Server hardening is one of the first things that should be looked into when securing any information infrastructure.
What are the basic things to be looked into during server hardening?
– Remove unnecessary applications
– Tighten configurations on remaining applications/ services
– Set proper network options
– Tighten user accounts
– Monitor system files
Let us now see how to handle these issues for AIX Servers
– Remove unnecessary applications
a. Use netstat -af inet or a tool like nmap and remove those applications which you do not require.
b. From /etc/inittab remove applications that you do not need. Some usually unnecessary applications include:
piobe, qdaemon – Used for scheduling printing
httpsdlite, inmss, inqss – Used for docsearch (which is easily replaced with ‘man’)
dt – Used for common desktop environment – not needed on servers
c. Remove entries from /etc/rc.tcpip which starts the TCP/IP daemons
autocon6, lpd, routed, named, timed, rwhod, snmpd, mrouted may be some of the daemons you do not need
d. Remove entries from /etc/inetd.conf
The inetd daemon is like a master server that invokes other daemons
Some of the applications that are not required include: telnet, rlogin, rsh, ftp, comsat (only required if mail is used), finger, talk, ntalk, sprayd, pcnfsd, echo, chargen, time, daytime and discard
Bootp & tftp: Use only if remote booting of clients is required
– Tighten configurations on remaining services
a. Secure DNS – restrict zone transfers, restrict dynamic updates, restrict recursions, restrict queries, restrict DNS cache update
b. Secure Sendmail – Get the latest version, apply patches, deny VRFY, EXPN, use PrivacyOptions in the configuration file, do not run sendmail as root, turn off banner information etc.
c. Secure SNMP: Use hard to guess community strings, use the latest versions; do not use SNMP v1,
– Set proper network options
Network options determine how TCP, IP and ICMP behave.
Protect against SYN attacks, smurf attacks, prevent ICMP redirects and source routing
– Tighten user accounts
a. remove unnecessary default accounts like uucp, nuucp, lpd, imnadm, guest etc.
b. User attributes like number of login retries, preventing root from remotely logging in etc can be done in /etc/security/user
c. Secure root user: Disable remote login, set up exceptionally strong passwords, make extensive use of roles to limit root logins
d. Set up strong password policy: /etc/security/user
Use a dictionary (words in the dictionary cannot be used in passwords), implement histexpire (number of weeks before passwords can be reused), maxage (number of weeks before password expires), minalpha, minother, minlength, mindiff (minimum number of characters in the new password that must be different from the old password), passwarntime.
– Monitor system logs and files
/var/adm/sulog – use of ‘su’ command
/var/adm/wtmp – all logins and logouts
/etc/security/failedlogin – Failed logins
find / -perm -0007 -type d -ls (World writable directories)
find / -perm -2 -type f -ls (World writable files)
cronadm cron -l (monitor cron jobs)
cronadm at -l (monitor at jobs)
Comments are closed.