Agenda Linux security 1. System hardening 2. Technical audits 3. - - PowerPoint PPT Presentation

agenda
SMART_READER_LITE
LIVE PREVIEW

Agenda Linux security 1. System hardening 2. Technical audits 3. - - PowerPoint PPT Presentation

Sep 17, 2023 463 likes •821 views

Agenda Linux security 1. System hardening 2. Technical audits 3. Automation 2 Michael Boelen 3 Linux security Areas Core Resources Services Environment System Hardening Boot Process Accounting Database Forensics Containers

slide-1
SLIDE 1
slide-2
SLIDE 2

Agenda

Linux security

  • 1. System hardening
  • 2. Technical audits
  • 3. Automation

2

slide-3
SLIDE 3

Michael Boelen

3

slide-4
SLIDE 4

Linux security

4

Areas Core Resources Services Environment System Hardening Boot Process Containers Frameworks Kernel Service Manager Virtualization Accounting Authentication Cgroups Cryptography Logging Namespaces Network Software Storage Time Database Mail Middleware Monitoring Printing Shell Web Forensics Incident Response Malware Risks Security Monitoring System Integrity Security Auditing Compliance

slide-5
SLIDE 5

System Hardening

slide-6
SLIDE 6

Security 101

  • Ongoing process
  • Prevention || Detection
  • React and mitigate:

○ Hearthbleed ○ Spectre and Meltdown

6

slide-7
SLIDE 7

7

slide-8
SLIDE 8

8

slide-9
SLIDE 9

Hardening 101

Defenses

  • New
  • Existing
  • Reduce weaknesses

(= attack surface)

9

Photo Credits: http://commons.wikimedia.org/wiki/User:Wilson44691

slide-10
SLIDE 10

Hardening

Resources

  • Center for Internet Security (CIS)
  • NSA → NIST
  • OWASP
  • Vendors
  • The Internet

10

slide-11
SLIDE 11

11

slide-12
SLIDE 12
slide-13
SLIDE 13

Auditing

slide-14
SLIDE 14

Auditing

Why?

  • Quality
  • Assurance

14

slide-15
SLIDE 15

15

slide-16
SLIDE 16

Audit (or some pentests)

Typically: 10 Run vulnerability scanner 20 Apply fix 30 goto 10

16

slide-17
SLIDE 17

Audit

Better:

10 Select target(s) 20 Perform audit 30 Risk analysis 40 Define automation steps 50 Implement hardening 60 goto 10

17

slide-18
SLIDE 18

Automation

slide-19
SLIDE 19

Lynis

19

slide-20
SLIDE 20

How it works

  • Initialization
  • Run

○ Helpers ○ Plugins ○ Tests

  • Show audit results

20

slide-21
SLIDE 21

21

slide-22
SLIDE 22

22

slide-23
SLIDE 23

Why Lynis?

Flexibility

  • No dependencies*
  • Understandable
  • Create your own tests

* Besides common tools like awk, grep, ps

23

slide-24
SLIDE 24

Why Lynis?

Three pillars

  • 1. First impression
  • 2. Keep it simple
  • 3. Next step

24

slide-25
SLIDE 25

Why Lynis?

Next step:

25

slide-26
SLIDE 26

Running Lynis

  • lynis
  • lynis audit system
  • lynis show
  • lynis show commands

26

slide-27
SLIDE 27
slide-28
SLIDE 28

Lynis Profiles

Optional configuration

  • Default.prf
  • Custom.prf
  • Other profiles

28

slide-29
SLIDE 29

Automation

Dealing with findings

  • Log + website
  • Create hardening snippet
  • Automate via Chef, Puppet, Salt, etc.

29

slide-30
SLIDE 30

Let’s summarize

slide-31
SLIDE 31

Summary

Take action:

  • 1. Perform regular scans
  • 2. Get that low-hanging fruit
  • 3. Automate the outcome

31

slide-32
SLIDE 32

You finished this presentation Success!

slide-33
SLIDE 33

Questions?

Connect

  • Twitter: @mboelen
  • LinkedIn: Michael Boelen

Relevant project: https://LinuxSecurity.Expert

(security tools, checklists, guides)

33

slide-34
SLIDE 34

Learn more?

Follow

  • Blog

Linux Audit (linux-audit.com)

  • Twitter

@mboelen

This presentation will be available at michaelboelen.com

34