SlideShare une entreprise Scribd logo

Death matchtournament del2014

Télécharger en tant que PPTX, PDF
Nabil Munawar
Nabil Munawar

wkwkwkwk

Technologie
1  sur  28
Kompetisi Keamanan Jaringan Model Death Match Institut Teknologi Del 2014 Team Universitas Sumatera Utara
Lynis • wget http://cisofy.com/files/lynis-1.5.9.tar.gz • tar xzvf lynis-1.5.9.tar.gz • chown -R root.root lynis-1.5.9 • cd /lynis-1.5.9 • sudo ./lynis -c OR • sudo ./lynis –c -q • sudo nano /var/log/lynis.log
nmap • wget http://nmap.org/dist/nmap-6.46.tgz • sudo apt-get install nmap • sudo nmap -v -sT localhost • sudo nmap -v -sS localhost
Secure shared memory • sudo nano /etc/fstab tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0 • sudo reboot
SSH hardening • sudo nano /etc/ssh/sshd_config Port 22 Protocol 2 PermitRootLogin no DebianBanner no • sudo /etc/init.d/ssh restart
Protect su by limiting access only to admin group • sudo groupadd admin • sudo usermod -a -G admin <YOUR ADMIN USERNAME> • sudo dpkg-statoverride --update --add root admin 4750 /bin/su
Harden network with sysctl settings • sudo vi /etc/sysctl.conf # IP Spoofing protection net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # Ignore ICMP broadcast requests net.ipv4.icmp_echo_ignore_broadcasts = 1 # Disable source packet routing net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv6.conf.default.accept_source_route = 0
Cont. # Ignore send redirects net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 # Block SYN attacks net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 2048 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 5 # Log Martians net.ipv4.conf.all.log_martians = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1
Cont. # Ignore ICMP redirects net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv6.conf.default.accept_redirects = 0 # Ignore Directed pings net.ipv4.icmp_echo_ignore_all = 1 • sudo sysctl -p
Prevent IP Spoofing • sudo nano /etc/host.conf order bind,hosts nospoof on
Harden PHP for security • sudo nano /etc/php5/apache2/php.ini disable_functions = exec,system,shell_exec,passthru register_globals = Off expose_php = Off display_errors = Off track_errors = Off html_errors = Off magic_quotes_gpc = Off • sudo /etc/init.d/apache2 restart
Restrict Apache Information Leakage • sudo nano /etc/apache2/conf.d/security ServerTokens Prod ServerSignature Off TraceEnable Off Header unset ETag FileETag None • sudo /etc/init.d/apache2 restart
Restrict Access With /etc/passwd • nano /etc/passwd • sudo usermod -s /usr/sbin/nologin username OR • sudo usermod –L username • sudo usermod –U username
Monitor System Logins • sudo less /var/log/auth.log • last • lastlog
How To Read the "/etc/passwd" File root:x:0:0:root:/root:/bin/bash 1. root: Account username. 2. x: Placeholder for password information. The password is obtained from the "/etc/shadow" file. 3. 0: User ID. Each user has a unique ID that identifies them on the system. The root user is always referenced by user ID 0. 4. 0: Group ID. Each group has a unique group ID. Each user has a "primary" group that is used as the group by default. Again, the root group's ID is always 0. 5. root: Comment field. This field can be used to describe the user or user's function. This can be anything from contact information for the user, to descriptions of the service the account was made for. 6. /root: Home directory. For regular users, this would usually be "/home/username". For root, this is "/root". 7. /bin/bash: User shell. This field contains the shell that will be spawned or the command that will be run when the user logs in.
How To Read the "/etc/shadow" File daemon:*:15455:0:99999:7::: 1. daemon: Account username. 2. *: Salt and hashed password. You can see what this looks like with the root entry above. As noted above, the asterisk signifies that this account cannot be used to log in. 3. 15455: Last password change. This value is measured in days from the Unix "epoch", which is January 1, 1970. 4. 0: Days until password change permitted. 0 in this field means there are no restrictions. 5. 99999: Days until password change required. 99999 means that there is no limit to how long the current password is valid. 6. 7: Days of warning prior to expiration. If there is a password change requirement, this will warn the user to change their password this many days in advance. 7. [blank]The last three fields are used to denote days before the account is made inactive, days since the Epoch when the account expires. The last field is unused.
vsftp • sudo apt-get install vsftpd • sudo nano /etc/vsftpd.conf anonymous_enable=NO local_enable=YES chroot_local_user=YES • mkdir /home/username/files • chown root:root /home/username • sudo service vsftpd restart
fail2ban • sudo apt-get install fail2ban • sudo vi /etc/fail2ban/jail.conf [ssh enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 • sudo /etc/init.d/fail2ban restart • sudo fail2ban-client status
ModSecurity • sudo apt-get install libxml2 libxml2-dev libxml2-utils • sudo apt-get install libaprutil1 libaprutil1-dev • sudo apt-get install libapache-mod-security • sudo mv /etc/modsecurity/modsecurity.conf- recommended /etc/modsecurity/modsecurity.conf
Cont. • sudo nano /etc/modsecurity/modsecurity.conf SecRuleEngine On SecRequestBodyLimit 16384000 SecRequestBodyInMemoryLimit 16384000
ModSecurity-OWASP • cd /tmp • sudo wget -O SpiderLabs-owasp-modsecurity-crs.tar.gz https://github.com/SpiderLabs/owasp-modsecurity- crs/tarball/v2.2.5 • sudo tar -zxvf SpiderLabs-owasp-modsecurity-crs.tar.gz • sudo cp -R SpiderLabs-owasp-modsecurity-crs-*/* /etc/modsecurity/ • sudo rm SpiderLabs-owasp-modsecurity-crs.tar.gz • sudo rm -R SpiderLabs-owasp-modsecurity-crs-* • sudo mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example /etc/modsecurity/modsecurity_crs_10_setup.conf
Cont. • cd /etc/modsecurity/base_rules for f in * ; do sudo ln -s /etc/modsecurity/base_rules/$f /etc/modsecurity/activated_rules/$f ; done • cd /etc/modsecurity/optional_rules for f in * ; do sudo ln -s /etc/modsecurity/optional_rules/$f /etc/modsecurity/activated_rules/$f ; done • sudo nano /etc/apache2/mods-available/mod- security.conf Include "/etc/modsecurity/activated_rules/*.conf“ • sudo a2enmod headers • sudo a2enmod mod-security • sudo /etc/init.d apache2 restart
ModEvasive • sudo mkdir /var/log/mod_evasive • sudo chown www-data:www-data /var/log/mod_evasive/ • sudo nano /etc/apache2/mods-available/mod-evasive.conf <ifmodule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 DOSLogDir /var/log/mod_evasive DOSEmailNotify root@localhost DOSWhitelist 127.0.0.1 </ifmodule> • sudo a2enmod mod-evasive • sudo /etc/init.d/apache2 restart
psad • sudo apt-get install psad
RKHunter and CHKRootKit • sudo apt-get install rkhunter chkrootkit • sudo chkrootkit • sudo rkhunter --update • sudo rkhunter --propupd • sudo rkhunter --check
LogWatch • sudo apt-get install logwatch libdate-manip- perl • sudo logwatch | less
apparmor • sudo apt-get install apparmor apparmor- profiles • sudo apparmor_status
tiger • sudo apt-get install tiger • sudo tiger • sudo less /var/log/tiger/security.report.*

Recommandé

Linux advanced privilege escalation
Linux advanced privilege escalationLinux advanced privilege escalation
Linux advanced privilege escalationJameel Nabbo
 
Lecture1 Introduction
Lecture1 IntroductionLecture1 Introduction
Lecture1 IntroductionMohammed Farrag
 
Exploiting Llinux Environment
Exploiting Llinux EnvironmentExploiting Llinux Environment
Exploiting Llinux EnvironmentEnrico Scapin
 
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security FrameworkLecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security FrameworkMohammed Farrag
 
Fundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege EscalationFundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege Escalationnullthreat
 
FreeBSD Jail Complete Example
FreeBSD Jail Complete ExampleFreeBSD Jail Complete Example
FreeBSD Jail Complete ExampleMohammed Farrag
 
10 Tips for AIX Security
10 Tips for AIX Security10 Tips for AIX Security
10 Tips for AIX SecurityHelpSystems
 
Aide 2014 - Fundamentals of Linux Privilege Escalation
Aide 2014 - Fundamentals of Linux Privilege EscalationAide 2014 - Fundamentals of Linux Privilege Escalation
Aide 2014 - Fundamentals of Linux Privilege Escalationnullthreat
 

Recommandé

Linux advanced privilege escalation
Linux advanced privilege escalationLinux advanced privilege escalation
Linux advanced privilege escalationJameel Nabbo
 
Lecture1 Introduction
Lecture1 IntroductionLecture1 Introduction
Lecture1 IntroductionMohammed Farrag
 
Exploiting Llinux Environment
Exploiting Llinux EnvironmentExploiting Llinux Environment
Exploiting Llinux EnvironmentEnrico Scapin
 
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security FrameworkLecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security FrameworkMohammed Farrag
 
Fundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege EscalationFundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege Escalationnullthreat
 
FreeBSD Jail Complete Example
FreeBSD Jail Complete ExampleFreeBSD Jail Complete Example
FreeBSD Jail Complete ExampleMohammed Farrag
 
10 Tips for AIX Security
10 Tips for AIX Security10 Tips for AIX Security
10 Tips for AIX SecurityHelpSystems
 
Aide 2014 - Fundamentals of Linux Privilege Escalation
Aide 2014 - Fundamentals of Linux Privilege EscalationAide 2014 - Fundamentals of Linux Privilege Escalation
Aide 2014 - Fundamentals of Linux Privilege Escalationnullthreat
 
Introduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation MethodsIntroduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation MethodsBishop Fox
 
[ArabBSD] Unix Basics
[ArabBSD] Unix Basics[ArabBSD] Unix Basics
[ArabBSD] Unix BasicsMohammed Farrag
 
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...Circling Cycle
 
Linux privilege escalation 101
Linux privilege escalation 101Linux privilege escalation 101
Linux privilege escalation 101Rashid feroz
 
Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...wensheng wei
 
Summit demystifying systemd1
Summit demystifying systemd1Summit demystifying systemd1
Summit demystifying systemd1Susant Sahani
 
Install and Configure Ubuntu for Hadoop Installation for beginners
Install and Configure Ubuntu for Hadoop Installation for beginners Install and Configure Ubuntu for Hadoop Installation for beginners
Install and Configure Ubuntu for Hadoop Installation for beginners Shilpa Hemaraj
 
Lecture2 process structure and programming
Lecture2 process structure and programmingLecture2 process structure and programming
Lecture2 process structure and programmingMohammed Farrag
 
Check Your Privilege (Escalation)
Check Your Privilege (Escalation) Check Your Privilege (Escalation)
Check Your Privilege (Escalation) Bishop Fox
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
Systemd mlug-20140614
Systemd mlug-20140614Systemd mlug-20140614
Systemd mlug-20140614Susant Sahani
 
Systemd poettering
Systemd poetteringSystemd poettering
Systemd poetteringSusant Sahani
 
System administration
System administrationSystem administration
System administrationPrakash Poudel
 
An Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentAn Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentMatt Turner
 
Hadoop Installation
Hadoop InstallationHadoop Installation
Hadoop Installationmrinalsingh385
 
Hadoop single cluster installation
Hadoop single cluster installationHadoop single cluster installation
Hadoop single cluster installationMinh Tran
 
Light my-fuse
Light my-fuseLight my-fuse
Light my-fuseWorkhorse Computing
 
Systemd evolution revolution_regression
Systemd evolution revolution_regressionSystemd evolution revolution_regression
Systemd evolution revolution_regressionSusant Sahani
 
Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"Francesco Prior
 
Slug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsSlug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsPaulWay
 
Toy game group project 2
Toy game group project 2Toy game group project 2
Toy game group project 2majorbandgeekmkk
 
áLbum de fotografías
áLbum de fotografíasáLbum de fotografías
áLbum de fotografíasCesar Ivan Luna
 

Contenu connexe

Tendances

Introduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation MethodsIntroduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation MethodsBishop Fox
 
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...Circling Cycle
 
Linux privilege escalation 101
Linux privilege escalation 101Linux privilege escalation 101
Linux privilege escalation 101Rashid feroz
 
Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...wensheng wei
 
Summit demystifying systemd1
Summit demystifying systemd1Summit demystifying systemd1
Summit demystifying systemd1Susant Sahani
 
Install and Configure Ubuntu for Hadoop Installation for beginners
Install and Configure Ubuntu for Hadoop Installation for beginners Install and Configure Ubuntu for Hadoop Installation for beginners
Install and Configure Ubuntu for Hadoop Installation for beginners Shilpa Hemaraj
 
Lecture2 process structure and programming
Lecture2 process structure and programmingLecture2 process structure and programming
Lecture2 process structure and programmingMohammed Farrag
 
Check Your Privilege (Escalation)
Check Your Privilege (Escalation) Check Your Privilege (Escalation)
Check Your Privilege (Escalation) Bishop Fox
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
Systemd mlug-20140614
Systemd mlug-20140614Systemd mlug-20140614
Systemd mlug-20140614Susant Sahani
 
An Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentAn Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentMatt Turner
 
Hadoop single cluster installation
Hadoop single cluster installationHadoop single cluster installation
Hadoop single cluster installationMinh Tran
 
Systemd evolution revolution_regression
Systemd evolution revolution_regressionSystemd evolution revolution_regression
Systemd evolution revolution_regressionSusant Sahani
 
Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"Francesco Prior
 
Slug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsSlug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsPaulWay
 

Tendances (20)

Introduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation MethodsIntroduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation Methods
 
[ArabBSD] Unix Basics
[ArabBSD] Unix Basics[ArabBSD] Unix Basics
[ArabBSD] Unix Basics
 
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
 
Linux privilege escalation 101
Linux privilege escalation 101Linux privilege escalation 101
Linux privilege escalation 101
 
Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...
 
Summit demystifying systemd1
Summit demystifying systemd1Summit demystifying systemd1
Summit demystifying systemd1
 
Install and Configure Ubuntu for Hadoop Installation for beginners
Install and Configure Ubuntu for Hadoop Installation for beginners Install and Configure Ubuntu for Hadoop Installation for beginners
Install and Configure Ubuntu for Hadoop Installation for beginners
 
Lecture2 process structure and programming
Lecture2 process structure and programmingLecture2 process structure and programming
Lecture2 process structure and programming
 
Check Your Privilege (Escalation)
Check Your Privilege (Escalation) Check Your Privilege (Escalation)
Check Your Privilege (Escalation)
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop
 
Systemd mlug-20140614
Systemd mlug-20140614Systemd mlug-20140614
Systemd mlug-20140614
 
Systemd poettering
Systemd poetteringSystemd poettering
Systemd poettering
 
System administration
System administrationSystem administration
System administration
 
An Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentAn Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem Development
 
Hadoop Installation
Hadoop InstallationHadoop Installation
Hadoop Installation
 
Hadoop single cluster installation
Hadoop single cluster installationHadoop single cluster installation
Hadoop single cluster installation
 
Light my-fuse
Light my-fuseLight my-fuse
Light my-fuse
 
Systemd evolution revolution_regression
Systemd evolution revolution_regressionSystemd evolution revolution_regression
Systemd evolution revolution_regression
 
Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"
 
Slug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsSlug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For Sysadmins
 

En vedette

Ciclo y rotación de caja
Ciclo y rotación de cajaCiclo y rotación de caja
Ciclo y rotación de cajaJovazz Martinez
 
Las fuentes de información para la innovación
Las fuentes de información para la innovaciónLas fuentes de información para la innovación
Las fuentes de información para la innovaciónCesar Ivan Luna
 
atlas copco letter of recommendation
atlas copco letter of recommendationatlas copco letter of recommendation
atlas copco letter of recommendationKatie Rooks
 

En vedette (7)

Toy game group project 2
Toy game group project 2Toy game group project 2
Toy game group project 2
 
áLbum de fotografías
áLbum de fotografíasáLbum de fotografías
áLbum de fotografías
 
Karaoke 32222
Karaoke 32222Karaoke 32222
Karaoke 32222
 
Ciclo y rotación de caja
Ciclo y rotación de cajaCiclo y rotación de caja
Ciclo y rotación de caja
 
Tarea de curriculo 2
Tarea de curriculo 2Tarea de curriculo 2
Tarea de curriculo 2
 
Las fuentes de información para la innovación
Las fuentes de información para la innovaciónLas fuentes de información para la innovación
Las fuentes de información para la innovación
 
atlas copco letter of recommendation
atlas copco letter of recommendationatlas copco letter of recommendation
atlas copco letter of recommendation
 

Similaire à Death matchtournament del2014

Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guideCraig Cannon
 
Linux Common Command
Linux Common CommandLinux Common Command
Linux Common CommandJeff Yang
 
Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetOmar Reygaert
 
7 unixsecurity
7 unixsecurity7 unixsecurity
7 unixsecurityricharddxd
 
ManagingLocalLinuxUsersandGroups(2)
ManagingLocalLinuxUsersandGroups(2)ManagingLocalLinuxUsersandGroups(2)
ManagingLocalLinuxUsersandGroups(2)Bipul Kumar
 
Installing odoo v8 from github
Installing odoo v8 from githubInstalling odoo v8 from github
Installing odoo v8 from githubAntony Gitomeh
 
OMFW 2012: Analyzing Linux Kernel Rootkits with Volatlity
OMFW 2012: Analyzing Linux Kernel Rootkits with VolatlityOMFW 2012: Analyzing Linux Kernel Rootkits with Volatlity
OMFW 2012: Analyzing Linux Kernel Rootkits with VolatlityAndrew Case
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawnGábor Nyers
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
Install and configure linux
Install and configure linuxInstall and configure linux
Install and configure linuxVicent Selfa
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 

Similaire à Death matchtournament del2014 (20)

Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guide
 
Linux Common Command
Linux Common CommandLinux Common Command
Linux Common Command
 
RHCE Training
RHCE TrainingRHCE Training
RHCE Training
 
Virtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + PuppetVirtualization and automation of library software/machines + Puppet
Virtualization and automation of library software/machines + Puppet
 
7 unixsecurity
7 unixsecurity7 unixsecurity
7 unixsecurity
 
ManagingLocalLinuxUsersandGroups(2)
ManagingLocalLinuxUsersandGroups(2)ManagingLocalLinuxUsersandGroups(2)
ManagingLocalLinuxUsersandGroups(2)
 
Installing odoo v8 from github
Installing odoo v8 from githubInstalling odoo v8 from github
Installing odoo v8 from github
 
1000 to 0
1000 to 01000 to 0
1000 to 0
 
Linux filesystemhierarchy
Linux filesystemhierarchyLinux filesystemhierarchy
Linux filesystemhierarchy
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhyd
 
Linux privesc.pptx
Linux privesc.pptxLinux privesc.pptx
Linux privesc.pptx
 
Linux
Linux Linux
Linux
 
OMFW 2012: Analyzing Linux Kernel Rootkits with Volatlity
OMFW 2012: Analyzing Linux Kernel Rootkits with VolatlityOMFW 2012: Analyzing Linux Kernel Rootkits with Volatlity
OMFW 2012: Analyzing Linux Kernel Rootkits with Volatlity
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawn
 
Server hardening
Server hardeningServer hardening
Server hardening
 
Install and configure linux
Install and configure linuxInstall and configure linux
Install and configure linux
 
Osquery
OsqueryOsquery
Osquery
 
Unix Security
Unix SecurityUnix Security
Unix Security
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 
Unit 6 adding new users and storage
Unit 6 adding new users and storageUnit 6 adding new users and storage
Unit 6 adding new users and storage
 

Dernier

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Dernier (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

Death matchtournament del2014

  • 1. Kompetisi Keamanan Jaringan Model Death Match Institut Teknologi Del 2014 Team Universitas Sumatera Utara
  • 2. Lynis • wget http://cisofy.com/files/lynis-1.5.9.tar.gz • tar xzvf lynis-1.5.9.tar.gz • chown -R root.root lynis-1.5.9 • cd /lynis-1.5.9 • sudo ./lynis -c OR • sudo ./lynis –c -q • sudo nano /var/log/lynis.log
  • 3. nmap • wget http://nmap.org/dist/nmap-6.46.tgz • sudo apt-get install nmap • sudo nmap -v -sT localhost • sudo nmap -v -sS localhost
  • 4. Secure shared memory • sudo nano /etc/fstab tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0 • sudo reboot
  • 5. SSH hardening • sudo nano /etc/ssh/sshd_config Port 22 Protocol 2 PermitRootLogin no DebianBanner no • sudo /etc/init.d/ssh restart
  • 6. Protect su by limiting access only to admin group • sudo groupadd admin • sudo usermod -a -G admin <YOUR ADMIN USERNAME> • sudo dpkg-statoverride --update --add root admin 4750 /bin/su
  • 7. Harden network with sysctl settings • sudo vi /etc/sysctl.conf # IP Spoofing protection net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # Ignore ICMP broadcast requests net.ipv4.icmp_echo_ignore_broadcasts = 1 # Disable source packet routing net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv6.conf.default.accept_source_route = 0
  • 8. Cont. # Ignore send redirects net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 # Block SYN attacks net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 2048 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 5 # Log Martians net.ipv4.conf.all.log_martians = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1
  • 9. Cont. # Ignore ICMP redirects net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv6.conf.default.accept_redirects = 0 # Ignore Directed pings net.ipv4.icmp_echo_ignore_all = 1 • sudo sysctl -p
  • 10. Prevent IP Spoofing • sudo nano /etc/host.conf order bind,hosts nospoof on
  • 11. Harden PHP for security • sudo nano /etc/php5/apache2/php.ini disable_functions = exec,system,shell_exec,passthru register_globals = Off expose_php = Off display_errors = Off track_errors = Off html_errors = Off magic_quotes_gpc = Off • sudo /etc/init.d/apache2 restart
  • 12. Restrict Apache Information Leakage • sudo nano /etc/apache2/conf.d/security ServerTokens Prod ServerSignature Off TraceEnable Off Header unset ETag FileETag None • sudo /etc/init.d/apache2 restart
  • 13. Restrict Access With /etc/passwd • nano /etc/passwd • sudo usermod -s /usr/sbin/nologin username OR • sudo usermod –L username • sudo usermod –U username
  • 14. Monitor System Logins • sudo less /var/log/auth.log • last • lastlog
  • 15. How To Read the "/etc/passwd" File root:x:0:0:root:/root:/bin/bash 1. root: Account username. 2. x: Placeholder for password information. The password is obtained from the "/etc/shadow" file. 3. 0: User ID. Each user has a unique ID that identifies them on the system. The root user is always referenced by user ID 0. 4. 0: Group ID. Each group has a unique group ID. Each user has a "primary" group that is used as the group by default. Again, the root group's ID is always 0. 5. root: Comment field. This field can be used to describe the user or user's function. This can be anything from contact information for the user, to descriptions of the service the account was made for. 6. /root: Home directory. For regular users, this would usually be "/home/username". For root, this is "/root". 7. /bin/bash: User shell. This field contains the shell that will be spawned or the command that will be run when the user logs in.
  • 16. How To Read the "/etc/shadow" File daemon:*:15455:0:99999:7::: 1. daemon: Account username. 2. *: Salt and hashed password. You can see what this looks like with the root entry above. As noted above, the asterisk signifies that this account cannot be used to log in. 3. 15455: Last password change. This value is measured in days from the Unix "epoch", which is January 1, 1970. 4. 0: Days until password change permitted. 0 in this field means there are no restrictions. 5. 99999: Days until password change required. 99999 means that there is no limit to how long the current password is valid. 6. 7: Days of warning prior to expiration. If there is a password change requirement, this will warn the user to change their password this many days in advance. 7. [blank]The last three fields are used to denote days before the account is made inactive, days since the Epoch when the account expires. The last field is unused.
  • 17. vsftp • sudo apt-get install vsftpd • sudo nano /etc/vsftpd.conf anonymous_enable=NO local_enable=YES chroot_local_user=YES • mkdir /home/username/files • chown root:root /home/username • sudo service vsftpd restart
  • 18. fail2ban • sudo apt-get install fail2ban • sudo vi /etc/fail2ban/jail.conf [ssh enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 • sudo /etc/init.d/fail2ban restart • sudo fail2ban-client status
  • 19. ModSecurity • sudo apt-get install libxml2 libxml2-dev libxml2-utils • sudo apt-get install libaprutil1 libaprutil1-dev • sudo apt-get install libapache-mod-security • sudo mv /etc/modsecurity/modsecurity.conf- recommended /etc/modsecurity/modsecurity.conf
  • 20. Cont. • sudo nano /etc/modsecurity/modsecurity.conf SecRuleEngine On SecRequestBodyLimit 16384000 SecRequestBodyInMemoryLimit 16384000
  • 21. ModSecurity-OWASP • cd /tmp • sudo wget -O SpiderLabs-owasp-modsecurity-crs.tar.gz https://github.com/SpiderLabs/owasp-modsecurity- crs/tarball/v2.2.5 • sudo tar -zxvf SpiderLabs-owasp-modsecurity-crs.tar.gz • sudo cp -R SpiderLabs-owasp-modsecurity-crs-*/* /etc/modsecurity/ • sudo rm SpiderLabs-owasp-modsecurity-crs.tar.gz • sudo rm -R SpiderLabs-owasp-modsecurity-crs-* • sudo mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example /etc/modsecurity/modsecurity_crs_10_setup.conf
  • 22. Cont. • cd /etc/modsecurity/base_rules for f in * ; do sudo ln -s /etc/modsecurity/base_rules/$f /etc/modsecurity/activated_rules/$f ; done • cd /etc/modsecurity/optional_rules for f in * ; do sudo ln -s /etc/modsecurity/optional_rules/$f /etc/modsecurity/activated_rules/$f ; done • sudo nano /etc/apache2/mods-available/mod- security.conf Include "/etc/modsecurity/activated_rules/*.conf“ • sudo a2enmod headers • sudo a2enmod mod-security • sudo /etc/init.d apache2 restart
  • 23. ModEvasive • sudo mkdir /var/log/mod_evasive • sudo chown www-data:www-data /var/log/mod_evasive/ • sudo nano /etc/apache2/mods-available/mod-evasive.conf <ifmodule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 DOSLogDir /var/log/mod_evasive DOSEmailNotify root@localhost DOSWhitelist 127.0.0.1 </ifmodule> • sudo a2enmod mod-evasive • sudo /etc/init.d/apache2 restart
  • 24. psad • sudo apt-get install psad
  • 25. RKHunter and CHKRootKit • sudo apt-get install rkhunter chkrootkit • sudo chkrootkit • sudo rkhunter --update • sudo rkhunter --propupd • sudo rkhunter --check
  • 26. LogWatch • sudo apt-get install logwatch libdate-manip- perl • sudo logwatch | less
  • 27. apparmor • sudo apt-get install apparmor apparmor- profiles • sudo apparmor_status
  • 28. tiger • sudo apt-get install tiger • sudo tiger • sudo less /var/log/tiger/security.report.*