API tools faq
paste
Advertisement
sandervanvugt

linuxsecurity nov23

sandervanvugt
Nov 16th, 2023
72
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.22 KB | None | 0 0
raw download clone embed print report
  1. [root@localhost ~]# history
  2. 1 man iptables
  3. 2 reboot
  4. 3 grub2-setpassword
  5. 4 ls -lrt /boot/grub2/
  6. 5 cat user.cfg
  7. 6 cat /boot/grub2/user.cfg
  8. 7 reboot
  9. 8 cd linuxsecurity/
  10. 9 ./countdown 12
  11. 10 fdisk /dev/sda
  12. 11 cryptsetup luksFormat /dev/sda3
  13. 12 xxd /dev/sda3 | less
  14. 13 cryptsetup luksOpen /dev/sda3 secret
  15. 14 ls -l /dev/mapper/
  16. 15 mkfs.ext4 /dev/mapper/secret
  17. 16 mount /dev/mapper/secret /mnt
  18. 17 cp /etc/a* /mnt/
  19. 18 ls /mnt
  20. 19 umount /mnt
  21. 20 cryptSetup luksClose /dev/sda3
  22. 21 cryptsetup luksClose /dev/sda3
  23. 22 cryptsetup luksClose /dev/mapper/secret
  24. 23 history
  25. 24 ldd $(which login)
  26. 25 ldd $(which passwd)
  27. 26 ldd $(which ssh)
  28. 27 cd /etc/pam.d/
  29. 28 ls
  30. 29 vim login
  31. 30 ls -l
  32. 31 vim system-auth
  33. 32 find / -name "pam_unix.so"
  34. 33 cd /usr/lib64/security/
  35. 34 ls
  36. 35 man -k pam_
  37. 36 ls
  38. 37 man -k pam_
  39. 38 man pam_setquota
  40. 39 vim /etc/securetty
  41. 40 chvt 5
  42. 41 man pam_securetty
  43. 42 cd /etc/pam.d
  44. 43 vim system-auth
  45. 44 chvt 6
  46. 45 vim login
  47. 46 vim system-auth
  48. 47 cp login login.bak
  49. 48 vim login
  50. 49 history
  51. 50 cd /usr/lib64/security/
  52. 51 ls
  53. 52 dnf provides */pam_allow.so
  54. 53 dnf provides "*/pam_allow.so"
  55. 54 man pam_permit
  56. 55 vim login
  57. 56 cd /etc/pam.d/
  58. 57 vim login
  59. 58 chvt 3
  60. 59 mv login login.bak
  61. 60 mv login login.bad
  62. 61 mv login.bak login
  63. 62 ldd $(which sshd)
  64. 63 pwd
  65. 64 ls
  66. 65 vim sshd
  67. 66 find / -name "pam_permit.so"
  68. 67 history
  69. 68 cd
  70. 69 useradd anna
  71. 70 passwd anna
  72. 71 cd /home/anna
  73. 72 ls -ld .
  74. 73 pwd
  75. 74 echo wortel > rootfile
  76. 75 cat rootfile
  77. 76 su - anna
  78. 77 mkdir -p /data/sales
  79. 78 groupadd sales
  80. 79 usermod -aG sales anna
  81. 80 id anna
  82. 81 chgrp sales /data/sales
  83. 82 echo hello > /data/sales/afile
  84. 83 chown anna:sales /data/sales/afile
  85. 84 chmod 077 /data/sales/afile
  86. 85 su - anna
  87. 86 man 7 capabilities
  88. 87 pwd
  89. 88 echo fun > demo
  90. 89 chmod 400 demo
  91. 90 ls -l
  92. 91 chmod 444 demo
  93. 92 ls -l
  94. 93 su - anna
  95. 94 pwd
  96. 95 vim playme
  97. 96 chmod +x playme
  98. 97 ls -l playme
  99. 98 cat playme
  100. 99 chmod u+s playme
  101. 100 ls -l playme
  102. 101 su - anna
  103. 102 find / -perm +4000
  104. 103 find / -perm /4000
  105. 104 ls -l /usr/bin/passwd
  106. 105 ls -l /etc/shadow
  107. 106 find / -perm /4000 > /tmp/suidfiles.txt
  108. 107 cat /tmp/suidfiles.txt
  109. 108 find / -perm /4000 > /tmp/suid-$(date +%d-%m-%y).txt
  110. 109 ls /tmp/sui*
  111. 110 diff /tmp/suidfiles.txt /tmp/suid-16-11-23.txt
  112. 111 echo $?
  113. 112 echo hello >> /tmp/suid-16-11-23.txt
  114. 113 diff /tmp/suidfiles.txt /tmp/suid-16-11-23.txt
  115. 114 echo $?
  116. 115 history
  117. 116 su - anna
  118. 117 groupadd account
  119. 118 useradd -G account linda
  120. 119 passwd linda
  121. 120 cd /data/
  122. 121 ls -l
  123. 122 chmod 770 sales
  124. 123 chmod g+s sales
  125. 124 ls -ld sales/
  126. 125 echo wortel > sales/wortelfile
  127. 126 ls -l sales/wortelfile
  128. 127 su - linda
  129. 128 setfacl -R -m g:account:rX /data/sales
  130. 129 su - linda
  131. 130 getfacl /data/sales
  132. 131 echo root > sales/rootfile
  133. 132 getfacl sales/rootfile
  134. 133 rm sales/rootfile
  135. 134 setfacl -m d:g:account:rx /data/sales
  136. 135 echo root > sales/rootfile
  137. 136 getfacl sales/rootfile
  138. 137 history
  139. 138 cd
  140. 139 cat linuxsecurity/resources.txt
  141. 140 history
  142. 141 touch /root/removeme.txt
  143. 142 chattr +i /root/removeme.txt
  144. 143 rm -f /root/removeme.txt
  145. 144 ls -l removeme.txt
  146. 145 lsattr *
  147. 146 chattr -i removeme.txt
  148. 147 iptables -L
  149. 148 systemctl disable --now firewalld
  150. 149 iptables -P OUTPUT DROP
  151. 150 iptables -P INPUT DROP
  152. 151 ping google.com
  153. 152 iptables -A OUTPUT -p icmp -j ACCEPT
  154. 153 ping google.com
  155. 154 ping 8.8.8.8
  156. 155 iptables -A OUTPUT -p tcp --dport=53 -j ACCEPT
  157. 156 iptables -A OUTPUT -p udp --dport=53 -j ACCEPT
  158. 157 ping google.com
  159. 158 iptables -A INPUT -m state --state=ESTABLISHED,RELATED -j ACCEPT
  160. 159 ping google.com
  161. 160 iptables -L
  162. 161 ssh 192.168.29.139
  163. 162 iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
  164. 163 ssh 192.168.29.139
  165. 164 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  166. 165 iptables -L
  167. 166 history
  168. 167 iptables-save
  169. 168 iptables-save --help
  170. 169 ls -l /etc/sysconfig/
  171. 170 iptables-save > /etc/sysconfig/iptables-save.conf
  172. 171 history -w
  173. 172 chvt 2
  174. 173 chvt 2
  175. 174 chvt 2
  176. 175 cd linuxsecurity/
  177. 176 ./countdown 12
  178. 177 ./countdown 15
  179. 178 fdisk /dev/sda
  180. 179 cryptsetup luksFormat /dev/sda3
  181. 180 xxd /dev/sda3 | less
  182. 181 cryptsetup luksOpen /dev/sda3 secret
  183. 182 ls -l /dev/mapper/
  184. 183 mkfs.ext4 /dev/mapper/secret
  185. 184 mount /dev/mapper/secret /mnt
  186. 185 cp /etc/a* /mnt/
  187. 186 ls /mnt
  188. 187 umount /mnt
  189. 188 cryptSetup luksClose /dev/sda3
  190. 189 cryptsetup luksClose /dev/sda3
  191. 190 cryptsetup luksClose /dev/mapper/secret
  192. 191 history
  193. 192 ldd $(which login)
  194. 193 ldd $(which passwd)
  195. 194 ldd $(which ssh)
  196. 195 cd /etc/pam.d/
  197. 196 ls
  198. 197 vim login
  199. 198 ls -l
  200. 199 vim system-auth
  201. 200 find / -name "pam_unix.so"
  202. 201 cd /usr/lib64/security/
  203. 202 ls
  204. 203 man -k pam_
  205. 204 ls
  206. 205 man -k pam_
  207. 206 man pam_setquota
  208. 207 vim /etc/securetty
  209. 208 chvt 5
  210. 209 man pam_securetty
  211. 210 cd /etc/pam.d
  212. 211 vim system-auth
  213. 212 chvt 6
  214. 213 vim login
  215. 214 vim system-auth
  216. 215 cp login login.bak
  217. 216 vim login
  218. 217 history
  219. 218 cd /usr/lib64/security/
  220. 219 ls
  221. 220 dnf provides */pam_allow.so
  222. 221 dnf provides "*/pam_allow.so"
  223. 222 man pam_permit
  224. 223 vim login
  225. 224 cd /etc/pam.d/
  226. 225 vim login
  227. 226 chvt 3
  228. 227 mv login login.bak
  229. 228 mv login login.bad
  230. 229 mv login.bak login
  231. 230 ldd $(which sshd)
  232. 231 pwd
  233. 232 ls
  234. 233 vim sshd
  235. 234 find / -name "pam_permit.so"
  236. 235 history
  237. 236 cd
  238. 237 useradd anna
  239. 238 passwd anna
  240. 239 cd /home/anna
  241. 240 ls -ld .
  242. 241 pwd
  243. 242 echo wortel > rootfile
  244. 243 cat rootfile
  245. 244 su - anna
  246. 245 mkdir -p /data/sales
  247. 246 groupadd sales
  248. 247 usermod -aG sales anna
  249. 248 id anna
  250. 249 chgrp sales /data/sales
  251. 250 echo hello > /data/sales/afile
  252. 251 chown anna:sales /data/sales/afile
  253. 252 chmod 077 /data/sales/afile
  254. 253 su - anna
  255. 254 man 7 capabilities
  256. 255 pwd
  257. 256 echo fun > demo
  258. 257 chmod 400 demo
  259. 258 ls -l
  260. 259 chmod 444 demo
  261. 260 ls -l
  262. 261 su - anna
  263. 262 pwd
  264. 263 vim playme
  265. 264 chmod +x playme
  266. 265 ls -l playme
  267. 266 cat playme
  268. 267 chmod u+s playme
  269. 268 ls -l playme
  270. 269 su - anna
  271. 270 find / -perm +4000
  272. 271 find / -perm /4000
  273. 272 ls -l /usr/bin/passwd
  274. 273 ls -l /etc/shadow
  275. 274 find / -perm /4000 > /tmp/suidfiles.txt
  276. 275 cat /tmp/suidfiles.txt
  277. 276 find / -perm /4000 > /tmp/suid-$(date +%d-%m-%y).txt
  278. 277 ls /tmp/sui*
  279. 278 diff /tmp/suidfiles.txt /tmp/suid-16-11-23.txt
  280. 279 echo $?
  281. 280 echo hello >> /tmp/suid-16-11-23.txt
  282. 281 diff /tmp/suidfiles.txt /tmp/suid-16-11-23.txt
  283. 282 echo $?
  284. 283 history
  285. 284 su - anna
  286. 285 groupadd account
  287. 286 useradd -G account linda
  288. 287 passwd linda
  289. 288 cd /data/
  290. 289 ls -l
  291. 290 chmod 770 sales
  292. 291 chmod g+s sales
  293. 292 ls -ld sales/
  294. 293 echo wortel > sales/wortelfile
  295. 294 ls -l sales/wortelfile
  296. 295 su - linda
  297. 296 setfacl -R -m g:account:rX /data/sales
  298. 297 su - linda
  299. 298 getfacl /data/sales
  300. 299 echo root > sales/rootfile
  301. 300 getfacl sales/rootfile
  302. 301 rm sales/rootfile
  303. 302 setfacl -m d:g:account:rx /data/sales
  304. 303 echo root > sales/rootfile
  305. 304 getfacl sales/rootfile
  306. 305 history
  307. 306 cd
  308. 307 cat linuxsecurity/resources.txt
  309. 308 history
  310. 309 touch /root/removeme.txt
  311. 310 chattr +i /root/removeme.txt
  312. 311 rm -f /root/removeme.txt
  313. 312 ls -l removeme.txt
  314. 313 lsattr *
  315. 314 chattr -i removeme.txt
  316. 315 iptables -L
  317. 316 systemctl disable --now firewalld
  318. 317 iptables -P OUTPUT DROP
  319. 318 iptables -P INPUT DROP
  320. 319 ping google.com
  321. 320 iptables -A OUTPUT -p icmp -j ACCEPT
  322. 321 ping google.com
  323. 322 ping 8.8.8.8
  324. 323 iptables -A OUTPUT -p tcp --dport=53 -j ACCEPT
  325. 324 iptables -A OUTPUT -p udp --dport=53 -j ACCEPT
  326. 325 ping google.com
  327. 326 iptables -A INPUT -m state --state=ESTABLISHED,RELATED -j ACCEPT
  328. 327 ping google.com
  329. 328 iptables -L
  330. 329 ssh 192.168.29.139
  331. 330 iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
  332. 331 ssh 192.168.29.139
  333. 332 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  334. 333 iptables -L
  335. 334 history
  336. 335 iptables-save
  337. 336 iptables-save --help
  338. 337 ls -l /etc/sysconfig/
  339. 338 iptables-save > /etc/sysconfig/iptables-save.conf
  340. 339 history -w
  341. 340 reboot
  342. 341 systemctl enable --now firewalld
  343. 342 firewall-cmd --list-all
  344. 343 firewall-cmd --get-services
  345. 344 firewall-cmd --add-service murmur
  346. 345 firewall-cmd --list-all
  347. 346 cat /usr/lib/firewalld/services/murmur.xml
  348. 347 firewall-cmd --add-port 123/tcp
  349. 348 firewall-cmd --list-all
  350. 349 firewall-cmd --runtime-to-permanent
  351. 350 firewall-cmd --info-service=murmur
  352. 351 cp /usr/lib/firewalld/services/murmur.xml /etc/firewalld/services/sander.xml
  353. 352 firewall-cmd --get-services | grep sander
  354. 353 systemctl restart firewalld
  355. 354 firewall-cmd --get-services | grep sander
  356. 355 man firewalld.richlanguage
  357. 356 firewall-cmd --permanent --zone=public --add-rich-rule='rule service name="ssh" log prefix="ssh" level="notice" limit value="2/m" accept'
  358. 357 firewall-cmd --list-all
  359. 358 firewall-cmd --reload
  360. 359 firewall-cmd --list-all
  361. 360 history
  362. 361 systemctl status auditd
  363. 362 less /var/log/audit/audit.log
  364. 363 grep AVC /var/log/audit/audit.log
  365. 364 auditctl -w /etc/passwd -p wa -k passwd-access
  366. 365 cat /etc/passwd
  367. 366 grep passwd-access /var/log/audit/audit.log
  368. 367 auditctl -w /bin -p x
  369. 368 ls
  370. 369 tail /var/log/audit/audit.log
  371. 370 dnf install -y httpd
  372. 371 vim /etc/httpd/conf/httpd.conf
  373. 372 mkdir /web; echo hello web > /web/index.html
  374. 373 systemctl restart httpd
  375. 374 curl localhost
  376. 375 grep AVC /var/log/audit/audit.log
  377. 376 ps Zaux | grep http
  378. 377 ls -Z /var/www
  379. 378 ls -Zd /web
  380. 379 ls -dZ /var/tmp
  381. 380 journalctl | grep sealert
  382. 381 sealert -l 3a0ddcf9-27f3-40b8-9322-a78a9616955e | less
  383. 382 # ausearch -c 'httpd' --raw | audit2allow -M my-httpd
  384. 383 # semodule -X 300 -i my-httpd.pp
  385. 384 ausearch -c 'httpd' --raw
  386. 385 usearch -c 'httpd' --raw | audit2allow -M my-httpd
  387. 386 ausearch -c 'httpd' --raw | audit2allow -M my-httpd
  388. 387 semodule -i my-httpd.pp
  389. 388 curl localhost
  390. 389 grep AVC /var/log/audit/audit.log
  391. 390 semodule -d my-httpd.pp
  392. 391 semodule --help
  393. 392 semodule -r my-httpd.pp
  394. 393 ssh student@192.168.29.139
  395. 394 dnf install fapolicyd
  396. 395 systemctl enable --now fapolicyd
  397. 396 cp /bin/ls /tmp/ls
  398. 397 fapolicyd-cli --add-file /tmp/ls --trust-file myapp
  399. 398 cat /etc/shadow
  400. 399 ls -l /etc/shadow
  401. 400 fapolicyd-cli --file /tmp/ls --trust-file myapp
  402. 401 history
  403.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!