Tag: linux

Hardening, nginx

Nginx Hardening & Security Script

Tested on Debian 9.x https://github.com/maldevel/blue-team Hide nginx version sed -i "s/# server_tokens off;/server_tokens off;/g" /etc/nginx/nginx.confsed -i "s/# server_tokens off;/server_tokens off;/g" /etc/nginx/nginx.conf Remove ETags sed -i ‘s/server_tokens off;/server_tokens off;\netag off;/’ /etc/nginx/nginx.confsed -i ‘s/server_tokens off;/server_tokens off;\netag off;/’ /etc/nginx/nginx.conf Remove default page echo "" > /var/www/html/index.htmlecho "" > /var/www/html/index.html Use strong cipher suites sed -i "s/ssl_prefer_server_ciphers on;/ssl_prefer_server_ciphers on;\nssl_ciphers …

Hardening, OpenSSH

SSH Hardening & Security Script

Tested on Debian 9.x https://github.com/maldevel/blue-team Set /etc/ssh/sshd_config ownership and access permissions chown root:root /etc/ssh/sshd_config chmod 600 /etc/ssh/sshd_configchown root:root /etc/ssh/sshd_config chmod 600 /etc/ssh/sshd_config Change Port sed -i "s/#Port 22/Port 62111/g" /etc/ssh/sshd_configsed -i "s/#Port 22/Port 62111/g" /etc/ssh/sshd_config Use Protocol 2 echo "Protocol 2" >> /etc/ssh/sshd_configecho "Protocol 2" >> /etc/ssh/sshd_config Set SSH LogLevel to INFO sed -i "/LogLevel.*/s/^#//g" …

Hardening, Network

Network Hardening & Security Script

Tested on Debian 9.x https://github.com/maldevel/blue-team Disable IP forwarding sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/" /etc/sysctl.conf sysctl -w net.ipv4.ip_forward=0sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/" /etc/sysctl.conf sysctl -w net.ipv4.ip_forward=0 Disable packet redirect sending sed -i "/net.ipv4.conf.all.send_redirects.*/s/^#//g" /etc/sysctl.conf echo "net.ipv4.conf.default.send_redirects=0" >> /etc/sysctl.conf sysctl -w net.ipv4.conf.all.send_redirects=0 sysctl -w net.ipv4.conf.default.send_redirects=0sed -i "/net.ipv4.conf.all.send_redirects.*/s/^#//g" /etc/sysctl.conf echo "net.ipv4.conf.default.send_redirects=0" >> /etc/sysctl.conf sysctl -w net.ipv4.conf.all.send_redirects=0 sysctl -w net.ipv4.conf.default.send_redirects=0 Disable source routed …

Hardening, IPTables

Basic iptables security script

Tested on Debian 9.x https://github.com/maldevel/blue-team Install iptables apt -y install iptablesapt -y install iptables Install iptables-persistent apt -y install iptables-persistent systemctl enable netfilter-persistentapt -y install iptables-persistent systemctl enable netfilter-persistent Flush/Delete firewall rules iptables -F iptables -X iptables -Ziptables -F iptables -X iptables -Z Î’lock null packets (DoS) iptables -A INPUT -p tcp –tcp-flags ALL NONE …

Hardening, Linux

Linux Users Hardening & Security Script

Tested on Debian 9.x https://github.com/maldevel/blue-team Set Maximum number of days a password may be used sed -i "s/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/" /etc/login.defssed -i "s/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/" /etc/login.defs Set Minimum number of days allowed between password changes to 5 sed -i "s/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 5/" /etc/login.defssed -i "s/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 5/" /etc/login.defs Set Number of days warning given before a password expires sed …

Apache, Hardening

Apache Web Server Hardening & Security Script

Tested on Debian 9.x https://github.com/maldevel/blue-team Become root sudo su -sudo su – Hide Apache2 version echo "ServerSignature Off" >> /etc/apache2/apache2.conf echo "ServerTokens Prod" >> /etc/apache2/apache2.confecho "ServerSignature Off" >> /etc/apache2/apache2.conf echo "ServerTokens Prod" >> /etc/apache2/apache2.conf Remove ETags echo "FileETag None" >> /etc/apache2/apache2.confecho "FileETag None" >> /etc/apache2/apache2.conf Disable Directory Browsing a2dismod -f autoindexa2dismod -f autoindex Remove default …

Encryption, LUKS

Create an encrypted file container in Linux

Installations sudo apt-get install cryptsetupsudo apt-get install cryptsetup Create an empty file with the size of your container (e.g. 100MB) fallocate -l 100M mycontainer.imgfallocate -l 100M mycontainer.img or dd if=/dev/urandom of=mycontainer.img bs=1M count=100dd if=/dev/urandom of=mycontainer.img bs=1M count=100 Using a keyfile dd if=/dev/urandom of=mykey.key bs=1024 count=1dd if=/dev/urandom of=mykey.key bs=1024 count=1 Encrypting disk image file sudo cryptsetup …

Debian, Django, Python

Apache2 and Django installation on Debian

Install Apache2 sudo apt-get install apache2 -y sudo rm -f /var/www/html/index.html && sudo touch /var/www/html/index.html sudo a2enmod ssl sudo a2ensite default-ssl sudo service apache2 restartsudo apt-get install apache2 -y sudo rm -f /var/www/html/index.html && sudo touch /var/www/html/index.html sudo a2enmod ssl sudo a2ensite default-ssl sudo service apache2 restart Install Python 3 sudo apt-get install python3 -y …

Debian, Linux

Sublime editor on Debian

Installation https://www.sublimetext.com/3 sudo dpkg -i sublime-text_build-xxxx_amd64.debsudo dpkg -i sublime-text_build-xxxx_amd64.deb Dracula Theme https://draculatheme.com/sublime/ Preferences -> Color Scheme -> Dracula Color Scheme -> Dracula CamingoCode Font https://www.fontsquirrel.com/fonts/camingocode sudo cp -r /home/username/Downloads/camingocode /usr/local/share/ sudo fc-cache -fvsudo cp -r /home/username/Downloads/camingocode /usr/local/share/ sudo fc-cache -fv Restart sublime if it is already open. Preferences -> Settings -> { "color_scheme": "Packages/Dracula Color …