De acordo com as Leis 12.965/2014 e 13.709/2018, que regulam o uso da Internet e o tratamento de dados pessoais no Brasil, ao me inscrever na newsletter do portal DICAS-L, autorizo o envio de notificações por e-mail ou outros meios e declaro estar ciente e concordar com seus Termos de Uso e Política de Privacidade.
Colaboração: Jeancarlo Silva
Data de Publicação: 04 de Maio de 2009
Hardening são técnicas para se aumentar a segurança de um sistema operacional. O Bastille é um programa, cuja finalidade é fazer hardening através de configuração do SO e algumas aplicações.
apt-get install bastille
bastille -c
Serão exibidas algumas perguntas que você deverá responder Y (Sim) ou N
(Não). O valor exibido entre colchetes é o que será aplicado por padrão.
Would you like to set more restrictive permissions on the administration utilities? [N] Would you like to disable SUID status for mount/umount? Would you like to disable SUID status for ping? [Y] Would you like to disable SUID status for at? [Y] Should Bastille disable clear-text r-protocols that use IP-based authentication? [Y] Would you like to enforce password aging? [Y] Would you like to restrict the use of cron to administrative accounts? [Y] Do you want to set the default umask? [Y] Should we disallow root login on all ttys? [N] Would you like to password-protect the GRUB prompt? [N] Would you like to disable CTRL-ALT-DELETE rebooting? [N] Would you like to password protect single-user mode? [Y] Would you like to set a default-deny on TCP Wrappers and xinetd? [N] Should Bastille ensure the telnet service does not run on this system? [y] Should Bastille ensure inetd's FTP service does not run on this system? [y] Would you like to display "Authorized Use" messages at log-in time? [Y] Would you like to disable the gcc compiler? [N] Would you like to put limits on system resource usage? [N] Should we restrict console access to a small group of user accounts? [N] Would you like to add additional logging? [Y] Would you like to disable printing? [N] Would you like to install TMPDIR/TMP scripts? [N] Would you like to run the packet filtering script? [N]
A última pergunta é se você quer salvar as configurações:
Are you finished answering the questions, i.e. may we make the changes?
Fazer um bom hardening de um sistema é muito complexo. É preciso ter um bom conhecimento do sitema operacional e conhecer suas particularidades. Com o Bastille, alguns serviços ficarão mais protegidos mas ainda assim é essencial ter boas regras de firewall e manter seu sistema atualizado.
Jeancarlo Silva é estudande de segurança da informação da Unisinos. Atualmente trabalha com virtualização e como administrador de rede. Seu site: www.jeancarlosilva.com.br
This policy contains information about your privacy. By posting, you are declaring that you understand this policy:
This policy is subject to change at any time and without notice.
These terms and conditions contain rules about posting comments. By submitting a comment, you are declaring that you agree with these rules:
Failure to comply with these rules may result in being banned from submitting further comments.
These terms and conditions are subject to change at any time and without notice.
Comentários