An evolving how-to guide for securing a Linux server.
-
Updated
Jan 8, 2020
An evolving how-to guide for securing a Linux server.
I'm using OpenNTPD instead of the default ntp on my FreeBSD server - when lynis analyses the ntp settings it tries to query information with ntpq which is (to my knowledge) is not possible with OpenNTPD.
Lynis will slow down as ntpq takes a while fail.
OS: FreeBSD 10.4
Lynis: 2.6.1 (768446e4)
[ Lynis 2.6.1 ]
####################################################################
Based on info gathered here in issue #293
toniblyx/prowler#293
As you know it is hard to surf on web with user.js. I always have problem with many sites, but it i realyly takes time to find which config is not compatibale with the visited site. I think we can create a list of buggy sites so anyone can contribute it.
I can start with mines:
Add on suggestions [and other privacy related suggestions] mentioned at the following websites for consideration/integration:
Prism Break: https://prism-break.org/en/categories/windows/#web-browser-addons
Privacy Tools: https://www.privacytools.io/#addons
Probably not a new issue as I've been following some resources but still need help. I would like to configure vuln detection on Windows and there are no documentation on the Wazuh portal for this. From what I've read so far you seem to be using the NVD database as a reference, can you please help me?
/// Does nothing
void test1() {}
/** Stilll nothing
*/
void test2() {}results in
// / Does nothing
#[no_mangle]
pub unsafe extern "C" fn test1() { }
/* * Stilll nothing
*/
#[no_mangle]
pub unsafe extern "C" fn test2() { }There's an extra space after the comment's first 2 chars.
Tested on the website and latest git (d1bbe9f).
This may surprise developers used to other templating engines used in Rails, but, at time of writing, Liquid does not behave like ERB/HAML templates in Rails where interpolated values are escaped by default.
Liquid does not escape interpolated values and does not have an option (at time of writing) to configure this to be the default. The developer needs to remember each and every time to es
Sandboxed API should build/work on all major Linux distributions.
We should provide at least some basic instructions for distributions other than Debian/Ubuntu:
I have never written SCAP content before, and am looking at how to get started. I would like to write SCAP content to test compliance on Photon OS against DISA SRGs. I have been all over the wiki pages, but I am still not sure how to get started. The main page makes it look super easy for writing OVAL and XCCDF files using YAML, but I am not sure where to build those
https://github.com/0xmachos/mOSL is a good replacement until this is updated.
Basically, we should remove all settings that are no longer relevant, and add ones that are newly added.
Usbguard API is frustruating and contra-productive to use due to the fact that there is little or no documentation for it and API user has to search in the sources of usbguard to find out what each function is doing. This is a huge issue of usability of the usbguard API.
Scripts built from our Guide to User Data Security
🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.
Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark
I've been tasked with creating a CIS Level 1 standard RHEL image in Azure. I've taken a market place RHEL 7.3 image and applied this playbook with packer/ansible using tags level1.
However, when I go and try and create a VM from the image, it fails. If I skip cis_section1, I can create a VM from the image. I'm a linux newbie, apologies, but any obvious rules in section 1 that could be causing
A collection of awesome security hardening guides, tools and other resources
Hi team,
I have noticed that the log examples found in 0610-win-ms_logs_rules.xml don't match their rules.
It is due the fields providerName and channel aren't correct.
To match rules 63103, 63104 and 63105, the logs must have matched before rules `60
jmespath is no longer installed by default (though still available) with Ansible Engine provided by Red Hat on RHEL 7 (it is installed by default on RHEL 8), so it's one more dep users will need to install manually. Maybe we can swap jmespath out for some jinja2 list comprehension.
| Wazuh | Elastic | Rev |
|---|---|---|
| 3.10 | 7.x | --- |
Description
Letters will move around as you hover over items in the Kibana App using Firefox.
This is most notable in the Management tab and when the window size is somewhat small.
Steps to reproduce
With Firefox
Add a description, image, and links to the security-hardening topic page so that developers can more easily learn about it.
To associate your repository with the security-hardening topic, visit your repo's landing page and select "manage topics."
Currently there's possiblity to make "one-liner scan" of system using curl (https://vuls.io/docs/en/usage-server.html). Issue is, that received JSON can't be displayed nicely with application, because application always want's to get the data from vulnerability DB (even there's everything needed in the JSON returned by vul