https://github.com/emirozer/nixarmor

nixarmor is a linux hardening automation project
https://github.com/emirozer/nixarmor

hardening linux security shell

Last synced: 6 months ago
JSON representation

nixarmor is a linux hardening automation project

• Host: GitHub
• URL: https://github.com/emirozer/nixarmor
• Owner: emirozer
• License: gpl-3.0
• Created: 2015-01-09T22:33:20.000Z (about 11 years ago)
• Default Branch: master
• Last Pushed: 2022-03-04T17:56:55.000Z (about 4 years ago)
• Last Synced: 2023-04-09T22:18:27.155Z (almost 3 years ago)
• Topics: hardening, linux, security, shell
• Language: Shell
• Homepage:
• Size: 40 KB
• Stars: 65
• Watchers: 9
• Forks: 17
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
![Screenshot](https://raw.github.com/emirozer/nixarmor/master/docs/nixarmor.png)

=======================

##Linux Hardening Automation Project

![travis](https://travis-ci.org/emirozer/nixarmor.svg?branch=master)

*This program comes with ABSOLUTELY NO WARRANTY!*

*Be Advised, do NOT use in production environments!*

	Wikipedia's description for Hardening:

    In computing, hardening is usually the process of securing a system

    by reducing its surface of vulnerability.

    A system has a larger vulnerability surface the more functions

    it fulfills; in principle a single-function system is more secure

    than a multipurpose one.

    Reducing available vectors of attack typically includes the

    removal of unnecessary software, unnecessary usernames or

    logins and the disabling or removal of unnecessary services.[1]

[1][Hardening(computing)](http://en.wikipedia.org/wiki/Hardening_%28computing%29)

##USAGE

Clone the repository.

	git clone https://github.com/emirozer/nixarmor.git

Run the related automation script based on your distribution.

**OR**

You can try the environment via using vagrant.

Go to the /vagrant/.. dir and pick the distro you are interested in.

    vagrant up

*I am assuming you have* [vagrant](https://www.vagrantup.com) *on your system packages for this task.*

###CHKROOTKIT & Cron Job

=============

Chkrootkit is installed for ubuntu/debian/fedora and ran once.

For **centOS**, **yum** won't serve this [package](http://www.chkrootkit.org/) so you have to get it manually.

It is in your best interest to run chkrootkit daily.

Here are some basic universal instructions:

	vi /etc/cron.daily/chkrootkit.sh

	#!/bin/bash

	cd /your_installpath/chkrootkit-0.42b/

	./chkrootkit | mail -s “Daily chkrootkit from Servername” admin@youremail.com

Note

1. Replace ‘your_installpath’ with the actual path to where you unpacked Chkrootkit.

2. Change ‘Servername’ to the server which you are running.

3. Change ‘admin@youremail.com’ to your actual email address where the script will mail you.

Save the file.

Change the file permissions

	chmod 755 /etc/cron.daily/chkrootkit.sh

-

*Small note about unattanded updates:* It is a good idea if and only if you compose your own black list..Meaning put everything that you find upgrading without supervision risky. http://askubuntu.com/questions/193773/can-i-configure-unattended-upgrades-to-not-upgrade-packages-that-require-a-reboo