Forwarded from PRIVATE UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Checking the password policy :
1) Accounts with an empty password
During the audit, you need to make sure that the system does not have or has blocked accounts that allow you to enter the system without entering a password. This rule can be checked with the command:
# cat / etc / shadow | awk -F: ($ 2 == ββ) {print $ 1} '
2) Password complexity check
During the audit, it is necessary to check the password complexity settings in order to reduce the risk of password attacks using brute force (brute force) or dictionary matching. To set this rule in the system you must use authentication plugins (PAM).
The auditor can check the corresponding setting in the configuration file:
# vi /etc/pam.d/system-auth
3) Checking the password age
During the audit, you need to check the password expiration setting. To check the password expiration, use the change command . This command displays detailed information about the password expiration date, as well as the date it was last changed.
The following command is used to view information about the βageβ of passwords:
#chage -l username
To change the password expiration time for a specific user, use the commands listed below:
#chage -M 60 username
#chage -M 60 -m 7 -W 7 userName
Parameters ( to set the password expiration date):
-M - maximum validity period in days.
-m is the minimum validity in days.
-W - setting the warning in days.
4) Using duplicate passwords
The authorization settings in the system must comply with the password policy. The file containing the password history is located in / etc / security / opasswd. For verification, you must perform the following steps:
for RHEL: open the file '/etc/pam.d/system-auth':
# vi /etc/pam.d/system-auth
for Ubuntu / Debian / Linux Mint: open the file '/ etc /pam.d/common-password ':
# vi /etc/pam.d/common-password
Add the following line to the' auth 'section:
auth sufficient pam_unix.so likeauthnullok
To prevent the last six passwords from being used, add the following line:
Password sufficient pam_unix. so nullokuse_authtok md5 shadow remember = 6
After executing the command, the system will store a history of the previous six passwords, and if any user tries to update the password using any of the last six, he will receive an error message.
5) Secure connection settings
Remote connection protocols to the Telnet and Rlogin system are very old and vulnerable, due to the transmission of the password over the network in unencrypted form. For dedicated and secure connections, the Secure Shell (SSH) protocol must be used . The auditor also needs to make sure that the root login option is disabled, the default SSH port is changed, remote access is allowed only for specific authorized users. Checked settings are located in the SSH configuration file:
> # vi / etc / ssh / sshd_config
6) Logging on as root (root login)
During the audit, the auditor should check the prohibition of remote login with root privileges.
# PermitRootLogin = yes
7) Verification of SSH service account login
During the audit, the auditor should check the service account with a passwordless SSH login value. Typically, system administrators use this feature for programmed backups, transferring files, and running scripts in remote control mode.
Check your sshd_config settings (/ etc / ssh / sshd_config) are correct one last time.
# PermitRootLogin without-password
# RSAAuthentication = yes
# PubkeyAuthentication = yes
8) Checking access lists in Denyhosts and Fail2ban
During the audit, you need to check the settings of the DenyHosts and Fail2ban access lists . These are scripts used to monitor and analyze SSH access logs and to protect against attacks by brute force passwords.
π¦ Features DenyHosts:
saves and tracks the logs from the / var / log / secure file , noting all successful and unsuccessful login attempts, and filters them.
monitors failed login attempts
sends an email notification of blocked hosts and suspicious login attempts
1) Features of Fail2ban:
π¦ Checking the password policy :
1) Accounts with an empty password
During the audit, you need to make sure that the system does not have or has blocked accounts that allow you to enter the system without entering a password. This rule can be checked with the command:
# cat / etc / shadow | awk -F: ($ 2 == ββ) {print $ 1} '
2) Password complexity check
During the audit, it is necessary to check the password complexity settings in order to reduce the risk of password attacks using brute force (brute force) or dictionary matching. To set this rule in the system you must use authentication plugins (PAM).
The auditor can check the corresponding setting in the configuration file:
# vi /etc/pam.d/system-auth
3) Checking the password age
During the audit, you need to check the password expiration setting. To check the password expiration, use the change command . This command displays detailed information about the password expiration date, as well as the date it was last changed.
The following command is used to view information about the βageβ of passwords:
#chage -l username
To change the password expiration time for a specific user, use the commands listed below:
#chage -M 60 username
#chage -M 60 -m 7 -W 7 userName
Parameters ( to set the password expiration date):
-M - maximum validity period in days.
-m is the minimum validity in days.
-W - setting the warning in days.
4) Using duplicate passwords
The authorization settings in the system must comply with the password policy. The file containing the password history is located in / etc / security / opasswd. For verification, you must perform the following steps:
for RHEL: open the file '/etc/pam.d/system-auth':
# vi /etc/pam.d/system-auth
for Ubuntu / Debian / Linux Mint: open the file '/ etc /pam.d/common-password ':
# vi /etc/pam.d/common-password
Add the following line to the' auth 'section:
auth sufficient pam_unix.so likeauthnullok
To prevent the last six passwords from being used, add the following line:
Password sufficient pam_unix. so nullokuse_authtok md5 shadow remember = 6
After executing the command, the system will store a history of the previous six passwords, and if any user tries to update the password using any of the last six, he will receive an error message.
5) Secure connection settings
Remote connection protocols to the Telnet and Rlogin system are very old and vulnerable, due to the transmission of the password over the network in unencrypted form. For dedicated and secure connections, the Secure Shell (SSH) protocol must be used . The auditor also needs to make sure that the root login option is disabled, the default SSH port is changed, remote access is allowed only for specific authorized users. Checked settings are located in the SSH configuration file:
> # vi / etc / ssh / sshd_config
6) Logging on as root (root login)
During the audit, the auditor should check the prohibition of remote login with root privileges.
# PermitRootLogin = yes
7) Verification of SSH service account login
During the audit, the auditor should check the service account with a passwordless SSH login value. Typically, system administrators use this feature for programmed backups, transferring files, and running scripts in remote control mode.
Check your sshd_config settings (/ etc / ssh / sshd_config) are correct one last time.
# PermitRootLogin without-password
# RSAAuthentication = yes
# PubkeyAuthentication = yes
8) Checking access lists in Denyhosts and Fail2ban
During the audit, you need to check the settings of the DenyHosts and Fail2ban access lists . These are scripts used to monitor and analyze SSH access logs and to protect against attacks by brute force passwords.
π¦ Features DenyHosts:
saves and tracks the logs from the / var / log / secure file , noting all successful and unsuccessful login attempts, and filters them.
monitors failed login attempts
sends an email notification of blocked hosts and suspicious login attempts
1) Features of Fail2ban:
Forwarded from PRIVATE UNDERCODE
2) Saves and tracks logs from the files / var / log / secure and /var/log/auth.log , / var / log / pwdfail
highly customizable and multithreaded
monitors log files on a regular basis
Written by Underc0de
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
highly customizable and multithreaded
monitors log files on a regular basis
Written by Underc0de
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from PRIVATE UNDERCODE
12) Checking CRON Jobs Automatically
The auditor should check who is allowed and forbidden to perform tasks in cron. Access to cron is controlled using the /etc/cron.allow and /etc/cron.deny files .
# echo ALL >> / etc / cron.deny
13) Checking SELINUX Forced Security
During the audit, it is important to check the status of SELinux . This mechanism must be enabled in the system.
There are three SELinux modes :
Enforcing: SELinux policy is enforced. SELinux denies access based on SELinux policy rules.
Permissive: SELinux policy is not forced. SELinux does not block access, but bans are logged as actions that would be banned if the policy were enforced.
Disabled: SELinux is disabled. Only discrete DAC rules are used.
During the audit, you can use the following script to check SELinux status or use the system-configselinux, getenforce, or sestatus commands:
ENABLED =
if [β $ ENABLED β== 1]; then
echo βSELinux is enabled, disable? (yes / no): β
read disable
if [$ disable ==β yes β]; then
echo βdisabling selinuxβ
setenforce 0
fi
fi
π¦ LBSA script for checking basic security options
LBSA (Linux Basic Security Audit script) is a basic security configuration audit script for Linux systems. The script should be run from the command line with root privileges , or ideally run on a schedule on a regular basis using the cron scheduler to systematically check configuration changes.
Β» The purpose of this script is an express audit of security settings and uploading a report with a description of possible parameters that can be changed to provide a higher degree of security. In the case, if there are no recommendations for any option, the script simply displays one line with working out the check, and the final decision is always up to the administrator. Before starting the test, the developers strongly recommend that you read the manual and study the recommended sections for more information.
Written by Underc0de
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
The auditor should check who is allowed and forbidden to perform tasks in cron. Access to cron is controlled using the /etc/cron.allow and /etc/cron.deny files .
# echo ALL >> / etc / cron.deny
13) Checking SELINUX Forced Security
During the audit, it is important to check the status of SELinux . This mechanism must be enabled in the system.
There are three SELinux modes :
Enforcing: SELinux policy is enforced. SELinux denies access based on SELinux policy rules.
Permissive: SELinux policy is not forced. SELinux does not block access, but bans are logged as actions that would be banned if the policy were enforced.
Disabled: SELinux is disabled. Only discrete DAC rules are used.
During the audit, you can use the following script to check SELinux status or use the system-configselinux, getenforce, or sestatus commands:
ENABLED =
cat / selinux / enforceif [β $ ENABLED β== 1]; then
echo βSELinux is enabled, disable? (yes / no): β
read disable
if [$ disable ==β yes β]; then
echo βdisabling selinuxβ
setenforce 0
fi
fi
π¦ LBSA script for checking basic security options
LBSA (Linux Basic Security Audit script) is a basic security configuration audit script for Linux systems. The script should be run from the command line with root privileges , or ideally run on a schedule on a regular basis using the cron scheduler to systematically check configuration changes.
Β» The purpose of this script is an express audit of security settings and uploading a report with a description of possible parameters that can be changed to provide a higher degree of security. In the case, if there are no recommendations for any option, the script simply displays one line with working out the check, and the final decision is always up to the administrator. Before starting the test, the developers strongly recommend that you read the manual and study the recommended sections for more information.
Written by Underc0de
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from TARJETAS PRO UNDER CARDING
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from TARJETAS PRO UNDER CARDING
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from TARJETAS PRO UNDER CARDING
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from TARJETAS PRO UNDER CARDING
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from TARJETAS PRO UNDER CARDING
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from TARJETAS PRO UNDER CARDING
π¦ Bin For Facebook Ads 40$ (work in ig nd twitter too)
536483xxxxxxxxx
Ip: usa
> how use bin : https://t.me/UnderCodeTesting/3768
> cc generators 2020 : https://t.me/UnderCodeTesting/34114
536483xxxxxxxxx
Ip: usa
> how use bin : https://t.me/UnderCodeTesting/3768
> cc generators 2020 : https://t.me/UnderCodeTesting/34114