diff --git a/content/posts/guides/system-hardening.md b/content/posts/guides/system-hardening.md index 41b3dec..9d3943d 100644 --- a/content/posts/guides/system-hardening.md +++ b/content/posts/guides/system-hardening.md @@ -1,14 +1,20 @@ --- -draft: yes title: Preventing Hacks author: Hyperling -date: TBD +date: 2025-11-13 T21:00:00-07:00 tags: - - tbd + - tech + - hacking + - cracking + - exploit + - networking + - lynis + - nmap + - metasploit categories: - - tbd + - guides series: - - tbd + - sysadmin # TBD/TODO: Is the theme oreventing this from working properly? toc: true toc_start_level: 3 @@ -25,23 +31,29 @@ Local testing suite which not only tests for security weaknesses, but also that #### Install -``` -$ sudo su - -# git clone https://github.com/CISOfy/lynis lynis -# chmod -R 644 lynis -# chmod 755 lynis/lynis +This program is best installed as root. + +``` bash +sudo su - +git clone https://github.com/CISOfy/lynis /opt/lynis +chmod -R 644 /opt/lynis +chmod 755 /opt/lynis/lynis ``` #### Testing -``` -# /root/lynis/lynis audit system +It is also best run as root, and executed from the install directory. + +``` bash +sudo su - +cd /opt/lynis +./lynis audit system ``` -If placing the contents into a file, you'll want to disable the colors. +If placing the contents into a file, you'll want to disable the colors to prevent unreadable special characters meant for terminal output. -``` -# lynis audit system --no-colors > /root/lynix_results.txt 2>&1 +``` bash +./lynis audit system --no-colors > /root/lynis_results.txt 2>&1 ``` ### NMap @@ -53,32 +65,32 @@ If placing the contents into a file, you'll want to disable the colors. Install `nmap` from your package manager. - Debian Distros - ``` - $ sudo apt update && sudo apt install -y nmap + ``` bash + sudo apt update && sudo apt install -y nmap ``` - Fedora Distros - ``` - $ sudo dnf install -y nmap + ``` bash + sudo dnf install -y nmap ``` - Arch Distros - ``` - $ sudo pacman -Syq nmap + ``` bash + sudo pacman -Syq nmap ``` #### Testing **Never run the `-A` parameter against an unsuspecting system.** -Run this command to get a good summary of ports with an attackable surface. +Run this command to get a detailed summary of ports with an attackable surface: -``` -$ nmap -A -p- --script=vuln server_or_IP +``` bash +nmap -A -p- --script=vuln server_or_IP ``` -To simply see the open ports on a device, you may use the `--open` parameter. +To simply see the open ports on a device, you may use the `--open` parameter: -``` -$ nmap --open server_or_IP +``` bash +nmap --open server_or_IP ``` This program executes more quickly if run from the local machine by using `localhost`, `127.0.0.1`, `0.0.0.0`, etc. @@ -87,17 +99,17 @@ If you'd like the output saved into a file, pipe it with `>` to your desired dir For example, to place a local vulnerability scan into your Downloads directory: -``` -$ nmap -A -p- --script=vuln localhost > ~/Downloads/nmap_report.txt 2>&1 +``` bash +nmap -A -p- --script=vuln localhost > ~/Downloads/nmap_report.txt 2>&1 ``` #### Resolving Discoveries If any vulnerabilities show up they usually come with a CVE which can be researched, such as `CVE-2007-6750`. -There are many reputable sites which come up when placing this in a search engine. [`cve.org`](https://www.cve.org]) is also supposed to be a centralized repository, +There are many reputable sites which come up when placing this in a search engine. [`cve.org`](https://www.cve.org]) is also supposed to be a good centralized repository, -Here's an example for the provided ID. +Here are examples for the provided ID. - [https://www.suse.com/security/cve/CVE-2007-6750.html](https://www.suse.com/security/cve/CVE-2007-6750.html) - [https://www.cve.org/CVERecord?id=CVE-2007-6750](https://www.cve.org/CVERecord?id=CVE-2007-6750) @@ -110,6 +122,10 @@ Most vulnerabilities are fixed by upgrading software, migrating to safer softwar I recommend playing with Metasploit if you have extra time so that you can learn how easy it is to penetrate an exploit once it is found with NMap. +- [https://www.metasploit.com/](https://www.metasploit.com/) + Please be sure to test against your own machines, such as setting up a VM running an old Ubuntu LTS, starting up some services like CUPS, SSH, Apache, etc. There are also VMs available such as Metasplotable 2 and 3 which come with the attack surfaces already set up for you. + +This what "script kiddies" use to crack systems and "hack" people. From my experience it makes the process very easy.