]> _ Git - hardening-scripts.git/log
projects / hardening-scripts.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
hardening-scripts.git
6 months agobackup,media: add backup and find media modules master
commit | commitdiff | tree
mivirl [Tue, 25 Jun 2024 02:03:18 +0000 (21:03 -0500)]
backup,media: add backup and find media modules

Backups are xz-compressed tar archives saved under /opt/backup and
made immutable to prevent accidental changes/deletion

The find_media module can be used to search for unauthorized media
files, and is disabled by default

6 months agoall: separate script into modules
commit | commitdiff | tree
mivirl [Tue, 25 Jun 2024 01:59:03 +0000 (20:59 -0500)]
all: separate script into modules

Separated the sections of the script into individual modules to make it
easier to choose which to run.

6 months agohide-hardware: remove hide-hardware.sh
commit | commitdiff | tree
mivirl [Tue, 25 Jun 2024 01:54:19 +0000 (20:54 -0500)]
hide-hardware: remove hide-hardware.sh

The script may provide some additional privacy, but it's outside the
scope of a hardening script that's intended for competitions where the
red team doesn't need to be particularly subtle. There isn't much point
in including it.

7 months agosandbox: Improve systemd template overrides
commit | commitdiff | tree
mivirl [Sun, 26 May 2024 05:05:45 +0000 (00:05 -0500)]
sandbox: Improve systemd template overrides

Improved templates to make breakage less likely and rely less on
newer systemd features to provide security. Tested with v239 as the
earliest version, but should still work with earlier versions as well.

Exposure levels from `systemd-analyze security` on v252 (scale is
from 0-10 with lower being more secure)
- nginx: 2.3 OK
- apache2: 2.2 OK

7 months agoInitial commit
commit | commitdiff | tree
mivirl [Wed, 22 May 2024 16:31:01 +0000 (11:31 -0500)]
Initial commit

Blue team scripts for hardening machines