Home About Free eBooks Discussion Deals Donate Join TecMint Linux Online Courses

Subscribe Linux Hosting Free WordPress Setup

News Linux Distros Interview Questions Programming Linux Commands Linux Tricks

Best Linux Tools Certifications Guides Monitoring Tools

SECURITY 1

The Mega Guide to Hardening and Securing

CentOS 7 Part 2
by Matei Cezar | Published: May 20, 2016 | Last Updated: May 20, 2016
open in browser PRO version Are you a developer? Try out the HTML to PDF API pdfcrowd.com
 AdChoices Centos Linux Free Linux Rhel Linux Cloud

Download Your Free eBooks NOW - 10 Free Linux eBooks for Administrators | 4 Free Shell Scripting eBooks

Continuing the previous tutorial on how to secure CentOS 7, in this article well SHARE
discuss other security tips that will be presented on the below checklist.
+

20

21

Hardening and Securing of CentOS 7 Server 1
comment
Requirements
open in browser PRO version Are you a developer? Try out the HTML to PDF API pdfcrowd.com
 The Mega Guide To Harden and Secure CentOS 7 Part 1

21. Disable Useless SUID and SGID Commands

If the setuid and setgid bits are set on binary programs, these commands can run
tasks with other user or group rights, such as root privileges which can expose
seriously security issues.

Often, buffer overrun attacks can exploit such executables binaries to run
unauthorized code with the rights of a root power user.

# find / -path /proc -prune -o -type f \( -perm -4000 -o -perm -200

0 \) -exec ls -l {} \;

To unset the setuid bit execute the below command:

# chmod u-s /path/to/binary_file

open in browser PRO version Are you a developer? Try out the HTML to PDF API pdfcrowd.com
 AdChoices

Linux Download

Linux Centos Server

To unset the setgid bit run the below command:

# chmod g-s /path/to/binary_file

22. Check for Unowned Files and Directories

Files or directories not owned by a valid account must be deleted or assigned with
permissions from a user and group.

Issue the below command to list files or directories with no user and group.

# find / -nouser -o -nogroup -exec ls -l {} \;

23. List World-Writeable Files

open in browser PRO version Are you a developer? Try out the HTML to PDF API pdfcrowd.com
 Keeping word-writable file on the system can be dangerous due to the fact that
anyone can modify them. Execute the below command in order to display word-
writeable files, except Symlinks, which are always world-writeable.

# find / -path /proc -prune -o -perm -2 ! -type l ls

24. Create Strong Passwords

Create a password of minimum of eight characters. The password must contain
digits, special characters and uppercase letters. Use pwmake to generate a
password of 128 bits from /dev/urandom file.

# pwmake 128

25. Apply Strong Password Policy

Force the system to use strong passwords by adding the below line in
/etc/pam.d/passwd file.

open in browser PRO version Are you a developer? Try out the HTML to PDF API pdfcrowd.com
 password required pam_pwquality.so retry=3

Adding the above line, the password entered cannot contain more than 3 characters
in a monotonic sequence, such as abcd, and more than 3 identical consecutive
characters, such as 1111.

To force users to use a password with a minimum length of 8 characters, including

all classes of characters, strength-check for character sequences and consecutive
characters add the following lines to the /etc/security/pwquality.conf file.

minlen = 8
minclass = 4
maxsequence = 3
maxrepeat = 3

Page 1 of 4

1 2 3 ... Last

open in browser PRO version Are you a developer? Try out the HTML to PDF API pdfcrowd.com
 If You Appreciate What We Do Here On TecMint, You
Should Consider:
1. Stay Connected to: Twitter | Facebook | Google Plus

2. Subscribe to our email updates: Sign Up Now

3. Use our Linode referral link if you plan to buy VPS (it starts at only
$10/month).
4. Support us via PayPal donate - Make a Donation
5. Support us by purchasing our premium books in PDF format.

6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Tags: centos 7

Matei Cezar View all Posts

open in browser PRO version Are you a developer? Try out the HTML to PDF API pdfcrowd.com
 I'am a computer addicted guy, a fan of open source and linux based system

software, have about 4 years experience with Linux distributions desktop, servers and bash
scripting.

Your name can also be listed here. Got a tip? Submit it here to become
an TecMint author.

Receive Your Free Complimentary eBook NOW! - Securing & Optimizing Linux: The Hacking
Solution (v.3.0)

Download Free Linux eBooks

open in browser PRO version Are you a developer? Try out the HTML to PDF API pdfcrowd.com
 PREVIOUS STORY NEXT STORY

Free Ebook: Introducing Understanding Docker Deal: The Complete Android Developer Course
Containers Guide Build The Next Instagram or Uber

YOU MAY ALSO LIKE...

13 11 4

Single User Mode: 7 Tools to Encrypt/Decrypt and The Mega Guide To Harden
Resetting/Recovering Password Protect Files in and Secure CentOS 7 Part 1
Forgotten Root User Account Linux 17 MAY, 2016
Password in RHEL/CentOS 7 6 APR, 2015
20 MAR, 2015

open in browser PRO version Are you a developer? Try out the HTML to PDF API pdfcrowd.com
 1 RESPONSE

Comments 1 Pingbacks 0

Milan May 24, 2016 at 3:49 pm

Thank you. Nice tips.
Reply

GOT SOMETHING TO SAY? JOIN THE DISCUSSION.

Comment

Name * Email *

Website

open in browser PRO version Are you a developer? Try out the HTML to PDF API pdfcrowd.com
 Notify me of followup comments via e-mail. You can also subscribe without commenting.

Post Comment

LINUX MONITORING TOOLS LINUX INTERVIEW QUESTIONS OPEN SOURCE TOOLS

How to Add Windows Host to
Nagios Monitoring Server
22 NOV, 2013
CloudStats.me Monitors Your
Linux Servers and Websites from
the Cloud
25 JUL, 2014
How to Install atop to Monitor
Logging Activity of Linux
open in browser PRO version Are you a developer? Try out the HTML to PDF API
10 VsFTP (Very Secure File
Transfer Protocol) Interview
Questions and Answers
3 FEB, 2014
10 Useful Interview Questions
and Answers on Linux
Commands
21 JUL, 2014
Practical Interview Questions
Install Drupal 7.22 (Content
Management Framework (CMF)
in on RHEL, CentOS & Fedora
29 JUL, 2013
fpaste A Tool for Sharing
Errors and Commandline Output
to Pastebin
22 JAN, 2016
Scrot: A Command Line Tool to
pdfcrowd.com
 System Processes and Answers on Linux Shell Take Desktop/Server
24 APR, 2015 Scripting Screenshots Automatically in
7 JUN, 2014 Linux
Install Htop 2.0 Linux Process 30 APR, 2014
Monitoring for RHEL, CentOS & 10 Useful Interview Questions
Fedora on Linux Services and Daemons Fabric Automate Your Linux
11 FEB, 2016 10 MAR, 2014 Administration Tasks and
Application Deployments Over
SSH
18 NOV, 2015

Donate to TecMint Contact Us Advertise on TecMint Linux Services Copyright Policy

Privacy Policy Career Linux Admin Jobs

Tecmint: Linux Howtos, Tutorials & Guides 2016. All Rights
Reserved.
This work is licensed under a (cc) BY-NC
The material in this site cannot be republished either online or
offline, without our permission.
Preparation for the LFCS (Linux Foundation Certified SysAdmin) Exam

open in browser PRO version Are you a developer? Try out the HTML to PDF API pdfcrowd.com