Difference between revisions of "Operating Systems/Linux/Ubuntu/Ubuntu 16.04 LTS/Scripting"
Jump to navigation
Jump to search
| Line 28: | Line 28: | ||
** <code>cp ./custom-configs/sshd_config /etc/ssh/sshd_config</code> | ** <code>cp ./custom-configs/sshd_config /etc/ssh/sshd_config</code> | ||
==Useful one liners== | ==Useful one liners== | ||
| − | These are useful commands or chains of commands to remember or write down for CyberPatriot | + | These are useful commands or chains of commands to remember or write down for CyberPatriot (Feel free to add to this) |
<br></br> | <br></br> | ||
<code>grep "sh$" /etc/passwd</code> | <code>grep "sh$" /etc/passwd</code> | ||
Revision as of 22:50, 2 October 2024
Baselining
A good way to automate a lot of fixes without coding is baselining. There are multiple ways to do it, but the easiest way is to create secure configuration files before a competition, and copy those in during a competition.
- Some configuration files that will be worth configuring securely before a competition are:
- /etc/ssh/sshd_config
- /etc/pam.d/common-password
- /etc/login.defs
- /etc/sysctl.conf
- These configuration files are fine as the default, but you have to make sure that they haven't been tampered with
- /etc/sudoers
- /etc/apt/sources.list
The default version of these configuration files can be found from a default installation of Ubuntu22 (or Linux Mint)
How to configure a configuration file securely
- You can find guides on hardening these configuration files online, or even by asking ChatGPT "What modifications should I make to the file "/etc/login.defs" to make it more secure?"
- Here are some guides for hardening some of these configurations:
- https://www.blumira.com/blog/secure-ssh-on-linux (/etc/ssh/sshd_config)
- https://www.baeldung.com/linux/password-complexity (/etc/pam.d/common-password and /etc/login.defs)
- https://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening (/etc/sysctl.conf) note: this website contains a ton of modifications, which will get you points but you should try to understand what they're doing
- You can also find configurations to make by looking at the answer keys of practice images, which will include some modifications that you can make.
How to copy the configuration files to the practice image
- First you have to get the files into the practice image. If you're using vmware you may be able to drag the file right into the image. But if that doesn't work you can use google drive or email to yourself.
- Next you have to backup the original file. You can use this command for that:
cp <path/to/original/file> <backup/location>
- Finally you have to copy your pre-configured file to its location:
cp <path/to/configured/file> <path/to/location>
- For Example, if you have a folder named "backups" for your backups and a folder named "custom-configs" with your pre-configured files:
cp /etc/ssh/sshd_config ./backups/sshd_configcp ./custom-configs/sshd_config /etc/ssh/sshd_config
Useful one liners
These are useful commands or chains of commands to remember or write down for CyberPatriot (Feel free to add to this)
grep "sh$" /etc/passwd
- Lists all of the users on the system, plus the root user. It includes extra information, but the usernames are before the first colon.
find /home -name "*\.mp[34]" -o -name "*\.mov" -o -name "*\.webm"
- Finds all files which end in ".mp3", ".mp4", ".mov", or ".webm", which are usually not allowed to be in user's directories.
sudo rm /directory/of/files/to/delete/*
- This deletes all of the files within a certain directory (make sure to include the asterisk at the end). For example
sudo rm /home/jim/Music/*