Updc admin: Created page with "{{DISPLAYTITLE:VM Security Features}} == Quick Reference == Overview of security features implemented on UPDC VMs through the automated security hardening script. == Security Features Overview == * '''Root Access Disabled''' - Root login and shell disabled * '''SSH Key Authentication''' - Password authentication disabled, key-only access * '''Password Policy''' - 12+ chars, complexity, 90-day expiry, history tracking * '''Firewall Protection''' - UFW configured with..."

2025-09-12T10:19:22Z

Created page with "{{DISPLAYTITLE:VM Security Features}} == Quick Reference == Overview of security features implemented on UPDC VMs through the automated security hardening script. == Security Features Overview == * '''Root Access Disabled''' - Root login and shell disabled * '''SSH Key Authentication''' - Password authentication disabled, key-only access * '''Password Policy''' - 12+ chars, complexity, 90-day expiry, history tracking * '''Firewall Protection''' - UFW configured with..."

New page

{{DISPLAYTITLE:VM Security Features}}

== Quick Reference ==

Overview of security features implemented on UPDC VMs through the automated security hardening script.

== Security Features Overview ==

* '''Root Access Disabled''' - Root login and shell disabled
* '''SSH Key Authentication''' - Password authentication disabled, key-only access
* '''Password Policy''' - 12+ chars, complexity, 90-day expiry, history tracking
* '''Firewall Protection''' - UFW configured with SSH-only access
* '''Intrusion Prevention''' - Fail2Ban with 5-attempt lockout
* '''Security Monitoring''' - Wazuh agent for centralized monitoring
* '''Audit Logging''' - Comprehensive auditd rules for system events
* '''Log Retention''' - Extended retention with compression
* '''Service Hardening''' - Unused services disabled

== Detailed Security Features ==

=== Access Control ===
* '''Root Account''': Disabled login and shell access
* '''SSH Configuration''': Key-only authentication, no passwords
* '''User Management''': Sudo user creation with proper permissions
* '''Session Limits''': Limited SSH sessions and auth attempts

=== Network Security ===
* '''UFW Firewall''': Default deny incoming, allow SSH only
* '''SSH Restrictions''': Standard port, rate limiting enabled
* '''Connection Monitoring''': Fail2Ban with configurable ban duration

=== Password Security ===
* '''Complexity''': Uppercase, lowercase, digits, special characters
* '''Length''': Minimum 12 characters
* '''History''': Prevents password reuse
* '''Expiration''': Password expiry and warning periods
* '''Lockout''': Failed attempts and lockout duration

=== Monitoring & Logging ===
* '''Wazuh Agent''': Centralized security monitoring
* '''Audit Logging''': File access, user management, system changes
* '''Log Retention''': Extended retention with compression
* '''Security Events''': Authentication, privilege escalation, file modifications

=== System Hardening ===
* '''Service Disabling''': Unused services (bluetooth, cups, etc.) disabled
* '''File Permissions''': Secure SSH directory and key permissions
* '''Process Monitoring''': System call auditing for security events

== Security Tools ==

=== Fail2Ban ===
* '''Purpose''': Intrusion prevention system
* '''Monitoring''': SSH, authentication failures
* '''Integration''': Works with UFW firewall

=== Wazuh Agent ===
* '''Purpose''': Security information and event management (SIEM)
* '''Features''': Real-time monitoring, threat detection, compliance
* '''Logs''': System events, security alerts, file integrity
* '''Manager''': Centralized dashboard for all VMs

=== Auditd ===
* '''Purpose''': System audit logging
* '''Monitors''': File access, user management, privilege escalation
* '''Retention''': Extended log retention

== Quick Commands ==

=== Check Security Status ===
<source lang="bash">
# Check Fail2Ban status
sudo fail2ban-client status sshd

# Check Wazuh agent
sudo systemctl status wazuh-agent

# Check audit logs
sudo ausearch -k authentication

# Check firewall status
sudo ufw status verbose
</source>

== Security Verification ==

After VM setup, verify these security features:

* [ ] Root login disabled (`sudo passwd -S root`)
* [ ] SSH key authentication working
* [ ] Password policy enforced
* [ ] UFW firewall active
* [ ] Fail2Ban monitoring SSH
* [ ] Wazuh agent connected
* [ ] Audit logging active
* [ ] Unused services disabled

[[Category:Security]]
[[Category:VM Operations]]

Security Hardening - Revision history