Linux Security: Create a Custom Scan Policy with OpenSCAP

Create a Customer OpenSCAP Policy 1. Use VNC to connect to the server using it's public IP address on port 5901.2. Open SCAP Workbench: Applications > System Tools > SCAP Workbench3. Select RHEL7 next to Select content to load:. Click the Customize button next to Profile. Provide a New Profile ID of xccdf_org.ssgproject.custom_profile_1.4. In the customizing window: Click the Deselect All button at the top.5. Under Services > Obsolete Services > Telnet, check the box... Continue Reading →

Linux Security: Working with the Audit Log

Create audit rules to watch `/etc/passwd` for reads, `/etc/sudoers/` for reads and writes, and `/sbin/visudo` for executions. Run these commands auditctl -w /etc/passwd -p w -k userwatch auditctl -w /sbin/visudo -p x -k sudowatch auditctl -w /etc/sudoers -p rw -k sudowatch Generate an audit rule list in `/home/cloud_user/rules.txt` Run this command auditctl -l > /home/cloud_user/rules.txt... Continue Reading →

Linux Security: Performing a Compliance Scan and Active Remediation Using OSCAP

Install the Necessary Packages Become rootsudo su Install the OpenSCAP scanner and the SCAP security guide.yum install -y openscap-scanner scap-security-guide Run a Compliance Scan with Remediation Use the following command to run a scan with remediation:oscap xccdf eval --remediate --profile xccdf_org.ssgproject.content_profile_rht-ccp --results scan-results.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml Report from the Scan Results Run the following command to generate a... Continue Reading →

Linux Security: Working with OpenSSL and httpd

Install 'mod_ssl' on the host 'webserver' sudo yum install mod_ssl Generate and sign the private key for '' using 'openssl' openssl genrsa -aes128 -out /etc/pki/tls/private/httpdkey.pem # You will get a prompt for a password openssl req -new -x509 -key /etc/pki/tls/private/httpdkey.pem -out /etc/pki/tls/certs/httpdcert.pem -days 365 # You will get a prompt for a password Update the... Continue Reading →

Linux Security: Disk Encryption with eCryptfs

Install eCryptfs on the Provided System sudo apt-get install ecryptfs-utils Configure '/opt/protected' as an Encrypted Mount sudo mount -t ecryptfs /opt/protected /opt/protected # Use "supersecret1" as passphrase # Accept defaults fot all prompts Copy the Contents of '/etc/profile.d' sudo cp /etc/profile.d/* /opt/protected/ Re-encrypt '/opt/profile.d/* /opt/protected/ umount /opt/protected Full Video

What are the several indicators of compromise(IOC) that organizations should monitor?

Unusual Outbound Network TrafficHTML Response SizesGeographical IrregularitiesIncreases in Database Read VolumeLog-In Red FlagsUnexpected Patching of SystemsLarge Numbers of Requests for the Same FileWeb Traffic with Unhuman BehaviorSuspicious Registry or System File ChangesUnusual DNS RequestsMobile Device Profile ChangesBundles of Data in the Wrong PlaceMismatched Port-Application TrafficSigns of DDoS ActivityAnomalies in Privileged User Account Activity

A Website.

Up ↑