Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...
  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...
  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...
  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...
  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...
  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...
Showing posts with label Hardening. Show all posts
Showing posts with label Hardening. Show all posts

Saturday, May 27, 2017

Nix Audit Made Easier - Nix-Auditor



A script to audit linux and unix distributions based mainly on the CIS standards and universal linux hardening guidelines. The value it brings to your auditing set of tools is:

  • Speed - one can audit OS in less than 120 seconds and get report
  • Accuracy - tested on CentOS and RedHat with 100% accuracy
  • Customizeability - it is on github, code is easily customizeable to suit the OS type and the set of controls one needs to check.
  • Simplicity - just make it executable an run!

Share:

Monday, December 12, 2016

Security Auditing Tool for Unix/Linux Systems - Lynis 2.4.0



We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.

Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.

Supported operating systems

The tool has almost no dependencies, therefore it runs on almost all Unix based systems and versions, including:
  • AIX
  • FreeBSD
  • HP-UX
  • Linux
  • Mac OS
  • NetBSD
  • OpenBSD
  • Solaris
  • and others
It even runs on systems like the Raspberry Pi and several storage devices!

Installation optional

Lynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use "./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). 

How it works

Lynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.

Steps
  1. Determine operating system
  2. Search for available tools and utilities
  3. Check for Lynis update
  4. Run tests from enabled plugins
  5. Run security tests per category
  6. Report status of security scan
Besides the data displayed on screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.

Opportunistic scanning

Lynis scanning is opportunistic: it uses what it can find.
For example if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers a SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates, so they can be scanned later as well.

In-depth security scans

By performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!

Use cases

Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:
  • Security auditing
  • Compliance testing (e.g. PCI, HIPAA, SOx)
  • Vulnerability detection and scanning
  • System hardening

Resources used for testing

Many other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.
  • Best practices
  • CIS
  • NIST
  • NSA
  • OpenSCAP data
  • Vendor guides and recommendations (e.g. Debian Gentoo, Red Hat)

Lynis Plugins

lugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.


Changelog
Upgrade note
Lynis 2.4.0 (2016-10-27)

Exactly one month after previous release, the Lynis project is proud to announce
a new release. This release had the specific focus to improve support for macOS
users. Thanks to testers and contributors to make this possible.

New:
----
* New group "system integrity" added
* Support for clamconf utility
* Chinese translation (language=cn)
* New command "upload-only" to upload just the data instead of a full audit
* Enhanced support for macOS, including HostID2 generation for macOS
* Support for CoreOS
* Detection for pkg binary (FreeBSD)
* New command: lynis show hostids (show host ID)
* New command: lynis show environment (hardware, VM, or container type)
* New command: lynis show os (show operating system details)

Changes:
--------
* Several new sysctl values have been added to the default profile
* Existing tests have been enhanced to support macOS

Tests:
------
* AUTH-9234 - Support for macOS user gathering
* BOOT-5139 - Support for machine roles in LILO test
* BOOT-5202 - Improve uptime detection for macOS and others
* FIRE-4518 - Improve pf detection and mark as root-only test
* FIRE-4530 - Don't show error on screen for missing IPFW sysctl key
* FIRE-4534 - Check Little Snitch on macOS
* INSE-8050 - Test for insecure services on macOS
* MACF-6208 - Allow non-privileged execution and filter permission issues
* MALW-3280 - Detection for Avast and Bitdefender daemon on macOS
* NETW-3004 - Support for macOS
* PKGS-7381 - Improve test for pkg audit on FreeBSD
* TIME-3104 - Chrony support extended

Plugins (community and commercial):
-----------------------------------
* PLGN-1430 - Gather installed software packages for macOS
* PLGN-4602 - Support for Clam definition check on macOS


Share:

Saturday, September 3, 2016

Security Auditing Tool for Unix/Linux Systems - Lynis 2.3.2



We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.

Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.

Supported operating systems

The tool has almost no dependencies, therefore it runs on almost all Unix based systems and versions, including:
  • AIX
  • FreeBSD
  • HP-UX
  • Linux
  • Mac OS
  • NetBSD
  • OpenBSD
  • Solaris
  • and others
It even runs on systems like the Raspberry Pi and several storage devices!

Installation optional

Lynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use "./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). 

How it works

Lynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.

Steps
  1. Determine operating system
  2. Search for available tools and utilities
  3. Check for Lynis update
  4. Run tests from enabled plugins
  5. Run security tests per category
  6. Report status of security scan
Besides the data displayed on screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.

Opportunistic scanning

Lynis scanning is opportunistic: it uses what it can find.
For example if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers a SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates, so they can be scanned later as well.

In-depth security scans

By performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!

Use cases

Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:
  • Security auditing
  • Compliance testing (e.g. PCI, HIPAA, SOx)
  • Vulnerability detection and scanning
  • System hardening

Resources used for testing

Many other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.
  • Best practices
  • CIS
  • NIST
  • NSA
  • OpenSCAP data
  • Vendor guides and recommendations (e.g. Debian Gentoo, Red Hat)

Lynis Plugins

lugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.


Changelog

Categories and Groups

Tests are now grouped by their focus area and named 'groups' accordingly. Besides groups, each test will belong to a category (performance, privacy, or security).
Commands: lynis show categories, lynis show groups Options: --tests-from-category, --tests-from-group
Note: You might need to change your scripts if you previously defined the group of tests to scan.
Development

A new 'strict' option is available in the profiles and by default enabled for the initialization phases of Lynis. It will perform a strict code check for the tests, to detect any uninitialized variables, improving code quality.

Helpers

With 'lynis update check' you can now check for updates. This is the preferred new method.
The command 'lynis show changelog' allows reviewing the changes. Optionally a release can be specified as additional argument.

Languages

Initial translation for German has been contributed by Kai Raven. The Italian translation by Stefano Marty (stefanomarty). Hungarian translation by Zoltan Paldi (paldiz)

Profiles

Parsing of the profiles has been improved, which prevented some settings from overriding default settings.

Tests

  • AUTH-9212 - Added prerequisite to log
  • AUTH-9216 - Simplified test and make it more efficient
  • AUTH-9218 - Clean ups and improve readability
  • AUTH-9226 - Style, text, and removed warning
  • AUTH-9228 - Provide just a suggestion instead of warning
  • AUTH-9268 - Improve test for readability
  • AUTH-9328 - Test /etc/profile.d for umask setting
  • AUTH-9406 - Readability and code style changes
  • CONT-8102 - Determine if all Docker tests should be performed
  • DBS-1880 - Initial support for Redis server
  • HTTP-6720 - Readability improvement of test
  • KRNL-5830 - Readability and style improvements, ignore rescue images
  • MAIL-8818 - Style and refactoring
  • PHP-2211 - Readability improvement and code style changes
  • PHP-2374 - Changed text and cleanups
  • PHP-2376 - Log result to log file instead of report
  • PKGS-7383 - Simplified test
  • PKGS-7388 - Style and readability improvements
  • TIME-3106 - Corrected string to test for status
  • TOOL-5102 - Split of fail2ban tests
  • TOOL-5104 - Test for enabled fail2ban jails

Languages

Translation of Spanish (es) added Proper display of text strings when accented characters are used More text strings added

General

  • Added bold and header as new colors
  • Changed header and footer of screen output
  • Allow atomic tests to be skipped (e.g. SSH-7408)
  • Extended tests database with category (lynis show tests)
  • By default Lynis will now run in 'quick mode' and not break after each section. You can get this behavior by adding the --wait option.

Functions

  • RemoveColors - New test to clear colors
  • DisplayError - Display error on screen in uniform format and colors Use an optional exit code to quit the program
  • SkipAtomicTest - This function is now properly working with lowercase strings

Website

Several controls on the website are added or updated, including:

  • FILE-6344
  • FINT-4315
  • FINT-4402
  • HTTP-6714
  • MACF-6234
  • NAME-4018
  • NAME-4402
  • PHP-2374
  • PROC-3612
  • TIME-3106


    Share:
    Copyright © Offensive Sec Blog | Powered by OffensiveSec
    Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition