diff options
Diffstat (limited to 'core/hardening.html')
| -rw-r--r-- | core/hardening.html | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/core/hardening.html b/core/hardening.html index d94cda6..200adfb 100644 --- a/core/hardening.html +++ b/core/hardening.html @@ -44,12 +44,12 @@ <h3>1.2 - Linux PAM</h3> - <p>Cat /etc/pam.d/system-auth. Check pam modules, test on virtual machine, user can lockout during tests.</p> + <p>Cat /etc/pam.d/system-auth. Check pam modules, test on virtual machine, user can lockout during tests. Check files (processes); getfacl filename.</p> <p>Check files (processes) set uid and set gid;</p> <pre> - # find / -perm -4000 >> /root/setuid_files + # find / -perm 4000 >> /root/setuid_files # find / -perm 2000 >> /root/setguid_files </pre> @@ -75,8 +75,17 @@ # chmod g-s filename </pre> - <p>Check files (processes); getfacl filename.</p> - , disable admins and root from sshd.</p> + <p>Find world writable files;</p> + + <pre> + # find /dir -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print + </pre> + + <p>No owner files;</p> + + <pre> + # find /dir -xdev \( -nouser -o -nogroup \) -print + </pre> <h3>1.3. Capabilities</h3> @@ -133,6 +142,16 @@ # auditctl -w /sbin/insmod -p x -k module_insertion </pre> + <h3>1.6 Network</h3> + + <p>Find listening services with command;</p> + + <pre> + # ss -tulpn + # nmap -sT -O localhost + # nmap -sT -O machine.example.org + </pre> + <h2>2.6.0.2 Lynis</h2> <pre> |