Tag: blueteam

Hardening, nginx

Nginx Hardening & Security Script

Tested on Debian 9.x https://github.com/maldevel/blue-team Hide nginx version sed -i "s/# server_tokens off;/server_tokens off;/g" /etc/nginx/nginx.confsed -i "s/# server_tokens off;/server_tokens off;/g" /etc/nginx/nginx.conf Remove ETags sed -i ‘s/server_tokens off;/server_tokens off;\netag off;/’ /etc/nginx/nginx.confsed -i ‘s/server_tokens off;/server_tokens off;\netag off;/’ /etc/nginx/nginx.conf Remove default page echo "" > /var/www/html/index.htmlecho "" > /var/www/html/index.html Use strong cipher suites sed -i "s/ssl_prefer_server_ciphers on;/ssl_prefer_server_ciphers on;\nssl_ciphers …

Hardening, OpenSSH

SSH Hardening & Security Script

Tested on Debian 9.x https://github.com/maldevel/blue-team Set /etc/ssh/sshd_config ownership and access permissions chown root:root /etc/ssh/sshd_config chmod 600 /etc/ssh/sshd_configchown root:root /etc/ssh/sshd_config chmod 600 /etc/ssh/sshd_config Change Port sed -i "s/#Port 22/Port 62111/g" /etc/ssh/sshd_configsed -i "s/#Port 22/Port 62111/g" /etc/ssh/sshd_config Use Protocol 2 echo "Protocol 2" >> /etc/ssh/sshd_configecho "Protocol 2" >> /etc/ssh/sshd_config Set SSH LogLevel to INFO sed -i "/LogLevel.*/s/^#//g" …

Hardening, Network

Network Hardening & Security Script

Tested on Debian 9.x https://github.com/maldevel/blue-team Disable IP forwarding sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/" /etc/sysctl.conf sysctl -w net.ipv4.ip_forward=0sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/" /etc/sysctl.conf sysctl -w net.ipv4.ip_forward=0 Disable packet redirect sending sed -i "/net.ipv4.conf.all.send_redirects.*/s/^#//g" /etc/sysctl.conf echo "net.ipv4.conf.default.send_redirects=0" >> /etc/sysctl.conf sysctl -w net.ipv4.conf.all.send_redirects=0 sysctl -w net.ipv4.conf.default.send_redirects=0sed -i "/net.ipv4.conf.all.send_redirects.*/s/^#//g" /etc/sysctl.conf echo "net.ipv4.conf.default.send_redirects=0" >> /etc/sysctl.conf sysctl -w net.ipv4.conf.all.send_redirects=0 sysctl -w net.ipv4.conf.default.send_redirects=0 Disable source routed …

Hardening, IPTables

Basic iptables security script

Tested on Debian 9.x https://github.com/maldevel/blue-team Install iptables apt -y install iptablesapt -y install iptables Install iptables-persistent apt -y install iptables-persistent systemctl enable netfilter-persistentapt -y install iptables-persistent systemctl enable netfilter-persistent Flush/Delete firewall rules iptables -F iptables -X iptables -Ziptables -F iptables -X iptables -Z Î’lock null packets (DoS) iptables -A INPUT -p tcp –tcp-flags ALL NONE …

Hardening, Linux

Linux Users Hardening & Security Script

Tested on Debian 9.x https://github.com/maldevel/blue-team Set Maximum number of days a password may be used sed -i "s/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/" /etc/login.defssed -i "s/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/" /etc/login.defs Set Minimum number of days allowed between password changes to 5 sed -i "s/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 5/" /etc/login.defssed -i "s/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 5/" /etc/login.defs Set Number of days warning given before a password expires sed …

Apache, Hardening

Apache Web Server Hardening & Security Script

Tested on Debian 9.x https://github.com/maldevel/blue-team Become root sudo su -sudo su – Hide Apache2 version echo "ServerSignature Off" >> /etc/apache2/apache2.conf echo "ServerTokens Prod" >> /etc/apache2/apache2.confecho "ServerSignature Off" >> /etc/apache2/apache2.conf echo "ServerTokens Prod" >> /etc/apache2/apache2.conf Remove ETags echo "FileETag None" >> /etc/apache2/apache2.confecho "FileETag None" >> /etc/apache2/apache2.conf Disable Directory Browsing a2dismod -f autoindexa2dismod -f autoindex Remove default …