Linux hardening with Lynis with Brian Byrne

Transcript

1. Linux hardening with Lynis with Brian Byrne Virtual PajamaCon July

   2020 © Brian Byrne, 2020. Twitter:@BrianLinuxing Email: [email protected] 1

2. The thank yous A big thanks to everyone at PajamaCon

   for inviting me. Credit to Tuxedo Computers for supporting our free Linux community ! https://www.tuxedocomputers.com/ These slides are on Speaker Deck https://speakerdeck.com/brianlinuxing © Brian Byrne, 2020. Twitter:@BrianLinuxing Email: [email protected] 2

3. Brian Byrne discovered computing around the time Intel released the

   4004 chip, in 1971. After 1979 he professionally worked across most sectors, education, commercial and finance, in some seriously technical, managerial and hands-on roles. Brian founded Linuxing In London in 2016, co-organises Covent Garden Pi Jam and all London Raspberry Pi Jam (mini-science festivals for kids), plus a lot more. NB: Brian speaks in paragraphs. He is a freelance IT manager, a thinker and do-er for hire. Want your IT systems organised properly? Pay him, he’ll do it for you! © Brian Byrne, 2020. Twitter:@BrianLinuxing Email: [email protected] 3

4. Brian’s Operating Systems I’ve used, installed, fixed and played with

   over 24 operating systems in 40 years, including but not limited to: TOPS-10, RT-11, RSX, VAX/VMS, CP/M, MS-DOS, AmigaOS, RSTE/E, Classic Mac OS (Lisa), Sinclair_QDOS, Ultrix, OSF/1, SCO Unix, OpenVMS, OS/2, VM/CMS, NetWare 2->3, Windows 1-> Windows 3.1, Windows 95->98 SE, Windows NT 1.0 ->4, Windows 2000, Windows XP, Windows Vista, Windows 7->8.1, Windows 10 and a lot more. Linux was my 15th or 16th operating system! © Brian Byrne, 2020. Twitter:@BrianLinuxing Email: [email protected] 4

5. A word about Linux Everything is Linux. Android phones, the

   lot. Linux is used on 100% of the world’s supercomputers. Everyone runs Linux: AWS, Netflix, Google, Facebook, even Microsoft Distrowatch lists 274 live Linux distributions, as of July 2020. Linux is free. 274 types to try out! Plenty of choice, masses of options. © Brian Byrne, 2020. Twitter:@BrianLinuxing Email: [email protected] 5

6. Brief agenda Outline the topic, think about relate issues and

   what obstacles could exist and how to preempt them. Technical demos on Ubuntu 20.04 and a Jetson Xavier NX running 18.04 © Brian Byrne, 2020. Twitter:@BrianLinuxing Email: [email protected] 6

7. IBM Roadrunner ~2009 at Los Alamos National Laboratory, it ran

   Red Hat © Brian Byrne, 2020. Twitter:@BrianLinuxing Email: [email protected] 7

8. Hypothetical cluster setup © Brian Byrne, 2020. Twitter:@BrianLinuxing Email: [email protected]

   8

9. Your predicament © Brian Byrne, 2020. Twitter:@BrianLinuxing Email: [email protected] 9

10. An ally: Lynis © Brian Byrne, 2020. Twitter:@BrianLinuxing Email: [email protected]

    10

11. But why? Isn’t Linux secure? Yes, by virtue of the

    separation of privileges, by design. Users can’t (generally) damage a Linux system, but misconfiguration is a big problem. © Brian Byrne, 2020. Twitter:@BrianLinuxing Email: [email protected] 11

12. Technical demos Two technical demos, on an Ubuntu 20.04 system

    and another on an Nvidia Jetson Xavier NX, which effectively runs 18.04. The only requirement is git. © Brian Byrne, 2020. Twitter:@BrianLinuxing Email: [email protected] 12 Login to a standard Linux account 1. git clone https://github.com/CISOfy/lynis 2. cd lynis 3. ./lynis -V 4. ./lynis audit system

13. Post audit Collate the reports. Look for serious problems. Get

    management buy-in. Sell changes to techies. Talk with technical teams and management, prioritise fixes. Implement stage by stage, small wins first. Look out for gotchas. Plan post change audits. Don’t just look at the technical issues, think about humans and stress! © Brian Byrne, 2020. Twitter:@BrianLinuxing Email: [email protected] 13

14. Talk links Lynis home https://cisofy.com/lynis/ Lynis on github https://github.com/CISOfy/lynis Lynis

    on Wikpedia https://en.wikipedia.org/wiki/Lynis OWASP projects https://owasp.org/projects/ OWASP London https://www.meetup.com/OWASP-London/ © Brian Byrne, 2020. Twitter:@BrianLinuxing Email: [email protected] 14

15. The End Thank you for participating. Enjoyed the event, slides,

    etc? Then please leave a nice comment on Twitter. [NB: All images are copyright of their respective owners.] © Brian Byrne, 2020. Twitter:@BrianLinuxing Email: [email protected] 15