linux:security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
linux:security [2024/07/13 01:30] – [FIPS security for ubuntu] adminlinux:security [2025/02/05 12:37] (current) – [Library] admin
Line 1: Line 1:
 +====== Library ======
 +
 +https://wazuh.com/ - XDR , SIEM https://habr.com/ru/articles/867162/ \\
 +
 +https://attack.mitre.org/
 +
 +opensource opsec review
 +
 ====== Linux Security  ====== ====== Linux Security  ======
   * https://pberba.github.io/security/2022/01/30/linux-threat-hunting-for-persistence-systemd-timers-cron/#73-monitoring-addition-to-cron   * https://pberba.github.io/security/2022/01/30/linux-threat-hunting-for-persistence-systemd-timers-cron/#73-monitoring-addition-to-cron
  
 +
 +====== Zerotrust ======
 +https://docs.linuxserver.io/images/docker-kasm/ kasm
  
 ====== Zerotrust Browser ====== ====== Zerotrust Browser ======
Line 13: Line 24:
  
 ====== FIPS security for ubuntu ====== ====== FIPS security for ubuntu ======
-  - Auditing an Ubuntu System for DISA-STIG compliance  - [[https://ubuntu.com/security/certifications/docs/fips-enablement|link]] ++ Detail|<code BASH>+  - USG - Ubuntu Security Guide (usg) -  DISA-STIG compliance  - [[https://ubuntu.com/security/certifications/docs/fips-enablement|link]] ++ Detail|<code BASH> 
 +  # USG - Ubuntu Security Guide (usg) 
 + 
 +sudo apt-get install libopenscap8 
 +oscap -v 
 +oscap -V   
 + 
 +sudo apt install ubuntu-advantage-tools 
 +sudo ua attach ||||| 
 +sudo ua enable usg 
 +sudo apt install usg -y 
 + 
 +# generate report in /var/lib/usg/ , report can show result.sh ./result_XXXXX.txt 
 +sudo usg audit cis_level1_server  > result_usg_$(date +"%y%m%d").txt 
 + 
 +TAILOR_FILENAME=tailor_cis_level1_server$(date +"%y%m%d").xml 
 + 
 +# generate tailor for customize   
 +sudo usg generate-tailoring cis_level1_server $TAILOR_FILENAME 
 + 
 +#turn all off 
 +sed -i 's/selected="true"/selected="false"/g' $TAILOR_FILENAME 
 + 
 + 
 +# turn all what we need 
 +sed -i '/xccdf_org.ssgproject.content_rule_sshd_set_keepaliv/s/selected="false"/selected="true"/g' $TAILOR_FILENAME 
 +sed -i '/xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout/s/selected="false"/selected="true"/g' $TAILOR_FILENAME 
 +sed -i '/xccdf_org.ssgproject.content_rule_sshd_disable_rhosts/s/selected="false"/selected="true"/g' $TAILOR_FILENAME 
 +sed -i '/xccdf_org.ssgproject.content_rule_sshd_disable_root_login/s/selected="false"/selected="true"/g' $TAILOR_FILENAME 
 +sed -i '/xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time/s/selected="false"/selected="true"/g' $TAILOR_FILENAME 
 +sed -i '/xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries/s/selected="false"/selected="true"/g' $TAILOR_FILENAME 
 +sed -i '/xccdf_org.ssgproject.content_rule_sshd_set_maxstartups/s/selected="false"/selected="true"/g' $TAILOR_FILENAME 
 +sed -i '/xccdf_org.ssgproject.content_rule_sshd_use_strong_ciphers/s/selected="false"/selected="true"/g' $TAILOR_FILENAME 
 +sed -i '/xccdf_org.ssgproject.content_rule_sshd_use_strong_kex/s/selected="false"/selected="true"/g' $TAILOR_FILENAME 
 +sed -i '/xccdf_org.ssgproject.content_rule_sshd_use_strong_macs/s/selected="false"/selected="true"/g' $TAILOR_FILENAME 
 +sed -i '/xccdf_org.ssgproject.content_rule_file_permissions_sshd_config/s/selected="false"/selected="true"/g' $TAILOR_FILENAME 
 + 
 + 
 +usg audit --tailoring-file $TAILOR_FILENAME 
 + 
 + 
 +sudo usg generate-fix  --output ./fix.sh --tailoring-file $TAILOR_FILENAME 
 + 
 + 
 +</code>   
 +++ 
 + 
 +====== Openscap ====== 
 + 
 +  -  Security Technical Implementation Guide 
 +    -  https://medium.com/@aika.nazhimidinova/cis-benchmark-of-ubuntu-22-04-openscap-security-guide-707f206e73c8 
 +    -  https://medium.com/defense-unicorns/stig-scanning-with-openscap-675c7292d7cb  
 +    -  https://medium.com/@raveen.gatla/the-ultimate-guide-for-security-compliance-with-openscap-part-1-26da99824c1b 
 +  -  ++ Detail|<code BASH> 
 + 
   sudo apt-get install libopenscap8   sudo apt-get install libopenscap8
   oscap -v   oscap -v
   oscap -V   oscap -V
-   
  
-  sudo apt install ubuntu-advantage-tools 
-  sudo ua attach sdfsdf 
-  sudo ua enable usg 
-  sudo apt install usg -y 
   sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_level1_server --results-arf arf.xml --report $1 /usr/share/ubuntu-scap-security-guides/1/benchmarks/ssg-ubuntu2004-ds.xml   sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_level1_server --results-arf arf.xml --report $1 /usr/share/ubuntu-scap-security-guides/1/benchmarks/ssg-ubuntu2004-ds.xml
-   
-  mkdir report 
-  sudo usg generate-tailoring disa_stig tailor.xml 
-   
  
-# Audit using the new tailoring file 
-  sudo usg audit --tailoring-file tailor.xml 
  
-# Fix using the new tailoring file 
-# USG fix: Proceed with extreme caution. Document all steps.  
-# CAUTION!  usg fix --tailoring-file tailor.xml 
  
-# generate fix.file for cis_level1_server + oscap info /usr/share/ubuntu-scap-security-guides/1/benchmarks/ssg-ubuntu2204-ds-1.2.xml 
- sudo usg generate-fix  cis_level1_server --output fix.sh + sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig --report report.html /usr/share/ubuntu-scap-security-guides/1/benchmarks/ssg-ubuntu2204-ds-1.2.xml
-</code>   +
-+++
  
-====== Openscap ====== 
-<code BASH> 
-sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_level1_server --results-arf arf.xml --report ./rep /usr/share/ubuntu-scap-security-guides/1/benchmarks/ssg-ubuntu2204-ds.xml > oscap_result_$(date +"%y%m%d").txt 
-</code> 
  
 + oscap xccdf generate fix --profile xccdf_org.ssgproject.content_profile_stig --fix-type bash /usr/share/ubuntu-scap-security-guides/1/benchmarks/ssg-ubuntu2204-ds-1.2.xml > fix_sig.sh
 + grep '2 echo "' ./fx_sig.sh
  
 +</code>
 +++
  • linux/security.1720834247.txt.gz
  • Last modified: 2024/07/13 01:30
  • by admin