DSU Computer Clubs Wiki

User Tools

Site Tools

Trace:
ccdc_checklist

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ccdc_checklist [2021/11/06 01:50] Charlie Rootccdc_checklist [2022/01/30 20:09] (current) Charlie Root
Line 3: Line 3:
 This is a sample checklist for [[DCDC|CCDC]]-style competitions. This is a sample checklist for [[DCDC|CCDC]]-style competitions.
  
-==== Password Changes ====+==== Linux ==== 
 + 
 +=== Password Changes ===
  
 Change all shell user passwords: Change all shell user passwords:
Line 10: Line 12:
 </code> </code>
  
- 
-==== Services ==== 
  
 Change all shell users' Samba passwords: Change all shell users' Samba passwords:
Line 17: Line 17:
 read; for u in $(cat /etc/passwd | grep -E "/bin/.*sh" | cut -d":" -f1); do echo -e "$REPLY\n$REPLY" | smbpasswd -sU $u ; done read; for u in $(cat /etc/passwd | grep -E "/bin/.*sh" | cut -d":" -f1); do echo -e "$REPLY\n$REPLY" | smbpasswd -sU $u ; done
 </code> </code>
 +
 +
 +=== Firewall ===
 +
 +Enable the firewall:
 +<code>
 +ufw enable
 +</code>
 +
 +Check the permitted ports and remove unnecessary whitelists:
 +<code>
 +ufw status numbered
 +
 +ufw delete [number]
 +</code>
 +
 + 
 +=== Service Hardening ===
 +
 +== PHP ==
 +
 +Searching for web shells:
 +<code>
 +Find your webroot (Typically /var/www/html). Look through .php files for functions like system or shell_exec being used.
 +</code>
 +
 +Disable functions that allow hackers to execute code on your system:
 +<code>
 +disable_functions = proc_open, popen, disk_free_space, diskfreespace, set_time_limit, leak, tmpfile, exec, system, shell_exec, passthru, show_source, system, phpinfo, pcntl_alarm, pcntl_fork, pcntl_waitpid, pcntl_wait, pcntl_wifexited, pcntl_wifstopped, pcntl_wifsignaled, pcntl_wexitstatus, pcntl_wtermsig, pcntl_wstopsig, pcntl_signal, pcntl_signal_dispatch, pcntl_get_last_error, pcntl_strerror, pcntl_sigprocmask, pcntl_sigwaitinfo, pcntl_sigtimedwait, pcntl_exec, pcntl_getpriority, pcntl_setpriority
 +
 +Add line above to /etc/php/7.4/apache2/php.ini.
 +</code>
 +
 +//Note: This may not be your file location for php.ini. If it isn't you'll need to find it manually.//
 +
 +== SSH ==
 +
 +Remove keys:
 +<code>
 +rm /home/*/.ssh/authorized_keys
 +rm /root/.ssh/authorized_keys
 +</code>
 +
 +Modify config:
 +<code>
 +Modify /etc/ssh/sshd_config so the settings match with the settings below.
 +- PermitRootLogin no
 +- PermitEmptyPasswords no
 +- PubkeyAuthentication no
 +
 +</code>
 +
 +
 +==== Windows ====
 +
 +=== Password Changes ===
 +
 +Change all passwords for local users:
 +<code>
 +Get-LocalUser | Set-LocalUser -password (read-host -AsSecureString)
 +</code>
 +
 +Change all passwords for domain users:
 +<code>
 +Get-ADUser -Filter * | Out-GridView -PassThru | Set-ADAccountPassword -NewPassword (Read-Host -AsSecureString) -Reset
 +</code>
 +
 +//Note: These must be ran in an administrative powershell. When ran there is sometimes no prompt. Just type in the password and hit enter.//
 +
 +
 +=== Firewall ===
 +
 +Check that all the profiles are enabled and it blocks all inbound by default:
 +<code>
 +Windows + R, wf.msc > Windows Defender Firewall Properties
 +</code>
 +
 +//Note: If the option to enable the firewall is grayed out, that means it is being disabled by the registry or group policy//
 +
 +Remove rules you don't need:
 +<code>
 +Windows + R, wf.msc > Inbound Rules
 +</code>
 +Look for any that allow all traffic inbound.
 +
 +
 +=== Other User Management ===
 +
 +<code>
 +Windows Key + R, compmgmt.msc > Local Users and Groups
 +
 +  - Remove all users that aren't required. 
 +  - Remove users from groups that they don't need to be apart of.
 +  - Disable the default Administrator and Guest account
 +</code>
 +
 +
 +=== Service Hardening ===
 +
 +== SMB ==
 +
 +Check SMB Version:
 +<code>
 +Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
 +
 +OR
 +
 +Get-SmbServerConfiguration | Select EnableSMB1Protocol
 +</code>
 +
 +
 +If SMBv1 is enabled then disable it:
 +<code>
 +Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
 +
 +OR
 +
 +Set-SmbServerConfiguration -EnableSMB1Protocol $false
 +</code>
 +
 +If SMB is required then enable SMBv2 which is secure:
 +<code>
 +Set-SmbServerConfiguration -EnableSMB2Protocol $true
 +</code>
 +
 +== RDP ==
 +
 +Enable Network Level Authentication:
 +<code>
 +Windows Key + R, systempropertiesremote, then double check if "Allow connections only from computers running remote desktop with Network Level Authentication.
 +
 +If this option is grayed out check out: [[https://www.kapilarya.com/how-to-configure-network-level-authentication-for-remote-desktop-connections-windows-10]]
 +</code>
 +
 +Make sure only required users are in RDP group:
 +<code>
 +Windows Key + R, systempropertiesremote, Under "Select Users", double check that only the Remote Desktop Users groups is added.
 +
 +Windows Key + R, compmgmt.msc, then check Remote Desktop Users for user accounts that shouldn't be there.
 +</code>
 +
 +==== Finished this checklist? ====
 +
 +Find much more at [[https://drive.google.com/drive/folders/13KuyOkwokTuIhO9wsP0PayGGXxYLRhsJ]]
ccdc_checklist.1636163444.txt.gz · Last modified: by Charlie Root

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki