API tools faq
paste
Advertisement
sandervanvugt

linux security feb24

sandervanvugt
Feb 29th, 2024
99
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.64 KB | None | 0 0
raw download clone embed print report
  1. [root@centos ~]# history
  2. 1 vim /boot/loader/entries/c38c5b35ef7948c7816e02bdcd93265a-5.14.0-425.el9.x86_64.conf
  3. 2 reboot
  4. 3 cd /boot/loader/entries
  5. 4 ls
  6. 5 vim c38c5b35ef7948c7816e02bdcd93265a-5.14.0-425.el9.x86_64.conf
  7. 6 reboot
  8. 7 poweroff
  9. 8 chvt 3
  10. 9 chvt 2
  11. 10 chvt 3
  12. 11 dnf install -y git
  13. 12 git clone https://github.com/sandervanvugt/linux-security
  14. 13 git clone https://github.com/sandervanvugt/linuxsecurity
  15. 14 cd linuxsecurity/
  16. 15 history
  17. 16 ./countdown 12
  18. 17 cd
  19. 18 fdisk /dev/sdb
  20. 19 cryptsetup luksFormat /dev/sdb1
  21. 20 cryptsetup luksOpen /dev/sdb1 secret
  22. 21 ls -l /dev/mapper/
  23. 22 mkfs.ext4 /dev/mapper/secret
  24. 23 mount /dev/mapper/secret /mnt
  25. 24 touch /mnt/file1
  26. 25 echo hello > /mnt/file2
  27. 26 umount /mnt
  28. 27 cryptsetup luksClose /dev/sdb1
  29. 28 cryptsetup luksClose /dev/mapper/secret
  30. 29 ls -l /dev/mapper
  31. 30 xxd /dev/sdb1 | less
  32. 31 ldd $(which login)
  33. 32 cd /etc/pam.d
  34. 33 ls
  35. 34 vim login
  36. 35 vim system-auth
  37. 36 find / -name "pam_limits.so"
  38. 37 cd /usr/lib64/security/
  39. 38 ls
  40. 39 vim /etc/securetty
  41. 40 chvt 4
  42. 41 loginctl list-sessions
  43. 42 loginctl kill-session 4
  44. 43 loginctl kill-session 6
  45. 44 loginctl list-sessions
  46. 45 pwd
  47. 46 cd /etc/pam.d/
  48. 47 man -k pam
  49. 48 man pam_securetty
  50. 49 vim login
  51. 50 chvt 4
  52. 51 loginctl list-sessions
  53. 52 loginctl kill-session 7
  54. 53 loginctl kill-session 9
  55. 54 cd
  56. 55 touch /home/linda/anotherfile
  57. 56 su - linda
  58. 57 vim /home/linda/playme
  59. 58 chmod +x /home/linda/playme
  60. 59 su - linda
  61. 60 chmod u+s /home/linda/playme
  62. 61 su - linda
  63. 62 find / -perm /4000
  64. 63 ls -l /usr/bin/passwd
  65. 64 ls -l /etc/shadow
  66. 65 history
  67. 66 find / -perm /4000
  68. 67 history
  69. 68 crontab -e
  70. 69 find / -perm /4000 > /tmp/suid-base.txt
  71. 70 history
  72. 71 iptables
  73. 72 iptables -P OUTPUT DROP
  74. 73 iptables -P INPUT DROP
  75. 74 ping google.com
  76. 75 iptables -A OUTPUT -p icmp -j ACCEPT
  77. 76 ping google.com
  78. 77 iptables -A OUTPUT -p tcp --dport=53 -j ACCEPT
  79. 78 iptables -A OUTPUT -p udp --dport=53 -j ACCEPT
  80. 79 ping google.com
  81. 80 iptables -A INPUT -m state=ESTABLISHED,RELATED -j ACCEPT
  82. 81 iptables -A INPUT -m state --state=ESTABLISHED,RELATED -j ACCEPT
  83. 82 ping google.com
  84. 83 iptables -A OUTPUT -p tcp --dport=80 -j ACCEPT
  85. 84 iptables -A OUTPUT -p tcp --dport=443 -j ACCEPT
  86. 85 curl google.com
  87. 86 history
  88. 87 iptables-save
  89. 88 reboot
  90. 89 firewall-cmd --list-all
  91. 90 firewall-cmd --get-services
  92. 91 firewall-cmd --add-service http --permanent
  93. 92 firewall-cmd --list-all
  94. 93 firewall-cmd --reload
  95. 94 firewall-cmd --list-all
  96. 95 vim /usr/lib/firewalld/services/ftp.xml
  97. 96 cp /usr/lib/firewalld/services/ftp.xml /etc/firewalld/services/sander.xml
  98. 97 vim /etc/firewalld/services/sander.xml
  99. 98 firewall-cmd --list-services | grep sander
  100. 99 systemctl restart firewalld
  101. 100 firewall-cmd --list-services | grep sander
  102. 101 firewall-cmd --reload
  103. 102 firewall-cmd --list-services | grep sander
  104. 103 ls /etc/firewalld/services/
  105. 104 firewall-cmd --get-services | grep sander
  106. 105 firewall-cmd --help | grep forward
  107. 106 firewall-cmd --add-forward-port=port=2022:proto=tcp:toport:22:toaddr=127.0.0.1
  108. 107 firewall-cmd --add-forward-port=port=2022:proto=tcp:toport=22:toaddr=127.0.0.1
  109. 108 ssh localhost:2022
  110. 109 ssh -p 2022 localhost
  111. 110 ip a
  112. 111 ssh -p 2022 192.168.29.144
  113. 112 firewall-cmd --list-all
  114. 113 ip
  115. 114 ip a
  116. 115 systemctl status sshd
  117. 116 dnf install -y nmap
  118. 117 nmap localhost
  119. 118 nmap 192.168.29.144
  120. 119 setenforce permissive
  121. 120 firewall-cmd --permanent --zone=public --add-rich-rule='rule service name="ssh" log prefix="ssh" level="notice" limit value="2/m" accept'
  122. 121 firewall-cmd --reload
  123. 122 firewall-cmd --list-all
  124. 123 history
  125. 124 man firewalld.richlanguage
  126. 125 firewall-cmd --add-rich-rule='rule forward-port to-addr="127.0.0.1" to-port="22" protocol="tcp" port="2023"'
  127. 126 man firewalld.richlanguage
  128. 127 firewall-cmd --add-rich-rule='family="ipv4" rule forward-port to-addr="127.0.0.1" to-port="22" protocol="tcp" port="2023"'
  129. 128 firewall-cmd --add-rich-rule='rule family="ipv4" forward-port to-addr="127.0.0.1" to-port="22" protocol="tcp" port="2023"'
  130. 129 ssh -p 2023 localhost
  131. 130 history
  132. 131 firewall-cmd --reload
  133. 132 firewall-cmd --add-forward-port=port=2022:proto=tcp:toport=22:toaddr=127.0.0.1
  134. 133 nmap 192.168.29.144
  135. 134 firewall-cmd --list-all
  136. 135 firewall-cmd --reload
  137. 136 firewall-cmd --add-forward-port=port=2024:proto=tcp:to-port=22
  138. 137 firewall-cmd --add-forward-port=port=2024:proto=tcp:toport=22
  139. 138 nmap 127.0.0.1
  140. 139 history
  141. 140 nmap 127.0.0.1
  142. 141 nmap 192.168.29.144
  143. 142 nmap -sT 192.168.29.144
  144. 143 nmap localhost -p 2024
  145. 144 systemctl status auditd
  146. 145 ls -l /var/log/audit/audit.log
  147. 146 less /var/log/audit/audit.log
  148. 147 grep AVC /var/log/audit/audit.log
  149. 148 auditctl -w /etc/passwd -p wa -k passwd-access
  150. 149 cat /etc/passwd
  151. 150 grep passwd-access /var/log/audit/audit.log
  152. 151 auditctl -w /bin -p x
  153. 152 ls
  154. 153 tail /var/log/audit/audit.log
  155. 154 auditctl -a exit,always -F dir=/home/ -F uid=0 -C auid!=obj_uid
  156. 155 auditctl -a exit,always -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=1000 -F auid!=4294967295 -k delete
  157. 156 auditctl -a exit,always -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=1000 -k delete
  158. 157 auditctl -a exit,always -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -C auid>=1000 -C auid!=4294967295 -k delete
  159. 158 man auditctl
  160. 159 ssh student@192.168.29.143
  161. 160 aa-status
  162. 161 ssh student@192.168.29.143
  163. 162 dnf install -y httpd
  164. 163 ip a
  165. 164 vim /etc/hosts
  166. 165 hostname set-hostname centos.example.com
  167. 166 hostnamectl set-hostname centos.example.com
  168. 167 systemctl enable --now httpd
  169. 168 ps Zaux | grep http
  170. 169 ls -Z /var/www
  171. 170 mkdir /web
  172. 171 vim /web/index.html
  173. 172 vim /etc/httpd/conf/httpd.conf
  174. 173 ls -Zd /web
  175. 174 systemctl restart httpd
  176. 175 curl localhost
  177. 176 getenforce
  178. 177 setenforce enforcing
  179. 178 curl localhost
  180. 179 grep AVC /var/log/audit/audit.log
  181. 180 man semanage-fcontext
  182. 181 semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
  183. 182 ls -Zd /web
  184. 183 restorecon -Rv /web
  185. 184 curl localhost
  186. 185 history
  187. 186 grep AVC /var/log/audit/audit.log
  188. 187 vim /etc/httpd/conf/httpd.conf
  189. 188 systemctl restart httpd
  190. 189 systemctl status httpd
  191. 190 grep AVC /var/log/audit/audit.log
  192. 191 man semanage-port
  193. 192 journalctl | grep sealert
  194. 193 sealert -l 5bfad355-0430-408d-af7c-9b15461043bc | less
  195. 194 emanage port -a -t http_port_t -p tcp 82
  196. 195 semanage port -a -t http_port_t -p tcp 82
  197. 196 systemctl restart httpd
  198. 197 ss -tunapZ
  199. 198 getsebool
  200. 199 getsebool -a
  201. 200 getsebool -a | wc -l
  202. 201 getsebool -a | grep ftp
  203. 202 setsebool -P ftpd_anon_write on
  204. 203 getsebool -a | grep ftp
  205. 204 journalctl | grep sealert
  206. 205 sealert -l a5de5d12-4f37-4203-8954-a5b6d7d38c69 | less
  207. 206 dnf install fapolicyd
  208. 207 systemctl enable --now fapolicyd
  209. 208 cp /bin/ls /tmp/ls
  210. 209 exit
  211. 210 fapolicyd-cli --add-file /tmp/ls --trust-file myapp
  212. 211 fapolicyd-cli --add file /tmp/ls --trust-file myapp
  213. 212 man fapolicyd-cli
  214. 213 fapolicyd-cli --file add /tmp/ls --trust-file myapp
  215. 214 fapolicyd-cli --update
  216. 215 exit
  217. 216 history
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!