Linux Hardening - Made Easy

Guy Barnhart-Magen

August 8, 2019

You can find the abstract below

Please Prepare for the Workshop

We wIll base our workshop on an ubuntu image, which I will link below. I recommend using VirtualBox VM - which is what I use.

This VM will have a basic OS, a web server and some files we would like to protect.

I am also using Ubuntu as my host, with ZSH - but will explain anything that looks funny :-)

I have included instruction to assist you with:

If you are not sure how to do the above, use the resources below.

If you need to install VirtualBox, use the following

sudo apt install virtualbox


  1. Download the Ubuntu 18.04.2 ISO
  2. validate the SHA256 checksum ea6ccb5b57813908c006f42f7ac8eaa4fc603883a2d07876cf9ed74610ba2f53 *ubuntu-18.04.2-live-server-amd64.iso
  3. Create a new VirtualBox VM based on Ubuntu 18.04.2
  4. Test that you have an internet connection from the VM
  5. update your repositories
  6. upgrade packages
  7. install NGINX
  8. copy index.html to /var/www/html
  9. browse to your VM (over port 80) and make sure you see the workshop webpage
# run commands under root prievleges
sudo apt install nginx
curl > /var/www/html/index.html


  1. install vagrant and virtualbox
  2. save the script below as “Vagrantfile”
  3. run vagrant validate
  4. run vagrant up
Vagrant.configure("2") do |config| = "ubuntu/bionic64"
  config.vm.box_check_update = false "forwarded_port", guest: 80, host: 10080 "private_network", ip: ""
  config.vm.provider "virtualbox" do |vb|
    vb.gui = false = "bsideslv-workshop"
    vb.linked_clone = true
    vb.customize ["modifyvm", :id, "--cpuexecutioncap", "25"]
    vb.memory = 1024
    vb.cpus = 1

  config.vm.provision "shell", inline: <<-SHELL
    apt-get update
    apt-get upgrade -y --no-install-recommends
    # sed -i -e "s/#PasswordAuthentication yes/PasswordAuthentication yes\nAuthenticationMethods publickey,password publickey,keyboard-interactive/g" /etc/ssh/sshd_config

Prepared VM

sha512sum -c workshop.ova.sha512sum

Import the VM

“bsideslv-workshop” is the workshop VM name, replace it with whatever you have as needed

vboxmanage import workshop.ova
vboxmanage list vms | cut -d" " -f1 | sed 's/"//g'

export VM=bsideslv-workshop_1
vboxmanage modifyvm $VM --nic1 bridged --bridgeadapter1 eno1

vboxmanage startvm $VM --type headless

vboxmanage guestproperty get $VM "/VirtualBox/GuestInfo/Net/0/V4/IP"

#vboxmanage controlvm $VM natpf1 "SSH,tcp,,2222,,22"
#vboxmanage controlvm $VM natpf1 "NGINX,tcp,,2222,,22"

SSH into your VM

The VM has port-forwarding from the host on port 2222 to the guest on port 22. It is configured with a static address of:

Use the following credentials:

username: ubuntu

password: ubuntu

ssh -p 22 [email protected]

Test Internet


Update your repositories

sudo apt-get update
sudo apt-upgrade -y --no-install-recommends


You often hear that one of the first steps is to harden your servers and services – buy how exactly do you do that?

In this workshop, we will go through the various stages of hardening a Linux environment (Ubuntu) against attackers. During this workshop, we will consider common attack vectors and their mitigations, deploying security “feelers” and properly configuring the operating system and services against attacks.

This is an introductory level workshop (2-6 hours), hands-on, that allows participants to practice basic security hardening steps and customize their journey from that launch point.