Difference between revisions of "Operating Systems/Linux/Ubuntu/Ubuntu 16.04 LTS/Scripting"
Jump to navigation
Jump to search
(Created page with "== Baselining == A good way to automate a lot of fixes without coding is baselining. There are multiple ways to do it, but the easiest way is to create secure configuration fi...") |
|||
| Line 10: | Line 10: | ||
** /etc/sudoers | ** /etc/sudoers | ||
** /etc/apt/sources.list | ** /etc/apt/sources.list | ||
| − | The default version of these configuration files can be found from a default installation of Ubuntu22 (or | + | The default version of these configuration files can be found from a default installation of Ubuntu22 (or Linux Mint) |
| − | == How to configure a configuration file securely == | + | === How to configure a configuration file securely === |
* You can find guides on hardening these configuration files online, or even by asking ChatGPT "What modifications should I make to the file "/etc/login.defs" to make it more secure?" | * You can find guides on hardening these configuration files online, or even by asking ChatGPT "What modifications should I make to the file "/etc/login.defs" to make it more secure?" | ||
| − | |||
* Here are some guides for hardening some of these configurations: | * Here are some guides for hardening some of these configurations: | ||
** https://www.blumira.com/blog/secure-ssh-on-linux (/etc/ssh/sshd_config) | ** https://www.blumira.com/blog/secure-ssh-on-linux (/etc/ssh/sshd_config) | ||
** https://www.baeldung.com/linux/password-complexity (/etc/pam.d/common-password and /etc/login.defs) | ** https://www.baeldung.com/linux/password-complexity (/etc/pam.d/common-password and /etc/login.defs) | ||
| − | == How to copy the configuration files to the practice image == | + | ** https://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening (/etc/sysctl.conf) ''note: this website contains a ton of modifications, which will get you points but you should try to understand what they're doing'' |
| + | * You can also find configurations to make by looking at the answer keys of practice images, which will include some modifications that you can make. | ||
| + | === How to copy the configuration files to the practice image === | ||
* First you have to get the files into the practice image. If you're using vmware you may be able to drag the file right into the image. But if that doesn't work you can use google drive or email to yourself. | * First you have to get the files into the practice image. If you're using vmware you may be able to drag the file right into the image. But if that doesn't work you can use google drive or email to yourself. | ||
* Next you have to backup the original file. You can use this command for that: | * Next you have to backup the original file. You can use this command for that: | ||
| Line 23: | Line 24: | ||
* Finally you have to copy your pre-configured file to its location: | * Finally you have to copy your pre-configured file to its location: | ||
** <code>cp <path/to/configured/file> <path/to/location></code> | ** <code>cp <path/to/configured/file> <path/to/location></code> | ||
| − | * For Example: | + | * For Example, if you have a folder named "backups" for your backups and a folder named "custom-configs" with your pre-configured files: |
| − | ** <code>cp /etc/ssh/sshd_config ./sshd_config | + | ** <code>cp /etc/ssh/sshd_config ./backups/sshd_config</code> |
| − | ** <code>cp ./sshd_config /etc/ssh/sshd_config</code> | + | ** <code>cp ./custom-configs/sshd_config /etc/ssh/sshd_config</code> |
Revision as of 16:42, 2 October 2024
Baselining
A good way to automate a lot of fixes without coding is baselining. There are multiple ways to do it, but the easiest way is to create secure configuration files before a competition, and copy those in during a competition.
- Some configuration files that will be worth configuring securely before a competition are:
- /etc/ssh/sshd_config
- /etc/pam.d/common-password
- /etc/login.defs
- /etc/sysctl.conf
- These configuration files are fine as the default, but you have to make sure that they haven't been tampered with
- /etc/sudoers
- /etc/apt/sources.list
The default version of these configuration files can be found from a default installation of Ubuntu22 (or Linux Mint)
How to configure a configuration file securely
- You can find guides on hardening these configuration files online, or even by asking ChatGPT "What modifications should I make to the file "/etc/login.defs" to make it more secure?"
- Here are some guides for hardening some of these configurations:
- https://www.blumira.com/blog/secure-ssh-on-linux (/etc/ssh/sshd_config)
- https://www.baeldung.com/linux/password-complexity (/etc/pam.d/common-password and /etc/login.defs)
- https://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening (/etc/sysctl.conf) note: this website contains a ton of modifications, which will get you points but you should try to understand what they're doing
- You can also find configurations to make by looking at the answer keys of practice images, which will include some modifications that you can make.
How to copy the configuration files to the practice image
- First you have to get the files into the practice image. If you're using vmware you may be able to drag the file right into the image. But if that doesn't work you can use google drive or email to yourself.
- Next you have to backup the original file. You can use this command for that:
cp <path/to/original/file> <backup/location>
- Finally you have to copy your pre-configured file to its location:
cp <path/to/configured/file> <path/to/location>
- For Example, if you have a folder named "backups" for your backups and a folder named "custom-configs" with your pre-configured files:
cp /etc/ssh/sshd_config ./backups/sshd_configcp ./custom-configs/sshd_config /etc/ssh/sshd_config