linux audit by kaustubh padwad
TRANSCRIPT
LINUX AUDIT
@S3curityb3ast
#!/bin/bashbash-4.3$ ls
-ltr-rwx-r-x-r-x Kaustubh null 10 oct 5 11:00 Linux Distributions -rwx-r-x-r-x Kaustubh null 10 oct 5 11:05 Linux Architecture -rwx-r-x-r-x Kaustubh null 10 oct 5 11:10 Linux Security-rwx-r-x-r-x Kaustubh null 10 oct 5 11:15 Physical Security-rwx-r-x-r-x Kaustubh null 10 oct 10 11:20 Operating System Security -rwx-r-x-r-x Kaustubh null 10 oct 5 11:25 Network Security -rwx-r-x-r-x Kaustubh null 10 oct 10 11:30 User and group Security-rwx-r-x-r-x Kaustubh null 10 oct 10 11:35 Application Security -rwx-r-x-r-x Kaustubh null 10 oct 10 11:45 Linux security
Linux Distributions
Linux Architecture
USER App
OS Service
Signal to hardware
Linux Kernel Security bash-4.3$ ls
-ltr-rwx-r-x-r-x Kaustubh null 10 oct 5 11:10 Separately Distributed-rwx-r-x-r-x Kaustubh null 10 oct 5 11:10 Uses Module, loadable -rwx-r-x-r-x Kaustubh null 10 oct 5 11:10 Completely compilable-rwx-r-x-r-x Kaustubh null 10 oct 5 11:10 Chances of Buffer overflow-rwx-r-x-r-x Kaustubh null 10 oct 10 11:10 Can harden at Kernel Level-rwx-r-x-r-x Kaustubh null 10 oct 5 11:10 Patched kernel-rwx-r-x-r-x Kaustubh null 10 oct 10 11:10 Secure Linux patch -rwx-r-x-r-x Kaustubh null 10 oct 10 11:10 International kernel patch
Boot Security bash-4.3$ ls –ltr /boot/grub.conf
-rw-------- Kaustubh null 10 oct 5 11:15 grub.conf
bash-4.3$ cat /boot/grub.conf
# initrd /initrd-[generic-]version.img #boot=/dev/sda default=0 timeout=5 password --md5 $1$TNUb/1$TwroGJn4eCd4xsYeGiBYq. splashimage=(hd0,0)/grub/splash.xpm.gz
Operating System Security bash-4.3$ cat
/ossecurity/linuxsec.conf-rwx-r-x-r-x Kaustubh null 10 oct 5 11:20 top –n 1 -b-rwx-r-x-r-x Kaustubh null 10 oct 5 11:20 ps –aux -rwx-r-x-r-x Kaustubh null 10 oct 5 11:20 dpkg –l | rpm –qa -rwx-r-x-r-x Kaustubh null 10 oct 5 11:20 Unnessesary package-rwx-r-x-r-x Kaustubh null 10 oct 10 11:20 Latest packages for services-rwx-r-x-r-x Kaustubh null 10 oct 5 11:10 Patched kernel-rwx-r-x-r-x Kaustubh null 10 oct 10 11:10 dpkg –l | grep kernel
CRON & AT & Logging
Cron :- Job schedule At :-one time job Restrict cron.allow and
cron.denyRestrict at.allow and at.DenySYSLOG
facility.prioritySYSLOG facility.priority action
Network & User Security
-rwx-r-x-r-x Kaustubh null 10 oct 5 11:35 passwd,shadow -rwx-r-x-r-x Kaustubh null 10 oct 5 11:35 MinAge,MaxAge,-rwx-r-x-r-x Kaustubh null 10 oct 5 11:35 Expiry warning, inactive time-rwx-r-x-r-x Kaustubh null 10 oct 5 11:35 Generic account,/bin/false,0 ONLY 1-rwx-r-x-r-x Kaustubh null 10 oct 10 11:35 libpam,libcrypto,-rwx-r-x-r-x Kaustubh null 10 oct 10 11:35 No root,user must SU
-rwx-r-x-r-x Kaustubh null 10 oct 5 11:30 chkconfig –list -rwx-r-x-r-x Kaustubh null 10 oct 5 11:30 xinet services-rwx-r-x-r-x Kaustubh null 10 oct 5 11:30 netstat -tunalp -rwx-r-x-r-x Kaustubh null 10 oct 5 11:30 Default Services-rwx-r-x-r-x Kaustubh null 10 oct 10 11:30 Telnet, FTP vs SSH
User security
Application Security
• Hardening guide for All services are available.
• Linux Server can be use for almost all services
• For Example secure Apache.-rwx-r-x-r-x Kaustubh null 10 oct 5 11:40 Directory restriction-rwx-r-x-r-x Kaustubh null 10 oct 5 11:40 Option none-rwx-r-x-r-x Kaustubh null 10 oct 5 11:40 Banner & signature,token change-rwx-r-x-r-x Kaustubh null 10 oct 5 11:40 mod_Security,keep_alive,Limit_req -rwx-r-x-r-x Kaustubh null 10 oct 10 11:40 mod_evasive-rwx-r-x-r-x Kaustubh null 10 oct 10 11:40 HTTPONLY,Secure,Xframe,unused m
bash-4.3$ ping s3curityb3ast
Ping ME
Pinging S3curityb3ast [Kaustubh Padwad] with 64 bytes of data:Reply from Kaustubh Padwad: bytes=32 time<1ms @S3curityB3astReply from Kaustubh Padwad: bytes=32 time<1ms http://breakthesecsec.comReply from Kaustubh Padwad: bytes=32 time<1ms [email protected] from Kaustubh Padwad: bytes=32 time<1ms youtube hacker kaustubhPing statistics for Kaustubh Padwad: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msControl-C