Hardening Linux

SQL INJECTION USING SQLMAP
===============================


python sqlmap.py -u "http://www.site.com/section.php?id=51"

Discover db

 python sqlmap.py -u "http://www.sitemap.com/section.php?id=51" --dbs

Discover tble

python sqlmap.py -u "http://www.site.com/section.php?id=51" --tables -D database name

Get coloumns of table

python sqlmap.py -u "http://www.site.com/section.php?id=51" --columns -D database -T tablename


Get data from table

$ python sqlmap.py -u "http://www.site.com/section.php?id=51" --dump -D database -T tablename




NMAP
=========
nmap -sS 192.168.0.101 --perform stealthy scan
nmap -PS -p 22,80 192.168.0.101--scan specific ports
nmap -sV--find host service version number
nmap -PN 192.168.0.101 --- Scan a Host to check its protected by Firewall


Lynis
++++++++
yum install git
cd /usr/src && git clone https://github.com/CISOfy/lynis.git
cd /usr/src/lynis/
 ./lynis audit system -Q



 TCP SYN Flood Protection
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 3

 wget http://hostmybytes.com/hardening.sh


Open the suPHP configuration file:

1
# vi /opt/suphp/etc/suphp.conf
And uncomment the following lines:

1
2
3
;application/x-httpd-php=/usr/local/lib/
;application/x-httpd-php4=/usr/local/php4/lib/
;application/x-httpd-php5=/usr/local/lib/
The above lines should read as below:

1
2
3
application/x-httpd-php=/usr/local/lib/
application/x-httpd-php4=/usr/local/php4/lib/
application/x-httpd-php5=/usr/local/lib/


# open_basedir = "/home/:/tmp:/usr/local/lib/"






mysleep() {
MESSAGE=$1
pid=$!
        spin='-\|***|/'
        i=0
        while kill -0 $pid 2>/dev/null
        do
          i=$(( (i+1) %4 ))
          echo -ne "\r$MESSAGE ${spin:$i:1}"
          sleep .1
        done
}



mysleep "Tweaking Apache"





red='\e[0;31m'
green='\e[0;32m'
notice='\e[0;35m'
NC='\e[0m'

    echo -ne "\r${notice}Detected cPanel/WHM on the server${NC}"


NON VPS SERVICES
======================


https://www.nixtree.com/download/free/services_dis_vps.txt


Greensnow blacklist in csf

http://blocklist.greensnow.co/greensnow.txt


WatchMySQL cPanel/WHM plugin
===========================
cd /usr/src
wget http://download.ndchost.com/watchmysql/latest-watchmysql
sh latest-watchmysql


How to uninstall the WatchMySQL cPanel/WHM Plugin
An uninstall script is included with the installer, you can download the installer and extract it without running it by passing –noexec to it. to download the installer extract it then run the uninstall, use the following commands:

wget
http://download.ndchost.com/watchmysql/latest-watchmysql
sh latest-watchmysql --noexec
./installd-watchmysql/uninstall
It will look as follows:
root@localhost [~]# wget
http://download.ndchost.com/watchmysql/latest-watchmysql
root@localhost [~]# sh latest-watchmysql --noexec
Creating directory installd-watchmysql
Verifying archive integrity... All good.
Uncompressing WatchMySQL by NDCHost.com....................................
root@localhost [~]# ls
installd-watchmysql  latest-watchmysql
root@localhost [~]# cd installd-watchmysql/
root@localhost [~/installd-watchmysql]# ls
./ ../ bootstrap  changelog  uninstall  watchmysql  watchmysql.chkservd  watchmysql.config  watchmysql.redhat  whmplugin
root@localhost [~/installd-watchmysql]# ./uninstall


Clean BACKUPS
=============
https://www.ndchost.com/cpanel-whm/addons/cleanbackups/