The checksecurity and
chkrootkit/rkhunter
packages
checksecurity
consists of several small scripts that perform basic checks on the system
(searching for empty passwords, new setuid files, and so on) and warn you if these
conditions are detected. Despite its explicit name, you should not rely solely on it to
make sure a Linux system is secure.
The
chkrootkit
and
rkhunter
packages detect certain
rootkits
potentially installed on
the system. As a reminder, these are pieces of software designed to hide the compro-
mise of a system while discreetly keeping control of the machine. The tests are not
100 percent reliable but they can usually draw your attention to potential problems.
7.6. Summary
In this chapter, we took a look at the concept of security policies, highlighting various points to
consider when defining such a policy and outlining some of the threats to your system and to you
personally, as a security professional. We discussed desktop and laptop security measures as well
as firewalls and packet filtering. Finally, we reviewed monitoring tools and strategies and showed
how to best implement them to detect potential threats to your system.
Summary Tips:
• Take time to define a comprehensive security policy.
• Real risk often arises when you travel from one customer to the next. For example, your lap-
top could be stolen while traveling or seized by customs. Prepare for these unfortunate pos-
sibilities by using full disk encryption (see section
4.2.2
, “
Installation on a Fully Encrypted
File System
” [page 88]) and consider the nuke feature (see “
Adding a Nuke Password for
Extra Safety
” [page 250]) to protect your clients data.
• Disable services that you do not use. Kali makes it easy to do this since all external network
services are disabled by default.
• If you are running Kali on a publicly accessible server, change any default passwords for
services that might be configured (see section
7.3
, “
Securing Network Services
” [page 159])
and restrict their access with a firewall (see section
7.4
, “
Firewall or Packet Filtering
” [page
159]) prior to launching them.
• Use fail2ban to detect and block password-guessing attacks and remote brute force password
attacks.
• If you run web services, host them over HTTPS to prevent network intermediaries from
sniffing your traffic (which might include authentication cookies).
• The Linux kernel embeds the netfilter firewall. There is no turn-key solution for configuring
any firewall, since network and user requirements differ. However, you can control netfilter
from user space with the
iptables
and
ip6tables
commands.
• Implement firewall rules (see section
7.4
, “
Firewall or Packet Filtering
” [page 159]) to forbid
all outbound traffic except the traffic generated by your VPN access. This is meant as a safety
171
Chapter 7 — Securing and Monitoring Kali Linux
net, so that when the VPN is down you immediately notice it (instead of falling back to the
local network access).
•
top
is an interactive tool that displays a list of currently running processes.
• The
logcheck
program monitors log files every hour by default and sends unusual log mes-
sages in emails to the administrator for further analysis.
•
dpkg --verify
(or
dpkg -V
) displays the system files that have been modified (potentially
by an attacker), but relies on checksums, which may be subverted by a clever attacker.
• The Advanced Intrusion Detection Environment (AIDE) tool checks file integrity and detects
any changes against a previously-recorded image of the valid system.
• Tripwire is very similar to AIDE but uses a mechanism to sign the configuration file, so that
an attacker cannot make it point at a different version of the reference database.
• Consider the use of
rkhunter
,
checksecurity
, and
chkrootkit
to help detect rootkits on
your system.
In the next chapter, we are going to dig into Debian fundamentals (chapter
8
, “
Debian Package
Management
” [page 176]) and package management. You will quickly understand the power be-
hind Kali’s Debian roots and learn how the developers have harnessed that power. Be warned,
the next chapter is fairly dense, but it is critical that you understand Debian basics and package
management if you are going to be a Kali power user.
172
Kali Linux Revealed
|
