Security - mwicat/personal GitHub Wiki

Scan page against standards

• https://observatory.mozilla.org/
• https://infosec.mozilla.org/guidelines/web_security

Firewall

https://www.howtogeek.com/115116/how-to-configure-ubuntus-built-in-firewall/

sudo ufw enable

sudo ufw status

sudo ufw deny in on eth0
sudo ufw allow in on eth0 to any port 22

GUI

sudo apt-get install gufw

https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules

block except ip

iptables -A INPUT -p tcp --dport 5222 -s YOUR_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 5222 -j REJECT

iptables -A INPUT -p tcp --dport 443 -s YOUR_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j REJECT

unblock ip

iptables -D INPUT -p tcp --dport 5222 -s YOUR_IP -j ACCEPT
iptables -D INPUT -p tcp --dport 5222 -j REJECT

iptables -D INPUT -p tcp --dport 443 -s YOUR_IP -j ACCEPT
iptables -D INPUT -p tcp --dport 443 -j REJECT

Allow only one remote command

.ssh/authorized_keys:

command="./mycmd",no-port-forwarding,no-x11-forwarding,no-agent-forwarding PUB_KEY_DATA

Allow only one sudo command

joe ALL=(ALL) NOPASSWD: /full/path/to/command
    ^ HOST ^ TARGET USER

Recover rar password

wget 'https://github.com/magnumripper/JohnTheRipper/archive/bleeding-jumbo.zip'
unzip bleeding-jumbo.zip 
cd JohnTheRipper-bleeding-jumbo/src
./configure
make -s clean && make -sj4
cd ../run/
./rar2john ~/tmp/cherry.rar > cherry.hash
./john --format=rar cherry.hash