Don't run this: Script for ubuntu
DONT RUN THIS!!!
Cheating script
Auditing Linux
Good Auditing Document
Ubuntu Security FROM CYBERPATRIOT
READ ME!
Updating Ubuntu
Manually Updating Ubuntu
Update Settings
Ubuntu 14.04
Disable Guest Session
Remove Samba
Install/Update/Delete Applications
REMEMBER: apps installed using apt-get are logged at /var/log/apt/
How to install applications for Windows Users
List Applications
sudo apt list --installed
Remove Application
sudo apt-get remove application
Update Application
sudo apt-get update
sudo apt-get upgrade
Undo
Undo an apt-get command
Uninstalled too many packages
Useful Stuff
Disable root login
Using the find Command
Finding all files (including hidden) in all Documents folders
ls -al /home/*/Documents
Password Settings
File: /etc/login.defs
Look at #13
Secure SSH
Look at #10
SELinux
Try this when all else fails:
Look at #11
Ubuntu 16.04
Find some information
To find out all services that have been run at startup:
systemctl list-units --type service
this will show all services that has been loaded at boot and are active now.
If you want to get a list of all services no matter they are active or not:
systemctl list-units --type service --all
Another thing you can do is to run:
systemctl list-dependencies --type service
then hit / and search for mongodb see what service/target depends on it and runs it.
Also you can run :
locate mongodb.service
Which produces something like:
/lib/systemd/system/multi-user.target.wants/mongodb.service
then you will know that it's being started as a part of multi-user target, alternative to this is:
$ systemctl cat mongodb.service | grep -i wantedby
WantedBy=multi-user.target
Disable it
To find out that if it's active (Will be run at startup/boot-time):
systemctl is-active mongodb
It's either active or inactive; In your case it should be active.
To stop it from being started at boot time we should disable it:
sudo systemctl disable mongodb
And to make sure nothing else (No other service) can start it, we mask it:
systemctl mask mongodb
so it will be linked to /dev/null and can't be started automatically or manually anymore.
Services By Default
[ + ] acpid
[ - ] alsa-utils
[ - ] anacron
[ + ] apparmor
[ + ] apport
[ + ] avahi-daemon
[ - ] bluetooth
[ - ] bootmisc.sh
[ - ] brltty
[ - ] checkfs.sh
[ - ] checkroot-bootclean.sh
[ - ] checkroot.sh
[ + ] console-setup
[ + ] cron
[ + ] cups
[ + ] cups-browsed
[ + ] dbus
[ - ] dns-clean
[ + ] grub-common
[ - ] hostname.sh
[ - ] hwclock.sh
[ + ] irqbalance
[ - ] kerneloops
[ + ] keyboard-setup
[ - ] killprocs
[ + ] kmod
[ + ] lightdm
[ - ] mountall-bootclean.sh
[ - ] mountall.sh
[ - ] mountdevsubfs.sh
[ - ] mountkernfs.sh
[ - ] mountnfs-bootclean.sh
[ - ] mountnfs.sh
[ + ] network-manager
[ + ] networking
[ + ] ondemand
[ - ] plymouth
[ - ] plymouth-log
[ - ] pppd-dns
[ + ] procps
[ + ] rc.local
[ + ] resolvconf
[ - ] rsync
[ + ] rsyslog
[ - ] saned
[ - ] sendsigs
[ + ] speech-dispatcher
[ - ] thermald
[ + ] udev
[ + ] ufw
[ - ] umountfs
[ - ] umountnfs.sh
[ - ] umountroot
[ + ] unattended-upgrades
[ + ] urandom
[ - ] uuidd
[ + ] whoopsie
[ - ] x11-common
- Read ALL of the official training modules. I know you said you read this in your answer, but you did not list PAM as something you did, so look into that.
- Learn how to list open ports and find the programs running at those open ports. The firewall really helps with this, look at this answer.
- Learn how to disable unnecessary services.
- Learn how to look for malicious files, including hidden files.
- Learn how to look at and get rid of CRON jobs. (The first answer that was linked above also talks about this.)
- Learn how to secure services like SSH, Apache2, and VSFTPD by going through their config files and setting the "safe"/"preferred" options.
For securing OpenSSH, I found these tutorials:
- https://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
- https://help.ubuntu.com/community/SSH/OpenSSH/Configuring
For securing Apache, specifically PHP, I found these tutorials:
- https://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html
- http://www.madirish.net/199
You can grind through the previously installed packagers (from before you got the image) in The Ubuntu Software Center > History and combine that with packages.ubuntu.com to see what everything is.