  • Enable VPC Flow Logs: VPC Flow Logs provides further visibility as it enables you to capture information about the IP traffic going to and from network interfaces in your VPC.
  • Use of Direct Connect: With AWS Direct Connect, you can establish a connection to your Amazon VPC using private peering with AWS over dedicated links, without using the Internet.
  • VPN solutions. Build Custom user VPN Solutions

AWS Config:

  • AWS Config Not Enabled : Checks to see if AWS Config is enabled in any region in your account.
  • Regions Without AWS Config Enabled : Checks each region that supports AWS Config to ensure it is enabled.
  • AWS Config Delivery Failing : Checks to see if AWS Config has encountered an error trying to deliver log files to S3.
  • AWS Config S3 Bucket Missing : Checks each AWS Config configuration to ensure it is properly configured with an S3 bucket for log delivery.
  • AWS Config SNS Topic Missing : Checks to see if AWS Config has been configured to deliver messages via an SNS Topic.

Redshift:

  • Publicly Accessible Redshift Clusters : Checks each Redshift cluster to find any that are publicly accessible.
  • Publicly Accessible Redshift Clusters With Open Security Group : Checks each Redshift cluster to find any that are publicly accessible and have an open security group.
  • Redshift Clusters Without Data-At-Rest Encrypted : Checks each redshift cluster to determine the encryption status of the data at rest.
  • Redshift Security Groups Inbound Rules Allowing Traffic From Any IP Address : Checks each Redshift security group to see if it allows outbound traffic from any IP address.
  • Redshift Security Groups Inbound Rules Allowing Traffic From Broad IP Ranges : Checks each Redshift security group to see if it allows inbound traffic from a broad IP range
  • Redshift Security Groups With Possible CIDR Prefix Mistake : Checks each Redshift security group to see if any might have been inadvertently set to use a CIDR routing prefix of /0.

EMR

  • Long Running Elastic MapReduce Cluster Need Role: Checks to see which Long Running Elastic MapReduce clusters still need associated roles.
  • Elastic MapReduce Clusters scheduled from Data Pipeline Need IAM Roles: Find any recurring Elastic MapReduce Clusters that are not properly associated with an IAM role.

Workspace

  • WorkSpace Failed Logins: Finds any WorkSpace with more than 10 failed login attempts within the last 48 hours. 

SQS

  • SQS Queue Access Granted To User In A Different AWS Account: Checks all SQS Queues to see if any have permissions granted to users in a different AWS account.
  • SQS Queue With Permission Set To Everyone: Checks all SQS Queues to see if any have permissions granted to Everyone.

General Considerations and Password.

  • Root User Accessing AWS Account : Checks to see if anyone is using the Root user to access your AWS account.
  • Root AWS Account Not enabled with Multi-Factor Authentication : Verifies that the Root AWS Account has Multi-Factor Authentication (MFA) enabled.
  • Preventing or detecting when an AWS account that has been compromised. : Take necessary action when suspecting that the AWS Account is compromised
  • privileged or regular AWS user behaving in an insecure manner. : Preventing or detecting a privileged or regular AWS user behaving in an insecure manner.
  • sensitive data upload from application : Preventing sensitive data from being uploaded to or shared from applications in an inappropriate manner
  • AWS services Configuration in an in-secure manner. : Check whether the services configured are secured or not, find out if exposing to any potential threats
  • Restricted priviledge to AWS Services and Application : Restricting access to AWS services or custom applications to only those users who require it.
  • Updating Guest Operating Systems and applying security patches : Check for the Security patches and apply it periodically
  • Use of AWS Services and custom applications : Ensuring AWS and custom applications are being used in a manner compliant with internal and external policies
  • network security : Ensuring network security (DoS, MITM, port scanning)
  • access to common administrative ports : Limited access to common administrative ports to only a small subset of addresses. This includes ports 22 (SSH), 23 (Telnet) 3389 (RDP), and 5500 (VNC).
  • access to common database ports. : Limited access to common database ports. This includes ports 1433 (MSSQL Server), 1434 (MSSQL Monitor), 3306 (MySQL), Oracle (1521) and 5432 (PostgreSQL).
  • Delete unused SSH Public Keys. : Identify and remove the unused public key from the ec2 instances.
  • Avoid usage of shared credentials : It strongly discourage the use of shared user identities, where multiple entities share the same credentials
  • Use Separate Server users : Create separate server user and provide sudo access.
  • Users who access Windows Terminal Services : Use RDP as RDP connection is by default encrypted.
  • Expiring SSL Certificates : Checks all the SSL Certificates within AWS to see if any are nearing expiration or have already expired.
  • Failed Management Console Login Attempts : Checks to see if there were any failed AWS console login attempts.
  • Launch instances from trusted AMIs only. : Trusted AMIs include the standard Windows and Linux AMIs provided by
  • AWS and AMIs from trusted third parties. Launching an untrusted third-party AMI can compromise and infect your entire cloud environment.
  • plan routing and server placement in public and private subnets. : Carefully plan routing and server placement in public and private subnets.
  • Publicly Accessible AMIs : Check each AMI to see if any are publicly available. Lists all of those that are.
  • Only install and run trusted software from a trusted software provider. : Only install and run trusted software from a trusted software provider. A trusted software provider is one who is well regarded in the industry, and develops software in a secure and responsible fashion, not allowing malicious code into its software packages.
  • Disable root user access to server. : Check sshd config files on the server and make sure it does not allow the logon of root user.
  • Blocklisted IP Address Logging Into Console : Detect Console Login attempts from potentially malicious IP addresses.
  • All types of attack : Host-based or inline IDS/IPS systems
  • Protect Infastructure from malwares : Protect your systems in the cloud as you would protect a conventional infrastructure from threats such as viruses, worms, Trojans, rootkits, botnets, and spam.
  • HTTPS for Cloudfront : When using CloudFront, ensure CloudFront distributions use HTTPS.
  • Enforce SSL connections : Enforce SSL connections 
    Elastic Load Balancers Using An Unencrypted Protocol (SSL) : Ensures that all Elastic Load Balancers are utilizing an encrypted protocol.
  • delete all shell history : Securely delete all shell history and system log files containing sensitive data.
  • Restrict access to Amazon Machine Images (AMIs). : provide restricted access to AMI’s
  • Use of AntiVirus Software : Check if applicable, use trusted Anti Virus Software.
  • Infrastructure testing : Ensure that the infrastructure is tested regularly.
  • Protocol sanity attacks, Unauthorized user access : Use of Web application firewalls (WAF)
  • ICMP flooding Application request flooding : Traffic shaping/rate limiting
  • TCP SYN flooding : Traffic shaping/rate limiting
    Perform data integrity checks : Perform data integrity checks, such as Message Authentication Codes (SHA-1/SHA-2), or Hashed Message Authentication Codes (HMACs), digital signatures, or authenticated encryption”
  • Data Integraty : Whether or not data is confidential, you want to know that data integrity is not compromised through deliberate or accidental modification.
  • .pem key security : Password protect the .pem file on user machines
  • Use bastion hosts to enforce control and visibility : Use jump server to access your private network.
  • Password Attacks on AWS Management Console : Checks to see if there were more failed AWS console login attempts made against your account.
  • Password Expiration Period : Displays the password expiration period, in days (if enabled for all users). 
  • Password Policy Does Not Require Lowercase Letter : Verifies that the password policy requires at least one lowercase letter.
  • Password Policy Does Not Require Non-Alphanumeric Character : Verifies that the password policy requires at least one non-alphanumeric character. 
  • Password Policy Does Not Require Number : Verifies that the password policy requires at least one number.
  • Password Policy Does Not Require Uppercase Letter : Verifies that the password policy requires at least one uppercase letter. 
  • Password Policy Minimum Length Too Short : Ensures a minimum password length is established in IAM. 
  • Password Policy Setting Enabled: Allow users to change their own password : Verify the Password Policy has been configured to allow users to change their own passwords
  • Use Strong password for IAM user : Make sure to apply password policy to enforce use of Strong password.
  • Use Strong password for any Configured tools or application : Check whether the password used for application or any third party tools used fulfills the password policies.
  • Security Credential Check : Delete Security credentials from HDD and from any configuration file if not required
  • software installed does not use default internal accounts and passwords. : Ensure that software installed does not use default internal accounts and passwords.
  • RDS Database Master Username Is ‘awsuser’ or a simple know words/name : Check the master username on each RDS database instance and verify that it not “awsuser” or any other simple know words
  • Standard naming convention for AWS Resource : Check whether proper naming conventions for aws resources are in place or not for proper identification.

Linux Servers:

OS Level

  • Use the LTS Linux Images (unless you require the latest updates)
  • Before installing software dependencies or upgrades do have a check on the version and security vulnerabilities.
  • Avoid using rolling release modeled Linux distributions.

Users management

  • Restricted access to users or groups
  • Always provide minimum access to users
  • Categorizing Users into respective groups with limited access
  • If necessary apply resource limitations on the group or user
  • where ever applicable create a user to run a particular program or
    software, generally this will be a optional step when installing a software

SSH Keys

  • Deny Root login through ssh
  • Remove Remote ssh login with password
  • Always use different ssh keys to different instances
  • Dont repeat the same ssh keys
  • Different ssh keys for different users ssh access

Sudo access privileges

  • User access can be restricted from /etc/sudoers (where group sudo access can also be implemented)
  • SELinux can be used to tackle unwanted access with programs or software which are run with sudo
  • create different users with restricted sudo access to run the programs.

Package Management

  • Package manager which comes with the distro is generally the best way to install or upgrade software because the version availabe in them are tested and approved for the distro and kernel version you are using.
  • Package managers like snap, conda etc can provide you with stable versions
  • Installing with Source code is recommended if you want the cutting edge latest version

SSH guard installation (Firewall)

  • Intrusion detection and intrusion prevention system on SSH’d (It blacklists the IPS if the recent login attempts matches a particular pattern then it blocks them from iptables or firewall)

Root Password

Instead of passwords use phrases (discussion)

IP Tables

Instead of directly changing iptables, use firewall like firewalld etc which indirectly manages the iptables

 

You May also Like,

AWS Security best Practices


Leave a Reply

Your email address will not be published. Required fields are marked *