Kali Linux: system protection and monitoring exercises
→ Part 1. Kali Linux: security policy, protecting computers and network services
→ Part 2. Kali Linux: filtering traffic using netfilter
→ Part 3. Kali Linux: monitoring and logging
In the previous three materials, we talked about protecting Kali Linux, about filtering traffic, and about monitoring. Today we will summarize and present to your attention a few exercises. Here is a translation of Sections 7.6 and “Exercises” in Chapter 7 of the book “ Kali Linux Revealed ”.
In this chapter, we looked at the concepts of creating security policies, talked about what you should pay attention to when creating such a policy, and described some of the threats that are directed both at computers and at information security specialists themselves. We discussed measures to protect laptops and desktops, and showed how to set up the
')
Below are a few exercises that will allow you to practice your Kali Linux security.
Note: if there is such an opportunity, it would be good to make answers to the questions in the collapsible block. Similarly, the answers to other questions.
→ Here is the Asciinema solution (the text cannot be copied from the video).
We hope that what you learned from the series of materials in which we published translations of fragments of the seventh chapter of the book “ Kali Linux Revealed ” will help you to make your system safer and more reliable.
Dear readers! Did you do the exercises, or did you have to pry into the answers?
→ Part 2. Kali Linux: filtering traffic using netfilter
→ Part 3. Kali Linux: monitoring and logging
In the previous three materials, we talked about protecting Kali Linux, about filtering traffic, and about monitoring. Today we will summarize and present to your attention a few exercises. Here is a translation of Sections 7.6 and “Exercises” in Chapter 7 of the book “ Kali Linux Revealed ”.
7.6. Results
In this chapter, we looked at the concepts of creating security policies, talked about what you should pay attention to when creating such a policy, and described some of the threats that are directed both at computers and at information security specialists themselves. We discussed measures to protect laptops and desktops, and showed how to set up the
netfilter firewall built into the Linux kernel. Finally, we looked at the tools and strategies for monitoring Kali, showed how to implement them in order to be able to detect potential threats in time. Now let's summarize, remember the most important.')
- Take time to formulate a security policy.
- If you use Kali Linux on a public server, change all standard passwords for services that can be configured (for more details see section 7.3. “ Protecting network services ”) and restrict access to them using a firewall (for more details see section 7.4. “ Firewall or packet filtering "). This should be done before starting the services.
- Use
fail2banto repel password guessing attacks or remote password attacks using brute force. - If you support web services, organize work with them via HTTPS to prevent traffic interception, which may include authentication cookies, by third parties.
- The real risk often arises if you travel from client to client. For example, your laptop may be stolen or removed at customs. Prepare for this development using full disk encryption (for details, see section 4.2.2. “ Installation on a fully encrypted file system ”). Consider setting up a self-destruct feature (for details, see “ Setting a self-destruct password to increase security ”). This will allow you to securely protect customer data.
- Configure firewall rules (section 7.4. “ Firewall or packet filtering ”) to block any outgoing traffic, except for the one that your VPN connection generates. As a result, you will organize a secure network connection for yourself, and if it turns out to be broken, you will immediately find out about it (and do not switch to Internet access via the local network).
- Disable unused services. Kali simplifies this task, since all external network services are disabled by default.
- The
netfilterfirewall is built into the Linux kernel. There are no universal rules for configuring firewalls that are suitable for all occasions, as users may have different requirements for networks and network services. You can configure the firewall as you need it, from user space, using theiptablesandip6tablescommands. - The
logcheckprogramlogcheckable to monitor log files, viewing them, by default, hourly, and send to the administrator reports containing unusual records for further analysis. - The
top —utilitytop —an interactive tool that lists the running processes. - The
dpkg --verify(ordpkg -V) command allows you to display a report on system files that have been modified (possibly by an attacker). Its disadvantage is that comparing files, it relies on their checksums, which can be changed by a well-trained attacker. - The Advanced Intrusion Detection Environment (AIDE) tool allows you to check the integrity of files, it detects any changes when comparing existing files with a previously saved reference system image.
- The
tripwiretooltripwirevery similar to AIDE, but it uses the technique of signing the configuration file, so the attacker cannot change it so that it points to the version of the reference database he needs. - Consider using the
rkhunter,checksecurity, andchkrootkitthat are designed to scan for rootkits.
Exercises
Below are a few exercises that will allow you to practice your Kali Linux security.
▍Exercise number 1: protection when working in the network
- Identify all open ports in your Kali Linux installation.
- Configure the Kali firewall to allow TCP connections only to ports 22, 80 and 443.
- Check if all other ports are blocked using a utility like
netcat. - Configure the system so that the firewall rules are saved after the reboot. Restart the computer to check it.
Note: if there is such an opportunity, it would be good to make answers to the questions in the collapsible block. Similarly, the answers to other questions.
▍ Answers to exercise number 1
Look
→ Here is the Asciinema solution (the text from the video cannot be copied).
This is how it looks from the point of view of the host system from which you are connecting to the virtual machine with Kali Linux.
- Check open ports:
root@kali:~# netstat -tulpen root@kali:~# iptables -n -L INPUT
If some ports are already blocked on your system, or there are previously establishediptablesrules, you can get rid of all this:root@kali:~# iptables -F INPUT root@kali:~# iptables -P INPUT ACCEPT root@kali:~# iptables -P FORWARD ACCEPT root@kali:~# iptables -P OUTPUT ACCEPT
Now check if you can connect to port 4444 on your computer usingnetcatas follows:root@kali:~# nc -lnvp 4444 listening on [any] 4444 ...
From your host (if Kali is running on a virtual machine), or from another computer, try connecting to thenetcatinstance that is listening on port 4444. After connecting, type in something from the keyboard. The text should appear wherenetcatrunning:root@HOST_MACHINE:~# nc -v 172.16.161.136 4444 aaaaaaaa
Please note that if you enter text from the keyboard, but it does not appear on the screen, it means that something went wrong. Understand this before continuing. If Kali is installed on a virtual machine, switch to using a network bridge instead of NAT. Get network connectivity up and running. - You can configure the firewall using the following commands:
iptables -P INPUT DROP iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT iptables -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
Now check whether it is possible to reconnect to port 4444 on a firewall-protected machine:root@kali:~# nc -lvp 4444 listening on [any] 4444 ... - Try, from the host computer, to connect to
netcat. The connection attempt should fail.root@HOST_MACHINE:~# nc -v 172.16.161.136 4444 nc: connectx to 172.16.161.136 port 4444 (tcp) failed: Operation timed out - Now create an
iptablesscript from the previously defined rules:root@kali:~# iptables-save > /usr/local/etc/myconfig.fw
Register the configuration script in thepre-updirective of the/etc/network/interfacesfile. Reboot the system to make sure that the firewall settings are saved.auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp pre-up iptables-restore < /usr/local/etc/myconfig.fw
→ Here is the Asciinema solution (the text from the video cannot be copied).
This is how it looks from the point of view of the host system from which you are connecting to the virtual machine with Kali Linux.
▍Exercise number 2: monitoring services
- Install
logcheck. - Try to attack, using brute force, your own SSH service, and see if it
logcheck, if itlogcheckyou an attack report. - Schedule a
cronjob to runlogcheckevery hour so that, after analyzing the log files, it will create a log file in/data/$(date-time).log.
▍ Answers to exercise number 2
Look
→ Here is the Asciinema solution (text can be copied from the video).
- Install
logcheckand run it for the first time:apt-get install logcheck sudo -u logcheck logcheck -o - Download the password list, attack your own SSH service with the help of the
hydrabruteforcer, see whatlogcheckabout it:wget https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/500-worst-passwords.txt hydra -l root -P 500-worst-passwords.txt 127.0.0.1 ssh tail -f /var/log/auth.log sudo -u logcheck logcheck -o - Write a bash script with the following content:
mkdir -p /data/ sudo -u logcheck logcheck -o > /data/$(date +"%m-%d-%Y-%T").log
Make it executable and place it in the/etc/cron.hourlydirectory.
→ Here is the Asciinema solution (text can be copied from the video).
▍Exercise number 3: file system protection
- Install
tripwire. Start monitoring changes to files in the/var/www/html/directory. - If you did everything correctly, you will encounter a lot of “File system error” errors. Maybe you hacked? In any case, correct the situation.
▍ Answers to exercise number 3
Look
- Install
tripwireand set the files you want to protect:apt-get install tripwire # yes, yes, yes, yes nano /etc/tripwire/twpol.txt # list the directories and files you want to protect
Add the following code block to thetripwirepolicytripwire:# Webserver file and folder monitoring ( rulename = "Web server file and directories", severity = $(SIG_HI) ) { /var/www/html -> $(SEC_BIN); }
Now maketripwirereact to changes in files in the/var/www/htmldirectory:twadmin -m P /etc/tripwire/twpol.txt #Create Policy File tripwire --init #Initialize database tripwire --check #Initial integrity check touch /var/www/html/shell_backdoor.php tripwire --check tripwire --update-policy -Z low /etc/tripwire/twpol.txt tripwire --check
→ Here is the Asciinema solution (the text cannot be copied from the video).
Thought information
- Here is an interesting example of using
iptables. You can turn any wireless computer into a wireless access point withhostapd. Here is the source of this idea:iptables -t nat -F iptables -F iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT echo '1' > /proc/sys/net/ipv4/ip_forward (DNS, dhcp still required) - Take a look at this awesome iptables guide .
Results
We hope that what you learned from the series of materials in which we published translations of fragments of the seventh chapter of the book “ Kali Linux Revealed ” will help you to make your system safer and more reliable.
Dear readers! Did you do the exercises, or did you have to pry into the answers?
Source: https://habr.com/ru/post/338712/
All Articles