Your browser doesn't support the features required by impress.js, so you are presented with a simplified version of this presentation.

For the best experience please use the latest Chrome, Safari or Firefox browser.

Xenial Release Party
Universitas Pembangunan Nasional "Veteran" Yogyakarta
Tasyakuran Rilis Xenial
Universitas Pembangunan Nasional "Veteran" Yogyakarta
Dedy Hariyadi
@milisdad
Komunitas Ubuntu Indonesia
  • Badan Hukum: AHU-37.AH.01.07.Tahun 2013
  • https://www.facebook.com/ubuntu.indonesia
  • https://twitter.com/ubuntu_id
  • http://groups.google.com/group/id-ubuntu
  • http://www.ubuntu-id.org
Ibnu Islamy Harahap
Keamanan Teknologi Informasi
  • Fisik
  • Non-fisik
Berbayar
vs
Tidak Berbayar
Closed Source
vs
Open Source
ssh
PermitRootLogin no
procps
# Ignore ICMP broadcast requests
net.ipv4.icmp_echo_ignore_broadcasts = 1 

# Disable source packet routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0 
net.ipv4.conf.default.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0 

# Ignore send redirects net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0 
# Block SYN attacks
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 5 

# Log Martians
net.ipv4.conf.all.log_martians = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1 

# Ignore ICMP redirects
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0 
net.ipv6.conf.default.accept_redirects = 0 

# Ignore Directed pings
net.ipv4.icmp_echo_ignore_all = 1
procps
php
disable_functions : exec, system, shell_exec, passthru
Off : expose_php, display_errors, track_errors, html_errors 
/etc/php5/apache2/php.ini
apache2
/etc/apache2/conf-available/security.conf
  • ServerTokens Prod
  • ServerSignature Off
apache2
  • sudo a2enconf security
  • sudo a2enmod headers
apache2 - ModSecurity
  • sudo apt-get install libxml2 libxml2-dev libxml2-utils
  • sudo apt-get install libaprutil1 libaprutil1-dev
  • ln -s /usr/lib/x86_64-linux-gnu/libxml2.so.2 /usr/lib/libxml2.so.2
  • sudo apt-get install libapache-mod-security
apache2 - ModEvasive
  • sudo apt-get install libapache2-mod-evasive
  • sudo mkdir /var/log/mod_evasive
  • sudo chown www-data:www-data /var/log/mod_evasive/
  • sudo a2enmod evasive
<ifmodule mod_evasive20.c>
   DOSHashTableSize 3097
   DOSPageCount  2
   DOSSiteCount  50
   DOSPageInterval 1
   DOSSiteInterval  1
   DOSBlockingPeriod  10
   DOSLogDir   /var/log/mod_evasive
   DOSWhitelist   127.0.0.1
</ifmodule>
rkhunter - chrootkit
  • apt-get install rkhunter chkrootkit
  • /etc/chkrootkit.conf : RUN_DAILY="true"
  • /etc/default/rkhunter : CRON_DAILY_RUN, CRON_DB_UPDATE "true"
  • mv /etc/cron.weekly/rkhunter /etc/cron.weekly/rkhunter_update
  • mv /etc/cron.daily/rkhunter /etc/cron.weekly/rkhunter_run
  • mv /etc/cron.daily/chkrootkit /etc/cron.weekly/
logwatch
  • apt-get install logwatch
  • mv /etc/cron.daily/00logwatch /etc/cron.weekly/
  • /usr/sbin/logwatch --output mail --range 'between -7 days and -1 days'
/etc/cron.weekly/00logwatch
X
jangan bertanya !!!
Mari Berdiskusi...

Use a spacebar or arrow keys to navigate