Step zero

We will start to navigate Linux security from zero, how to protect your system from unauthorized users, and how to monitoring your Linux system (demons, ports, processes and services installed on your machine)

When i login to my system i have to read two important files (boot.log and dmesg.log), these files show me boot sequence and booting hardware such as hard disk and network adapter, and if there any problem in booting operation.
log files located in /var/log and reading dmesg file by command cat /var/log/dmesg

/var/log/message: General message and system related stuff
/var/log/auth.log: Authenication logs
/var/log/kern.log: Kernel logs
/var/log/cron.log: Crond logs (cron job)
/var/log/maillog: Mail server logs
/var/log/qmail/: Qmail log directory (more files inside this directory)
/var/log/httpd/: Apache access and error logs directory
/var/log/lighttpd: Lighttpd access and error logs directory
/var/log/boot.log: System boot log
/var/log/mysqld.log: MySQL database server log file
/var/log/secure: Authentication log
/var/log/utmp or /var/log/wtmp : Login records file
/var/log/yum.log: Yum log files

You can check your mounted driver by using command df -h

Booting of Linux is passing through many levels or stages
Bios –> grub boot –> kernel(initializes hardware) —> init
init is the first program run after kernel it do the following:
1- Start up system run level.
2- Specify processes to be executed during system boot.
3- Specify processes to be run when the specified run-level is entered.
4- Specify processes to be run on certain run-levels with actions like respawn so the process is restarted any time it terminates.
5- Specify certain actions or processes to be run if certain signals or user actions are indicated.
These programs read and apply configuration from /etc/inittab and when we look at it’s configuration file (/etc/inittab) it’s look like

# Author:       Miquel van Smoorenburg, 
#               Modified for RHS Linux by Marc Ewing and Donnie Barnes

id:3:initdefault:

# System initialization.
si::sysinit:/etc/rc.d/rc.sysinit

l0:0:wait:/etc/rc.d/rc 0
l1:1:wait:/etc/rc.d/rc 1
l2:2:wait:/etc/rc.d/rc 2
l3:3:wait:/etc/rc.d/rc 3
l4:4:wait:/etc/rc.d/rc 4
l5:5:wait:/etc/rc.d/rc 5
l6:6:wait:/etc/rc.d/rc 6

# Things to run in every runlevel. 
ud::once:/sbin/update

# Trap CTRL-ALT-DELETE
ca::ctrlaltdel:/sbin/shutdown -t3 -r now

# When our UPS tells us power has failed, schedule a shutdown for 2 minutes from now.
pf::powerfail:/sbin/shutdown -f -h+2 "Power Failure; System Shutting Down"

# If power was restored before the shutdown kicked in, cancel it.
pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Canceled"

# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
3:2345:respawn:/sbin/mingetty tty3
4:2345:respawn:/sbin/mingetty tty4
5:2345:respawn:/sbin/mingetty tty5
6:2345:respawn:/sbin/mingetty tty6

# Run xdm in runlevel 5
x:5:respawn:/etc/X11/prefdm -nodaemon 

1- reduce number of TTYs it takes resources (by putting # before every TTY)
just leave in that you may need it in emergency.

1:2345:respawn:/sbin/getty 38400 tty1   
#2:23:respawn:/sbin/getty 38400 tty2   
#3:23:respawn:/sbin/getty 38400 tty3  
#4:23:respawn:/sbin/getty 38400 tty4  
#5:23:respawn:/sbin/getty 38400 tty5  
#6:23:respawn:/sbin/getty 38400 tty6  

2- defualt run-level from 3 to 5 (use fewer resources and graphical TCP X windows)
3- Disable ctl+alt+delete by commenting ca:12345:ctrlaltdel:/sbin/shutdown -t1-a -r now
4- use strong password on bios
5- encrypt your grub file by using command grub-md5-crypt, for more information man grub-md5-crypt
6- use a very strong password for root
7- don’t access to the system by root or privileged user
8- change system banners such as /etc/issue and /etc/motd

Note: The different between issue and motd is issue print its value before you login and motd after you login.