me/hugo-recipes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Finish the system hardening guide.

Browse Source
This commit is contained in:
Hyperling
2025-11-13 20:45:05 -07:00
parent 0120f08a06
commit 5e167e8403
1 changed files with 47 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
content/posts/guides/system-hardening.md
View File

@@ -1,14 +1,20 @@
--- ---
draft: yes
title: Preventing Hacks title: Preventing Hacks
author: Hyperling author: Hyperling
date: TBD date: 2025-11-13 T21:00:00-07:00
tags: tags:
- tbd - tech
- hacking
- cracking
- exploit
- networking
- lynis
- nmap
- metasploit
categories: categories:
- tbd - guides
series: series:
- tbd - sysadmin
# TBD/TODO: Is the theme oreventing this from working properly? # TBD/TODO: Is the theme oreventing this from working properly?
toc: true toc: true
toc_start_level: 3 toc_start_level: 3
@@ -25,23 +31,29 @@ Local testing suite which not only tests for security weaknesses, but also that
#### Install #### Install
``` This program is best installed as root.
$ sudo su -
# git clone https://github.com/CISOfy/lynis lynis ``` bash
# chmod -R 644 lynis sudo su -
# chmod 755 lynis/lynis git clone https://github.com/CISOfy/lynis /opt/lynis
chmod -R 644 /opt/lynis
chmod 755 /opt/lynis/lynis
``` ```
#### Testing #### Testing
``` It is also best run as root, and executed from the install directory.
# /root/lynis/lynis audit system
``` bash
sudo su -
cd /opt/lynis
./lynis audit system
``` ```
If placing the contents into a file, you'll want to disable the colors. If placing the contents into a file, you'll want to disable the colors to prevent unreadable special characters meant for terminal output.
``` ``` bash
# lynis audit system --no-colors > /root/lynix_results.txt 2>&1 ./lynis audit system --no-colors > /root/lynis_results.txt 2>&1
``` ```
### NMap ### NMap
@@ -53,32 +65,32 @@ If placing the contents into a file, you'll want to disable the colors.
Install `nmap` from your package manager. Install `nmap` from your package manager.
- Debian Distros - Debian Distros
``` ``` bash
$ sudo apt update && sudo apt install -y nmap sudo apt update && sudo apt install -y nmap
``` ```
- Fedora Distros - Fedora Distros
``` ``` bash
$ sudo dnf install -y nmap sudo dnf install -y nmap
``` ```
- Arch Distros - Arch Distros
``` ``` bash
$ sudo pacman -Syq nmap sudo pacman -Syq nmap
``` ```
#### Testing #### Testing
**Never run the `-A` parameter against an unsuspecting system.** **Never run the `-A` parameter against an unsuspecting system.**
Run this command to get a good summary of ports with an attackable surface. Run this command to get a detailed summary of ports with an attackable surface:
``` ``` bash
$ nmap -A -p- --script=vuln server_or_IP nmap -A -p- --script=vuln server_or_IP
``` ```
To simply see the open ports on a device, you may use the `--open` parameter. To simply see the open ports on a device, you may use the `--open` parameter:
``` ``` bash
$ nmap --open server_or_IP nmap --open server_or_IP
``` ```
This program executes more quickly if run from the local machine by using `localhost`, `127.0.0.1`, `0.0.0.0`, etc. This program executes more quickly if run from the local machine by using `localhost`, `127.0.0.1`, `0.0.0.0`, etc.
@@ -87,17 +99,17 @@ If you'd like the output saved into a file, pipe it with `>` to your desired dir
For example, to place a local vulnerability scan into your Downloads directory: For example, to place a local vulnerability scan into your Downloads directory:
``` ``` bash
$ nmap -A -p- --script=vuln localhost > ~/Downloads/nmap_report.txt 2>&1 nmap -A -p- --script=vuln localhost > ~/Downloads/nmap_report.txt 2>&1
``` ```
#### Resolving Discoveries #### Resolving Discoveries
If any vulnerabilities show up they usually come with a CVE which can be researched, such as `CVE-2007-6750`. If any vulnerabilities show up they usually come with a CVE which can be researched, such as `CVE-2007-6750`.
There are many reputable sites which come up when placing this in a search engine. [`cve.org`](https://www.cve.org]) is also supposed to be a centralized repository, There are many reputable sites which come up when placing this in a search engine. [`cve.org`](https://www.cve.org]) is also supposed to be a good centralized repository,
Here's an example for the provided ID. Here are examples for the provided ID.
- [https://www.suse.com/security/cve/CVE-2007-6750.html](https://www.suse.com/security/cve/CVE-2007-6750.html) - [https://www.suse.com/security/cve/CVE-2007-6750.html](https://www.suse.com/security/cve/CVE-2007-6750.html)
- [https://www.cve.org/CVERecord?id=CVE-2007-6750](https://www.cve.org/CVERecord?id=CVE-2007-6750) - [https://www.cve.org/CVERecord?id=CVE-2007-6750](https://www.cve.org/CVERecord?id=CVE-2007-6750)
@@ -110,6 +122,10 @@ Most vulnerabilities are fixed by upgrading software, migrating to safer softwar
I recommend playing with Metasploit if you have extra time so that you can learn how easy it is to penetrate an exploit once it is found with NMap. I recommend playing with Metasploit if you have extra time so that you can learn how easy it is to penetrate an exploit once it is found with NMap.
- [https://www.metasploit.com/](https://www.metasploit.com/)
Please be sure to test against your own machines, such as setting up a VM running an old Ubuntu LTS, starting up some services like CUPS, SSH, Apache, etc. Please be sure to test against your own machines, such as setting up a VM running an old Ubuntu LTS, starting up some services like CUPS, SSH, Apache, etc.
There are also VMs available such as Metasplotable 2 and 3 which come with the attack surfaces already set up for you. There are also VMs available such as Metasplotable 2 and 3 which come with the attack surfaces already set up for you.
This what "script kiddies" use to crack systems and "hack" people. From my experience it makes the process very easy.