GitHub - fe1a/cyb-pat-scripts-etc: Cyber Patriots scripts and other stuff

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
README		README
disable_rooot.sh		disable_rooot.sh
disable_services.bat		disable_services.bat
non-work.bat		non-work.bat
pass_hist.bat		pass_hist.bat
some_files.sh		some_files.sh
update.sh		update.sh

Repository files navigation

* Check Authorized Users
* Secure passwords
* Enable firewalls
* Fix any known browser issues
* Disable unnessecary services
* Install antivirus
* Look for any violating media
 - cd /home
 - sudo ls -Ra *
* Disable root login
* Secure SSH
 - MaxAuthTries
 - PermitUserEnvironment no
* Disable Guest
 - /etc/lightdm/lightdm.conf
* Check User Privelege level
* Open update channels
* Update the system
* Add firewall rules
* Change password min and max age
 - /etc/login.defs
* Change password length requirement
 - /etc/pam.d/common-password
 - minlen=8 remember=5 (at EOL pam_unix)
* Account Lockout Policy
 - /etc/pam.d/common-auth
 - deny=5 unlock_time=1800 (at EOL of pam_tally2)
* Check Ports
 - sudo ss -ln
 - sudo lsof -i :$port
 - dpkg -S $location
 - rm $location (if needed)
* Change Default Browser
* Remove Unnessecary Programs
* Disable ip forwarding & ip spoofing
* Upgrade kernel and bash if required
* /tmp as partition
 - mount | grep /tmp
 - systemctl enable tmp.mount
* Disable CD mounting (UDF)
 - /etc/modprobe.d/CIS.conf
 - install udf /bin/true
* Disable automount
 - ls /etc/rc*.d | grep autofs  //no S*
 - update-rc.d autofs disable
* Disable rsh
 - grep ^shell /etc/inetd.conf
 - grep ^login /etc/inetd.conf
 - grep ^exec /etc/inetd.conf
 - apt-get purge rsh-client rsh-reload-client
* Disable Print System (if needed)
 - systemctl disable cups
* Configure NTP time correctly
* Disable NFS and RPC (if enabled)
 - ls /etc/rc*.d | grep rpcbind
 - ls /etc/rc*.d | grep nfs-kernel-server
 - update-rc.d rpcbind disable
 - update-rc.d nfs-kernel-server disable
* Disable DNS (if enabled)
 - systemctl disable bind9
* Disable FTP (if enabled)
* Disable HTTP services
 - nginx & apache (maybe tomcat?)
* Disable IMAP and POP
* Disable Samba
* Disable IP forwarding (leave if 0)
 - /sbin/sysctl net.ipv4.ip_forward
 - edit /etc/sysctl.conf
 - /sbin/sysctl -w net.ipv4.ip_forward=0
 - /sbin/sysctl -w net.ipv4.route.flush=1
   - ALT: echo 0 | sudo tee /proc/sys/net/ipv4/ip_forward
* Enable logging of Suspicious Packets
 - /sbin/sysctl net.ipv4.conf.all.log_martians
 - /sbin/sysctl net.ipv4.conf.default.log_martians
* Enable Syn Cookie Protection
 - sysctl -n net.ipv4.tcp_syncookies
* Disable IPv6
 - echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
* Prevent IP spoofing
 - echo "nospoof on" | sudo tee -a /etc/host.conf