Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add security monitoring method for server

...

  • Open the “blacklist.conf” file using your favorite text editor:
    #nano /etc/modprobe.d/blacklist.conf
  • When the file opens, then add the following line at the end of the file (save and close):
    blacklist usb_storage
  • After this, open the rc.local file:
    #nano /etc/rc.local
  • Finally, add the following two lines:
    modprobe -r usb_storage
    exit 0

 


SERVER

1. System update

The first thing to do after the first boot is to update the system; this should be an easy step. Generally, you open your terminal window and execute the appropriate commands. 

...

Enable randomized Virtual Memory Region Placement by:

      • Adding kernel.randomize_va_space = 2 to the “/etc/sysctl.conf” file

         10. Security monitoring

                An malware scanner or Intrusion detection system (IDS) like Wazuh, Ossec, rkhunter can be installed to monitor if there is any unusual behaviors happen.


More info TBD