diff options
| author | Silvino <silvino@bk.ru> | 2019-07-02 18:33:16 +0100 |
|---|---|---|
| committer | Silvino <silvino@bk.ru> | 2019-07-02 18:33:16 +0100 |
| commit | 1fb8842d469c36e5b43e843d3759e3c18c120c47 (patch) | |
| tree | aa5f5ce42984bf8cc0dd7783375dae634d38a0be /core/hardening.html | |
| parent | 0a09245b4654604dd0ab8962d6b5210066bd9f29 (diff) | |
| download | doc-1fb8842d469c36e5b43e843d3759e3c18c120c47.tar.gz | |
core revision
Diffstat (limited to 'core/hardening.html')
| -rw-r--r-- | core/hardening.html | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/core/hardening.html b/core/hardening.html index d94cda6..200adfb 100644 --- a/core/hardening.html +++ b/core/hardening.html @@ -44,12 +44,12 @@ <h3>1.2 - Linux PAM</h3> - <p>Cat /etc/pam.d/system-auth. Check pam modules, test on virtual machine, user can lockout during tests.</p> + <p>Cat /etc/pam.d/system-auth. Check pam modules, test on virtual machine, user can lockout during tests. Check files (processes); getfacl filename.</p> <p>Check files (processes) set uid and set gid;</p> <pre> - # find / -perm -4000 >> /root/setuid_files + # find / -perm 4000 >> /root/setuid_files # find / -perm 2000 >> /root/setguid_files </pre> @@ -75,8 +75,17 @@ # chmod g-s filename </pre> - <p>Check files (processes); getfacl filename.</p> - , disable admins and root from sshd.</p> + <p>Find world writable files;</p> + + <pre> + # find /dir -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print + </pre> + + <p>No owner files;</p> + + <pre> + # find /dir -xdev \( -nouser -o -nogroup \) -print + </pre> <h3>1.3. Capabilities</h3> @@ -133,6 +142,16 @@ # auditctl -w /sbin/insmod -p x -k module_insertion </pre> + <h3>1.6 Network</h3> + + <p>Find listening services with command;</p> + + <pre> + # ss -tulpn + # nmap -sT -O localhost + # nmap -sT -O machine.example.org + </pre> + <h2>2.6.0.2 Lynis</h2> <pre> |