From 1fb8842d469c36e5b43e843d3759e3c18c120c47 Mon Sep 17 00:00:00 2001
From: Silvino <silvino@bk.ru>
Date: Tue, 2 Jul 2019 18:33:16 +0100
Subject: core revision

---
 core/hardening.html | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

(limited to 'core/hardening.html')

diff --git a/core/hardening.html b/core/hardening.html
index d94cda6..200adfb 100644
--- a/core/hardening.html
+++ b/core/hardening.html
@@ -44,12 +44,12 @@
 
         <h3>1.2 - Linux PAM</h3>
 
-        <p>Cat /etc/pam.d/system-auth. Check pam modules, test on virtual machine, user can lockout during tests.</p>
+        <p>Cat /etc/pam.d/system-auth. Check pam modules, test on virtual machine, user can lockout during tests. Check files (processes); getfacl filename.</p>
 
         <p>Check files (processes) set uid and set gid;</p>
 
         <pre>
-        # find / -perm -4000 >> /root/setuid_files
+        # find / -perm 4000 >> /root/setuid_files
         # find / -perm 2000 >> /root/setguid_files
         </pre>
 
@@ -75,8 +75,17 @@
         # chmod g-s filename
         </pre>
 
-        <p>Check files (processes); getfacl filename.</p>
-        , disable admins and root from sshd.</p>
+        <p>Find world writable files;</p>
+
+        <pre>
+        # find /dir -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
+        </pre>
+
+        <p>No owner files;</p>
+
+        <pre>
+        # find /dir -xdev \( -nouser -o -nogroup \) -print
+        </pre>
 
         <h3>1.3. Capabilities</h3>
 
@@ -133,6 +142,16 @@
         # auditctl -w /sbin/insmod -p x -k module_insertion
         </pre>
 
+        <h3>1.6 Network</h3>
+
+        <p>Find listening services with command;</p>
+
+        <pre>
+        # ss -tulpn
+        # nmap -sT -O localhost
+        # nmap -sT -O machine.example.org
+        </pre>
+
         <h2>2.6.0.2 Lynis</h2>
 
         <pre>
-- 
cgit 1.4.1-2-gfad0