LUNAR – Lockdown UNix Auditing and Reporting

A UNIX security auditing tool based on several security frameworks Introduction This scripts generates a scored audit report of a Unix host’s security. It is based on the CIS and other frameworks. Where possible there are references to the CIS and other benchmarks in the code documentation.Why a shell script? I wanted a tool that was able to run on locked down systems where other tools may not be available. I also wanted a tool that ran on all versions of UNIX. Having said that there are some differences between sh and bash, so I’ve used functions only from sh. There is no warranty implied or given with this script. My recommendation is to use this script in audit mode only, and address each warning individually via policy, documentation and configuration management. It can also can perform a lockdown. Unlike some other scripts I have added capability to backout changes. Files are backed up using cpio to a directory based on the date. Although it can perform a lockdown, as previously stated, I’d recommend you address the warnings via policy, documentation and configuration management. This is how I use the tool. Supported Operating Systems: Linux RHEL 5,6,7 Centos 5,6,7 Scientific Linux SLES 10,11,12 Debian Ubuntu Amazon Linux Solaris (6,7,8,9,10 and 11) Mac OS X FreeBSD (needs more testing) AIX (needs more testing) ESXi (initial support – some tests) More Information For more information refer to wiki: Wiki Usage Ubuntu Solaris 11 CentOS Amazon Linux UsageUsage: ./lunar.sh -[a|A|s|S|d|p|c|l|h|c|V] -[u]-a: Run in audit mode (no changes made to system)-A: Run in audit mode (no changes made to system) [includes filesystem checks which take some time]-s: Run in selective mode (only run tests you want to)-d: Print information for a specific test-S: List functions available to selective mode-l: Run in lockdown mode (changes made to system)-L: Run in lockdown mode (changes made to system) [includes filesystem checks which take some time]-c: Show changes previously made to system-p: Show previously versions of file-u: Undo lockdown (changes made to system)-h: Display usage-V: Display version-v: Verbose mode [used with -a and -A] [Provides more information about the audit taking place]ExamplesRun in Audit Mode:./lunar.sh -aRun in Audit Mode and provide more information:./lunar.sh -a -vDisplay previous backups:./lunar.sh -bPrevious backups:21_12_2012_19_45_05 21_12_2012_20_35_54 21_12_2012_21_57_25Restore from previous backup:./lunar.sh -u 21_12_2012_19_45_05List tests:./lunar.sh -SOnly run apache based tests:./lunar.sh -s audit_apachePrint documentation regarding apache based tests:./lunar.sh -d audit_apache# SYSTEM INFORMATION:Platform: i386Vendor: AppleName: DarwinVersion: 10.12Update: 3Checking: If node is managedNotice: Node is not managed# Module: audit_apache# Solaris:# The action in this section describes disabling the Apache 1.x and 2.x web# servers provided with Solaris 10. Both services are disabled by default.# Run control scripts for Apache 1 and the NCA web servers still exist,# but the services will only be started if the respective configuration# files have been set up appropriately, and these configuration files do not# exist by default.# Even if the system is a Web server, the local site may choose not to use# the Web server provided with Solaris in favor of a locally developed and# supported Web environment. If the machine is a Web server, the administrator# is encouraged to search the Web for additional documentation on Web server# security.# Linux:# HTTP or web servers provide the ability to host web site content.# The default HTTP server shipped with CentOS Linux is Apache.# The default HTTP proxy package shipped with CentOS Linux is squid.# Unless there is a need to run the system as a web server, or a proxy it is# recommended that the package(s) be deleted.# Refer to Section(s) 3.11,14 Page(s) 66-9 CIS CentOS Linux 6 Benchmark v1.0.0# Refer to Section(s) 2.2.10 Page(s) 110 CIS Ubuntu Linux 16.04 Benchmark v1.0.0# Refer to Section(s) 3.11,14 Page(s) 79-81 CIS RHEL 5 Benchmark v2.1.0# Refer to Section(s) 3.11,14 Page(s) 69-71 CIS RHEL 6 Benchmark v1.2.0# Refer to Section(s) 2.2.10,13 Page(s) 110,113 CIS RHEL 7 Benchmark v2.1.0# Refer to Section(s) 6.10,13 Page(s) 59,61 CIS SLES 11 Benchmark v1.0.0# Refer to Section(s) 2.4.14.7 Page(s) 56-7 CIS OS X 10.5 Benchmark v1.1.0# Refer to Section(s) 2.10 Page(s) 21-2 CIS Solaris 11.1 v1.0.0# Refer to Section(s) 2.2.11 Page(s) 30-2 CIS Solaris 10 v5.1.0# Refer to Section(s) 2.2.10,13 Page(s) 102,105 CIS Amazon Linux Benchmark v2.0.0 Download LUNAR

Link: http://feedproxy.google.com/~r/PentestTools/~3/c19tIcRfNqc/lunar-lockdown-unix-auditing-and.html

Glue – Application Security Automation

Glue is a framework for running a series of tools. Generally, it is intended as a backbone for automating a security analysis pipeline of tools. Recommended Usage For those wishing to run Glue, we recommend using the docker image because it should have the other tools it uses available already and configured. See the documentation for more info. Glue Docker Documentation For those interested in how to use Glue in a DevOps context, see Glue DevOps Integration Options Installation gem install owasp-glue or docker run owasp/glue Installation for Development git clone https://github.com/owasp/gluecd glue — RVM will set to 2.3.1 with Gemset Gluegem install bundlerbundle install Running in Development cd lib../bin/glue -h Extending Glue Glue is intended to be extended through added “tasks". To add a new tool, copy an existing task and tweak to make it work for the tool in question. Usage Glue <target> Options Common options include: -d for debug-f for format (takes "json", "csv", "jira")For a full list of options, use Glue –help or see the OPTIONS.md file. Target The target can be: Filesystem (which is analyzed in place) Git repo (which is cloned for analysis) Other types of images (.iso, docker, etc. are experimental) Dependencies clamav hashdeep rm (*nix) git mount (*nix) docker Development To run the code, run the following from the root directory: >ruby bin/Glue <options> target To build a gem, just run: gem build Glue.gemspec Integration Git Hooks First, grab the hook from the code. meditation:hooks mk$ cp /area53/owasp/Glue/hooks/pre-commit .Then make it executable. meditation:hooks mk$ chmod +x pre-commitMake sure the shell you are committing in can see docker. meditation:hooks mk$ eval "$(docker-machine env default)"Now go test and make a change and commit a file. The result should be that Glue runs against your code and will not allow commits unless the results are clean. (Which is not necessarily a reasonable expectation) Configuration files For advanced usage scenarios, you can save your configuration and use it at runtime. Authors Matt Konda Alex Lock Rafa Perez Download Glue

Link: http://feedproxy.google.com/~r/PentestTools/~3/IABlPNynuy0/glue-application-security-automation.html

Startup Security Weekly #22 – Robert Stratton, Mach37

Bob Stratton is a serial Internet and cybersecurity entrepreneur. Prior to Mach37, Bob was Director of Government Research at Symantec Research Labs and founded many product and service companies in information security. Paul and Michael chat with Bob about his startup journey, companies, and more! Full Show Notes Visit http://securityweekly.com/category/ssw/ for all the latest episodes!

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/NL64IBqq5Lw/

Paul’s Security Weekly #496 – Security News

The Trump Administration urges more coordination on cyberthreats, more raw intelligence data sharing permissions for the NSA, and why are the feds suing D-Link? Full Show Notes Subscribe to YouTube Channel Security Weekly Website Follow us on Twitter: @securityweekly http://traffic.libsyn.com/pauldotcom,pswonly/Pauls_Security_Weekly__496_-_Tech_Segment_Bypassing_AV_on_Android_Beau_Bullock_converted.mp3

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/qjhpw1Vmzxw/

Paul’s Security Weekly #496 – Tech Segment: Bypassing AV on Android, Beau Bullock

Beau Bullock shows us how to bypassing antivirus software using Android in this week’s tech segment! Full Show Notes Subscribe to YouTube Channel Security Weekly Website Follow us on Twitter: @securityweekly http://traffic.libsyn.com/pauldotcom,pswonly/Pauls_Security_Weekly__496_-_Tech_Segment_Bypassing_AV_on_Android_Beau_Bullock_converted.mp3

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/7V6eQGMZTtg/

Paul’s Security Weekly #496 – Lesley Carhart, Motorola Solutions/US Air Force Reserve

Lesley Carhart (@hacks4pancakes) is a veteran security incident responder and digital forensics analyst. Programming since the age of 7, she forged her name in the industry by working with organizations like Motorola and the Air Force Reserve. Full Show Notes Subscribe to YouTube Channel Security Weekly Website Follow us on Twitter: @securityweekly http://traffic.libsyn.com/pauldotcom,pswonly/Pauls_Security_Weekly__496_-_Lesley_Carhart_Motorola_Solutions_US_Air_Force_Reserve_converted.mp3

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/z7y3-Xz_eHQ/