DSU Computer Clubs Wiki

User Tools

Site Tools

Trace:
ccdc_checklist

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ccdc_checklist [2021/11/06 07:08] – [Windows] Charlie Rootccdc_checklist [2022/01/30 20:09] (current) Charlie Root
Line 36: Line 36:
 === Service Hardening === === Service Hardening ===
  
 +== PHP ==
  
 +Searching for web shells:
 +<code>
 +Find your webroot (Typically /var/www/html). Look through .php files for functions like system or shell_exec being used.
 +</code>
  
 +Disable functions that allow hackers to execute code on your system:
 +<code>
 +disable_functions = proc_open, popen, disk_free_space, diskfreespace, set_time_limit, leak, tmpfile, exec, system, shell_exec, passthru, show_source, system, phpinfo, pcntl_alarm, pcntl_fork, pcntl_waitpid, pcntl_wait, pcntl_wifexited, pcntl_wifstopped, pcntl_wifsignaled, pcntl_wexitstatus, pcntl_wtermsig, pcntl_wstopsig, pcntl_signal, pcntl_signal_dispatch, pcntl_get_last_error, pcntl_strerror, pcntl_sigprocmask, pcntl_sigwaitinfo, pcntl_sigtimedwait, pcntl_exec, pcntl_getpriority, pcntl_setpriority
 +
 +Add line above to /etc/php/7.4/apache2/php.ini.
 +</code>
 +
 +//Note: This may not be your file location for php.ini. If it isn't you'll need to find it manually.//
 +
 +== SSH ==
 +
 +Remove keys:
 +<code>
 +rm /home/*/.ssh/authorized_keys
 +rm /root/.ssh/authorized_keys
 +</code>
 +
 +Modify config:
 +<code>
 +Modify /etc/ssh/sshd_config so the settings match with the settings below.
 +- PermitRootLogin no
 +- PermitEmptyPasswords no
 +- PubkeyAuthentication no
 +
 +</code>
  
  
Line 59: Line 89:
 === Firewall === === Firewall ===
  
-Enable it. Good luck.+Check that all the profiles are enabled and it blocks all inbound by default: 
 +<code> 
 +Windows + R, wf.msc > Windows Defender Firewall Properties 
 +</code> 
 + 
 +//Note: If the option to enable the firewall is grayed out, that means it is being disabled by the registry or group policy// 
 + 
 +Remove rules you don't need: 
 +<code> 
 +Windows + R, wf.msc > Inbound Rules 
 +</code> 
 +Look for any that allow all traffic inbound. 
 + 
 + 
 +=== Other User Management === 
 + 
 +<code> 
 +Windows Key + R, compmgmt.msc > Local Users and Groups 
 + 
 +  - Remove all users that aren't required.  
 +  - Remove users from groups that they don't need to be apart of. 
 +  - Disable the default Administrator and Guest account 
 +</code> 
  
 === Service Hardening === === Service Hardening ===
Line 91: Line 144:
 == RDP == == RDP ==
  
-  * Enable Network Level Authentication +Enable Network Level Authentication
-  Make sure only required users are in RDP group+<code> 
 +Windows Key + R, systempropertiesremote, then double check if "Allow connections only from computers running remote desktop with Network Level Authentication. 
 + 
 +If this option is grayed out check out: [[https://www.kapilarya.com/how-to-configure-network-level-authentication-for-remote-desktop-connections-windows-10]] 
 +</code> 
 + 
 +Make sure only required users are in RDP group
 +<code> 
 +Windows Key + R, systempropertiesremote, Under "Select Users", double check that only the Remote Desktop Users groups is added. 
 + 
 +Windows Key + R, compmgmt.msc, then check Remote Desktop Users for user accounts that shouldn't be there. 
 +</code> 
 + 
 +==== Finished this checklist? ==== 
 + 
 +Find much more at [[https://drive.google.com/drive/folders/13KuyOkwokTuIhO9wsP0PayGGXxYLRhsJ]]
ccdc_checklist.1636182505.txt.gz · Last modified: by Charlie Root

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki