apt-get install mc/root and your home folder permission to: 0700echo "root" >>/etc/cron.allow echo "root" >>/etc/at.allow
/etc/hosts.denyALL: PARANOID
ALL: ALL: SPAWN ( \
echo "\n\
TCP Wrappers\: Connection refused\n\
By\: $(uname -n)\n\
Process\: %d (pid %p)\n\
User\: %u\n\
Host\: %c (%h)\n\
Date\: $(date)\n\
" | /usr/bin/mail -s "Connection to %d blocked" root) &
/etc/fstabdevshm /dev/shm tmpfs nodev,nosuid,noexec 0 0
/etc/login.defsSULOG_FILE /var/log/sulog LOGIN_RETRIES 3 LOGIN_TIMEOUT 20 LASTLOG_ENAB
/etc/sudoersDefaults env_reset Defaults mail_badpass Defaults mail_no_perms Defaults insults Defaults passwd_tries="1" Defaults passwd_timeout="1" Defaults logfile=/var/log/sudolog Defaults !lecture,tty_tickets,!fqdn
/etc/sysctl.confnet.ipv4.tcp_syncookies = 1 net/ipv4/icmp_echo_ignore_broadcasts = 1 net/ipv4/icmp_ignore_bogus_error_responses = 1 net/ipv4/conf/all/accept_redirects = 0 net/ipv4/conf/all/send_redirects = 0 net/ipv4/conf/all/accept_source_route = 0 net/ipv4/conf/all/log_martians = 1 net/ipv4/ip_always_defrag = 1
/etc/apt/apt.confDPkg::Pre-Install-Pkgs {"mount -o remount,exec /tmp";};
DPkg::Pre-Install-Pkgs {"mount -o remount,exec /var";};
DPkg::Post-Invoke {"mount -o remount /tmp";};
DPkg::Post-Invoke {"mount -o remount /var";};
/etc/event.d/control-alt-delete#exec /sbin/shutdown -r now "Control-Alt-Delete pressed"
grub-md5-crypt your_password
/boot/grub/menu.lst
password --md5 output of last command
/etc/security/limits.conf# prevent core dumps * hard core 0 # limit user processes per user to 150 * soft nproc 150 * hard nproc 200 # limit memory * hard data 1048576 * hard rss 1048576 * hard as 2097152 # limit max file size to 10GB * soft fsize 1048576 * hard fsize 10485760 # Max user logins * - maxlogins 3
(If you set limits do NOT forget to restore them for main services!)
chown root:admin /bin/su chmod 0750 /bin/su
https://help.ubuntu.com/community/UnsafeDefaults
https://help.ubuntu.com/8.04/serverguide/C/console-security.html
