Update how_to_creating_and_making_an_AMI_public.mkd
This commit is contained in:
Samson-W
parent
16e1eeb5bf
commit
09871b9a98
|
|
@ -40,7 +40,7 @@ apply () {
|
|||
mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
|
||||
else
|
||||
apt_install $PACKAGE
|
||||
aideinit
|
||||
aideinit -y -f
|
||||
info "${PACKAGE} is now installed but not fully functionnal, please see readme to go further"
|
||||
fi
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -24,7 +24,8 @@ The creation process is as follows:
|
|||
|
||||
### Pre-Install
|
||||
```
|
||||
$ sudo apt update && sudo apt install -y bc net-tools vim unzip
|
||||
$ sudo apt update
|
||||
$ sudo apt install -y bc net-tools bc net-tools pciutils network-manager vim unzip
|
||||
```
|
||||
|
||||
### Get harbian-audit project
|
||||
|
|
@ -45,30 +46,56 @@ admin@ip:/opt/harbian-audit-master# passwd admin
|
|||
```
|
||||
|
||||
#### Audit && Apply:
|
||||
|
||||
##### First audit && apply:
|
||||
```
|
||||
admin@ip:/opt/harbian-audit-master$ sudo cp debian/default /etc/default/cis-hardening
|
||||
admin@ip:/opt/harbian-audit-master$ sudo sed -i "s#CIS_ROOT_DIR=.*#CIS_ROOT_DIR='$(pwd)'#" /etc/default/cis-hardening
|
||||
admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --init
|
||||
admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --audit-all
|
||||
admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --set-hardening-level 5
|
||||
admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg
|
||||
admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=disabled/' etc/conf.d/7.4.4_hosts_deny.cfg
|
||||
admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=disabled/' etc/conf.d/10.1.6_remove_nopasswd_sudoers.cfg
|
||||
admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.4.1_install_aide.cfg
|
||||
admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.4.2_aide_cron.cfg
|
||||
admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=disabled/' etc/conf.d/10.1.1_set_password_exp_days.cfg
|
||||
admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply
|
||||
admin@ip:/opt/harbian-audit-master$ sudo sed -i "/^root/a\admin ALL=(ALL:ALL) ALL" /etc/sudoers
|
||||
admin@ip:/opt/harbian-audit-master$ sudo reboot
|
||||
```
|
||||
After reboot:
|
||||
|
||||
##### Second audit && apply(After reboot)
|
||||
Configuring the firewall:
|
||||
```
|
||||
admin@ip:/opt/harbian-audit-master$ INTERFACENAME="eth0"
|
||||
admin@ip:/opt/harbian-audit-master$ sudo bash /opt/harbian-audit-master/docs/configurations/etc.iptables.rules.v4.sh $INTERFACENAME
|
||||
admin@ip:/opt/harbian-audit-master$ sudo bash /opt/harbian-audit-master/docs/configurations/etc.iptables.rules.v6.sh $INTERFACENAME
|
||||
admin@ip:/opt/harbian-audit-master$ sudo -s
|
||||
admin@ip:/opt/harbian-audit-master# iptables-save > /etc/iptables/rules.v4
|
||||
admin@ip:/opt/harbian-audit-master# ip6tables-save > /etc/iptables/rules.v6
|
||||
admin@ip:/opt/harbian-audit-master# exit
|
||||
```
|
||||
|
||||
Related how to use harbian-audit to adit and apply, please reference:
|
||||
[https://github.com/hardenedlinux/harbian-audit/blob/master/README.md](https://github.com/hardenedlinux/harbian-audit/blob/master/README.md)
|
||||
Apply need to apply twice items and that items of must apply after first apply:
|
||||
```
|
||||
admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg
|
||||
admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.1.32
|
||||
admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.1.1.2
|
||||
admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.1.1.3
|
||||
admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.1.12
|
||||
admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 4.5
|
||||
admin@ip:/opt/harbian-audit-master$ sudo reboot
|
||||
```
|
||||
|
||||
##### Third apply(after reboot)
|
||||
Apply need to apply three times items:
|
||||
```
|
||||
admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 4.5
|
||||
admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.1_install_aide.cfg
|
||||
admin@ip:/opt/harbian-audit-master$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.2_aide_cron.cfg
|
||||
admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.4.1
|
||||
admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --apply --only 8.4.2
|
||||
admin@ip:/opt/harbian-audit-master$ sudo reboot
|
||||
```
|
||||
|
||||
### Set issues
|
||||
```
|
||||
|
|
@ -89,9 +116,14 @@ $ sudo rm /opt/harbian-audit-master/tmp/backups/*
|
|||
$ sudo rm /opt/harbian-audit-master/etc/conf.d/*.cfg
|
||||
```
|
||||
|
||||
#### AIDE RE-INIT
|
||||
#### Final apply
|
||||
Reset password for all users and reinit aide database:
|
||||
```
|
||||
$ sudo aideinit -y -f
|
||||
admin@ip:/opt/harbian-audit-master$ sudo ./bin/hardening.sh --final
|
||||
```
|
||||
#### Uninstall
|
||||
```
|
||||
$ sudo apt-get purge --autoremove unzip
|
||||
```
|
||||
|
||||
#### Clear the current log:
|
||||
|
|
@ -147,8 +179,9 @@ $ history -cw
|
|||
|
||||
|
||||
|
||||
## Reference
|
||||
## Reference
|
||||
|
||||
[https://github.com/hardenedlinux/harbian-audit/blob/master/README.md](https://github.com/hardenedlinux/harbian-audit/blob/master/README.md)
|
||||
[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html)
|
||||
[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html)
|
||||
[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html)
|
||||
|
|
|
|||
Loading…
Reference in New Issue