I would really love the community to check it out. Hence, I would like my readers to provide me constructive criticism, give me feedback on what to improve or add on to the script. I always believe that other people view of codes are different and in some ways help to improve ones coding skill when people share their opinion. Thus writing this post, I would like my readers to visit my Github, and do a code review. However, my belief is that the scripts I created is to be improve it to make it better for the community. I was able to successfully finished it and published it on GitHub.įor me publishing something on github really gave me a sense of accomplishment. Examples, like where do I append the results to? What are the variables needed and in which direction should the script executed?Īll this planning and writing out a script/product really challenge myself, to use my understanding of Linux, bash and the solution provided from CIS-Benchmark, to piece it together to write out an auditing script.Īt the end of 3 months plus of hard work and pulling my hair out because of bugs in the script. It was quite interesting for me because I have to plan the flow of my scripts from top to bottom. The script checks from the filesystem to the network, permissions of the files and users etc. The audit script created was to audit CentOS 8, a linux based operating system. So, the reason I have not been publishing any CTF writeup, was because I was working on my first ever project, to develop an auditing script to automate the checklist from CIS Benchmark. I will not be publishing any ctf soon, maybe later in the year or so. I was busy with a project which I would be sharing on this post. V2.Hi guys, its been a long time since I have posted something on this blog post. V2.1 Hardened SSH Configuration, Tweaked Kernel Security Config, Fixed iptables rules not loading on Boot. V2.2 Added new Hardening option following CIS Benchmark Guidance Server IP now obtain via ip route to not rely on interface naming V2.2.1 Removed suhosing installation on Ubuntu 16.04, Fixed MySQL Configuration, GRUB Bootloader Setup function, V2.3 More Hardening steps Following some CIS Benchmark items for LAMP Deployer V2.4 Added LEMP Deployment with ModSecurity and the OWASP ModSecurity Core Rule Set (CRS3) Having Problems, please open a New Issue for JShielder on Github. Separate Hardening Script Following CIS Benchmark Guidance.LEMP Deployment with ModSecurity and the OWASP ModSecurity Core Rule Set (CRS3).Sets Secure File Permissions for Critical System Files.Automates the process of setting a GRUB Bootloader Password.Additional Hardening steps following CIS Benchmark.Configures Auditd rules following CIS Benchmark.Disables USB Support for Improved Security (Optional).MOTD and Banners for Unauthorized access.Kernel Hardening via sysctl configuration File (Tweaked).Creates Daily Cron job for System Updates.Installs Tiger, A Security Auditing and Intrusion Prevention system. ![]() Installs Unhide to help Detect Malicious Hidden Processes.Secures Root Home and Grub Configuration Files.Secures NginX with the Installation of ModSecurity NginX module and the OWASP ModSecurity Core Rule Set (CRS3).Secure Apache via configuration file and with installation of the Modules ModSecurity with the OWASP ModSecurity Core Rule Set (CRS3), ModEvasive, Qos and SpamHaus.Installs and Configure Artillery as a Honeypot, Monitoring, Blocking and Alerting tool.Protects the server against Brute Force attacks by installing a configuring fail2ban.Disables unused FileSystems and Network protocols.Configures IPTABLES Rules to protect the server from common attacks.Configures, Optimize and secures the SSH Server (Some Settings Following CIS Benchmark).Helps user Generate Secure RSA Keys, so that remote access to your server is done exclusive from your local pc and no Conventional password.Creates a New Admin user so you can manage your server safely without the need of doing remote connections with root.This tool is a Bash Script that hardens the Linux Server security automatically and the steps followed are: Newly added script follows CIS Benchmark Guidance to establish a Secure configuration posture for Linux systems. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux server with little interaction from the user. JSHielder is an Open Source Bash Script developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application or services. JShielder Automated Hardening Script for Linux Servers
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |