HDD / HARDWARE
-BACKUPS (Operating Systems / cfg files / Rule Sets)
-Flash BIOS (coreboot / libreboot)
-Encrypt root user directory / encrypt individual users file systems (LUKS / eCryptfs)
-Veracrypt to create hidden encrypted partitions
-Secure kernel parameters & boot options
-USB-port security
----------------------------------------------
SERVICES
-Firewall all access to web-GUIs -- disable access to config files
-Secure Cron Jobs / Windows Events
-Disable Unnecessary services / daemons
-Ensure $path variables are set-in-stone
-Change normal directory of log files & secure their permissions
-Disable access to programming languages for users if NOT needed (access to /user/bin/python3..etc) so that tty shells cant be spawned
-Disable access to programming languages for users if NOT needed (access to /user/bin/python3..etc) so that tty shells cant be spawned
-Other shell escapes (emacs, less, view, more, vim) -- use sudoedit (cant escape)
-Limit text editing in general (cat, cut, awk, sed) --> ANYTHING used to edit a file/write to a file
-Disable username/login to SSH - require key only
----------------------------------------------
-Limit text editing in general (cat, cut, awk, sed) --> ANYTHING used to edit a file/write to a file
-Disable username/login to SSH - require key only
----------------------------------------------
USERS / FILES
-Create ACL with 0 trust ---- edit $PATH variables for users to only very specific programs (restricted shells)
-Disable root account / logins for services (ssh / ftp)
-Stepdown accounts for admin privs
-Secure system log files
-Password policies such as limiting login count to 3
-SEARCH for SUID/SGID bit set files. secure these!!
-Set 'nosuid' on /home partitions && all others. just not /boot or '/'
^^ purpose of having separate partitions
-Extended file attributes (chattr) - keep from important files being overwritten || added users
-The less directories/files root users own the BETTER - meaning if it can be exploited with ROOT privileges
-SEARCH for SUID/SGID bit set files. secure these!!
-Set 'nosuid' on /home partitions && all others. just not /boot or '/'
^^ purpose of having separate partitions
-Extended file attributes (chattr) - keep from important files being overwritten || added users
-The less directories/files root users own the BETTER - meaning if it can be exploited with ROOT privileges
--------------------
user | group | others
rwx | rwx | rwx
421 | 421 | 421
--------------------
777 +2000 = SGID (set group ID)
660 +4000 = SUID (root privs anyone who permissions)
+1000 = STICKY BIT (only allows root/owner to delete/modify)
--------------------
----------------------------------------------
user | group | others
rwx | rwx | rwx
421 | 421 | 421
--------------------
777 +2000 = SGID (set group ID)
660 +4000 = SUID (root privs anyone who permissions)
+1000 = STICKY BIT (only allows root/owner to delete/modify)
--------------------
----------------------------------------------
SECURITY TOOLS
*DISABLE access to cfg files*
-auditd - audits system calls / directories / file executes,reads,writes
-OpenSCAP / Nessus / OpenVAS - will scan system based off of security profiles/protocols and remediate 4 u
-Lynis - will scan file system for misconfigs/vulnz
-Security Onion - opensource SIEM featuring tools like Wazuh / ZUI
-Snort & Suricata - IDS / IPS
-opnSENSE & pfSENSe - opensource router & firewalls with many security add-ons
-AIDE (HIDS) - file and directory integrity checker
-Crowdsec - HIDS
-Chainsaw - threat hunting tool based off of SIGMA ruleset
----------------------------------------------
ROUTER/FIREWALL/IDS RULES
-Disable ICMP replies --> Detect Nmap
-YARA / SIGMA rulesets
-Change ports / fingerprints of internet-facing services
-Security in layers
-MiTM detection
-DNS spoofing / typo squatting
-Login counts / unsuccessful logins
-Disable access to internet facing services unless specified IP address / MAC address control
-Hardened against IP/MAC address spoofing
-Only allow specified IP addresses to connect to web services (firewall GUI/router)
