Security Hardening

Last edited by on 12 09 2025
Jump to: navigation, search


Quick Reference

Overview of security features implemented on UPDC VMs through the automated security hardening script.

Security Features Overview

  • Root Access Disabled - Root login and shell disabled
  • SSH Key Authentication - Password authentication disabled, key-only access
  • Password Policy - 12+ chars, complexity, 90-day expiry, history tracking
  • Firewall Protection - UFW configured with SSH-only access
  • Intrusion Prevention - Fail2Ban with 5-attempt lockout
  • Security Monitoring - Wazuh agent for centralized monitoring
  • Audit Logging - Comprehensive auditd rules for system events
  • Log Retention - Extended retention with compression
  • Service Hardening - Unused services disabled

Detailed Security Features

Access Control

  • Root Account: Disabled login and shell access
  • SSH Configuration: Key-only authentication, no passwords
  • User Management: Sudo user creation with proper permissions
  • Session Limits: Limited SSH sessions and auth attempts

Network Security

  • UFW Firewall: Default deny incoming, allow SSH only
  • SSH Restrictions: Standard port, rate limiting enabled
  • Connection Monitoring: Fail2Ban with configurable ban duration

Password Security

  • Complexity: Uppercase, lowercase, digits, special characters
  • Length: Minimum 12 characters
  • History: Prevents password reuse
  • Expiration: Password expiry and warning periods
  • Lockout: Failed attempts and lockout duration

Monitoring & Logging

  • Wazuh Agent: Centralized security monitoring
  • Audit Logging: File access, user management, system changes
  • Log Retention: Extended retention with compression
  • Security Events: Authentication, privilege escalation, file modifications

System Hardening

  • Service Disabling: Unused services (bluetooth, cups, etc.) disabled
  • File Permissions: Secure SSH directory and key permissions
  • Process Monitoring: System call auditing for security events

Security Tools

Fail2Ban

  • Purpose: Intrusion prevention system
  • Monitoring: SSH, authentication failures
  • Integration: Works with UFW firewall

Wazuh Agent

  • Purpose: Security information and event management (SIEM)
  • Features: Real-time monitoring, threat detection, compliance
  • Logs: System events, security alerts, file integrity
  • Manager: Centralized dashboard for all VMs

Auditd

  • Purpose: System audit logging
  • Monitors: File access, user management, privilege escalation
  • Retention: Extended log retention

Quick Commands

Check Security Status

<source lang="bash">

  1. Check Fail2Ban status

sudo fail2ban-client status sshd

  1. Check Wazuh agent

sudo systemctl status wazuh-agent

  1. Check audit logs

sudo ausearch -k authentication

  1. Check firewall status

sudo ufw status verbose </source>

Security Verification

After VM setup, verify these security features:

  • [ ] Root login disabled (`sudo passwd -S root`)
  • [ ] SSH key authentication working
  • [ ] Password policy enforced
  • [ ] UFW firewall active
  • [ ] Fail2Ban monitoring SSH
  • [ ] Wazuh agent connected
  • [ ] Audit logging active
  • [ ] Unused services disabled
Retrieved from "http://wiki.datacommons.up.edu.ph/index.php?title=Security_Hardening&oldid=8"