malvern-cads / centsecure Goto Github PK
View Code? Open in Web Editor NEW๐ A tool for automating parts of CyberCenturion
Home Page: https://malvern-cads.github.io/centsecure
License: GNU General Public License v3.0
๐ A tool for automating parts of CyberCenturion
Home Page: https://malvern-cads.github.io/centsecure
License: GNU General Public License v3.0
Create logging and input common functions to replace logzero.
Disable root login
This needs a custom installation at the moment:
python -m pip install pywin32
Navigate to the python install folder
python Scripts/pywin32_postinstall.py -install
Instead of keeping it in the repo, clone it
https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js
Switch to secure desktop when prompting for elevation
Allowed users, network level authentication, etc...
Disallow users from changing system time
Ensure any files that currently use the legacy back up system are moved to the newer system
The current way of generating binaries doesn't work very well because they only work on the exact OS that they were built on (e.g. binary built on Ubuntu 19.10 doesn't work on Ubuntu 16.04). So instead have 2 installer scripts (Windows and Linux) which:
Detect all services running, and prompt user whether to disable them or not.
e.g. samba, avahi, ftp...
Enable warnings when installing add-ons, block dangerous downloads, automatically update, etc...
e.g.
[?] (8/368) Would you like to keep the program 'alacarte' (y/n/i)? i
alacarte/oldoldstable,now 3.11.91-2 all [installed]
easy GNOME menu editing tool
[?] (8/368) Would you like to keep the program 'alacarte' (y/n/i)?
or even just the easy GNOME menu editing tool
bit
Linux and Windows issue where the default user changed password doesn't work
Enable, update definitions, automatic scans, etc...
Remove backdoors
e.g. common.run_full("for usr in $(cut -d: -f1 /etc/shadow); do [[ $(chage --list $usr | grep '^Last password change' | cut -d: -f2) > $(date) ]] && echo \"$usr :$(chage --list $usr | g rep '^Last password change' | cut -d: -f2)\"; done")
Install and configure security
Need to check these out!
Delete files ending in a list of extensions. For example: .mp3
, .mp4
, .ogg
, .wav
, etc...
Implement an easy way to backup files that payloads will change
Check running services (e.g. FTP, RDP, Telnet, UPnP, Remote Registry, etc...)
After Round 3, this probably wants to be made public so the documentation needs cleaning up and removing.
Ask for list of accounts to create and whether they need to be admin or not. Then create users in the list, remove users not in the list and promote/demote users.
e.g. ASLR is enabled
Hide surname, and require ctrl-alt-del to logon
Currently the file resides in payloads/security_policy.inf
/etc/shadow, /etc/passwd...
I belive the remove software will work on debian, as the code is based on the apt package manager
e.g. if we wanted to back up a home directory, it might contain 'illegal stuff', so archiving will remove any possibility of that being detected.
Also home directories might be quite big, so it might be a good idea to compress as well
[sudo] password for a:
sudo: PAM authentication error: Module is unknown
Implement a better way of checking/installing cracklib
The win32net module isn't availlible on Linux, so something needs to be done about only loading it for Windows
Automatically create Windows and Linux binaries
IPv4 and IPv6 hardening, secure firewall...
Ask for list of accounts to create and whether they need to be admin or not. Then create users in the list, remove users not in the list and promote/demote users. Also change passwords where appropriate
Add needed software and remove banned software
/tmp sometimes gets cleaned after a reboot and this means that you loose access to the backups
For /etc/login.defs
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.