Zero-day checklist

From Hack Evergreen Wiki
Jump to: navigation, search

This is a list of services and configuration files to check immediately upon arrival, zero-day, zero-hour, zero-time...

Fortunately for Allied forces, Germany neglected to install fail2ban


These are useful resources for initial config

Initial Configuration

  • Switch - Find/disable open ports on local machines
  • Change passwords
  • Linux - Set up iptables
  • Windows - Set up firewall
  • Look at host files
  • Linux - Install packages such as fail2ban
  • Switch - Re-enable local ports
  • Check sensitive file permissions
  • Break sudoers

Startup Roles (After initial config)

  • Windows Server passwords, AD
  • Linux Mail, ssh, fail2ban server config, AD
  • Webserver config, switch config
  • iptables
  • switch config, BIND
  • Database config
  • FTP config
  • Windows services

After start-up

  • find, using setuid bin flag
  • logwatch
  • Create VLANS for servers
  • Tripwire?

The long story

  • Change passwords immediately with
   # passwd [username]

on Linux machines and on Windows,

   C:\> net user [username] [new_password]

or go to Start > Control Panel > User Accounts

  • Make a list of what services are running on the network using
  # nmap -pN [machine IP]


If you have determined that your Linux server has a set of ports open you will need to determine what programs are associated with those ports

  • To get a list of all programs running on the server run (you might want to pipe it to `less`)
   $ ps aux