From 849c334511046af241fc53d3e3777a372bb6ac1b Mon Sep 17 00:00:00 2001 From: trackers-love Date: Mon, 30 May 2022 17:13:54 +0800 Subject: [PATCH 1/6] test-just --- benchmarks/services/3.1-disable-http-server.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/benchmarks/services/3.1-disable-http-server.md b/benchmarks/services/3.1-disable-http-server.md index 384d047..6f3adea 100644 --- a/benchmarks/services/3.1-disable-http-server.md +++ b/benchmarks/services/3.1-disable-http-server.md @@ -1,5 +1,5 @@ # 3.1 禁用HTTP Server - +#3#11111111 ## 安全等级 Level 1 -- Gitee From 93ad9166b5a797cc112cf22abf8c489ca7be68a6 Mon Sep 17 00:00:00 2001 From: trackers-love Date: Fri, 10 Jun 2022 14:10:38 +0800 Subject: [PATCH 2/6] add base_line for protocol --- .../1.41-ensure-ssh-server-use-protocol_2.md | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 benchmarks/access-and-control/1.41-ensure-ssh-server-use-protocol_2.md diff --git a/benchmarks/access-and-control/1.41-ensure-ssh-server-use-protocol_2.md b/benchmarks/access-and-control/1.41-ensure-ssh-server-use-protocol_2.md new file mode 100644 index 0000000..a049deb --- /dev/null +++ b/benchmarks/access-and-control/1.41-ensure-ssh-server-use-protocol_2.md @@ -0,0 +1,35 @@ +# 1.41-ssh服务使用协议2 + +## 安全等级 + +Level 1 + +## 描述 + +建议ssh服务使用相对于旧版本(1)更安全的协议2 + +## 修复建议 + +ssh配置中确保 protocol 2 + +存在该选项则修改,没有则添加 + +```shell +# sed -i "/^Protocol/cProtocol 2" /etc/ssh/sshd_config; +# or +# echo -e "Protocol 2" >> /etc/ssh/sshd_config; +# systemctl restart sshd +``` + +## 扫描检测 + +sshd -T 查看默认选项或查看文件内容 + +```shell +# grep -R "^Protocol" /etc/ssh/sshd_config +Protocol 2 +``` + +如结果为`Protocol 2`,则视为通过此项检查。 + +## 参考 -- Gitee From bb7519ffb2ececa41e08799f8c6b42abe323d4ee Mon Sep 17 00:00:00 2001 From: trackers-love Date: Fri, 10 Jun 2022 14:19:14 +0800 Subject: [PATCH 3/6] add base_line for protocol 2 --- 1.41-ensure-ssh-server-use-protocol_2.md | 35 ++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 1.41-ensure-ssh-server-use-protocol_2.md diff --git a/1.41-ensure-ssh-server-use-protocol_2.md b/1.41-ensure-ssh-server-use-protocol_2.md new file mode 100644 index 0000000..a049deb --- /dev/null +++ b/1.41-ensure-ssh-server-use-protocol_2.md @@ -0,0 +1,35 @@ +# 1.41-ssh服务使用协议2 + +## 安全等级 + +Level 1 + +## 描述 + +建议ssh服务使用相对于旧版本(1)更安全的协议2 + +## 修复建议 + +ssh配置中确保 protocol 2 + +存在该选项则修改,没有则添加 + +```shell +# sed -i "/^Protocol/cProtocol 2" /etc/ssh/sshd_config; +# or +# echo -e "Protocol 2" >> /etc/ssh/sshd_config; +# systemctl restart sshd +``` + +## 扫描检测 + +sshd -T 查看默认选项或查看文件内容 + +```shell +# grep -R "^Protocol" /etc/ssh/sshd_config +Protocol 2 +``` + +如结果为`Protocol 2`,则视为通过此项检查。 + +## 参考 -- Gitee From 8c609dd4dcc8926060d2f13413a8132fb6c61a8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=BA=A4=E5=A4=AB=E7=9A=84=E7=88=B1?= Date: Fri, 10 Jun 2022 06:23:39 +0000 Subject: [PATCH 4/6] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20benc?= =?UTF-8?q?hmarks/services/3.1-disable-http-server.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../services/3.1-disable-http-server.md | 33 ------------------- 1 file changed, 33 deletions(-) delete mode 100644 benchmarks/services/3.1-disable-http-server.md diff --git a/benchmarks/services/3.1-disable-http-server.md b/benchmarks/services/3.1-disable-http-server.md deleted file mode 100644 index 6f3adea..0000000 --- a/benchmarks/services/3.1-disable-http-server.md +++ /dev/null @@ -1,33 +0,0 @@ -# 3.1 禁用HTTP Server -#3#11111111 -## 安全等级 - -Level 1 - -## 描述 - -HTTP 或 Web 服务器提供托管网站内容的能力。 - -除非需要将系统作为 Web 服务器运行,否则建议禁用软件包以减少潜在的攻击面。 - -## 修复建议 - -运行以下命令来禁用`httpd` - -```shell -systemctl --now disable httpd -``` - -## 扫描检测 - -运行以下命令来检查`httpd`是否被禁用 - -```shell -systemctl is-enabled httpd -``` - -期待的输出结果为`disabled` - -## 参考 - -- cis: 'https://www.cisecurity.org/benchmark/aliyun_linux' -- Gitee From c545eec3df32e1b451cde17793efc6f23d326af6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=BA=A4=E5=A4=AB=E7=9A=84=E7=88=B1?= Date: Fri, 10 Jun 2022 06:23:51 +0000 Subject: [PATCH 5/6] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20benc?= =?UTF-8?q?hmarks/access-and-control/1.41-ensure-ssh-server-use-protocol?= =?UTF-8?q?=5F2.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../1.41-ensure-ssh-server-use-protocol_2.md | 35 ------------------- 1 file changed, 35 deletions(-) delete mode 100644 benchmarks/access-and-control/1.41-ensure-ssh-server-use-protocol_2.md diff --git a/benchmarks/access-and-control/1.41-ensure-ssh-server-use-protocol_2.md b/benchmarks/access-and-control/1.41-ensure-ssh-server-use-protocol_2.md deleted file mode 100644 index a049deb..0000000 --- a/benchmarks/access-and-control/1.41-ensure-ssh-server-use-protocol_2.md +++ /dev/null @@ -1,35 +0,0 @@ -# 1.41-ssh服务使用协议2 - -## 安全等级 - -Level 1 - -## 描述 - -建议ssh服务使用相对于旧版本(1)更安全的协议2 - -## 修复建议 - -ssh配置中确保 protocol 2 - -存在该选项则修改,没有则添加 - -```shell -# sed -i "/^Protocol/cProtocol 2" /etc/ssh/sshd_config; -# or -# echo -e "Protocol 2" >> /etc/ssh/sshd_config; -# systemctl restart sshd -``` - -## 扫描检测 - -sshd -T 查看默认选项或查看文件内容 - -```shell -# grep -R "^Protocol" /etc/ssh/sshd_config -Protocol 2 -``` - -如结果为`Protocol 2`,则视为通过此项检查。 - -## 参考 -- Gitee From 171b59f99e62f40969f37daf7fe3c50e8b63b35e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=BA=A4=E5=A4=AB=E7=9A=84=E7=88=B1?= Date: Fri, 10 Jun 2022 06:23:59 +0000 Subject: [PATCH 6/6] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=201.41?= =?UTF-8?q?-ensure-ssh-server-use-protocol=5F2.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 1.41-ensure-ssh-server-use-protocol_2.md | 35 ------------------------ 1 file changed, 35 deletions(-) delete mode 100644 1.41-ensure-ssh-server-use-protocol_2.md diff --git a/1.41-ensure-ssh-server-use-protocol_2.md b/1.41-ensure-ssh-server-use-protocol_2.md deleted file mode 100644 index a049deb..0000000 --- a/1.41-ensure-ssh-server-use-protocol_2.md +++ /dev/null @@ -1,35 +0,0 @@ -# 1.41-ssh服务使用协议2 - -## 安全等级 - -Level 1 - -## 描述 - -建议ssh服务使用相对于旧版本(1)更安全的协议2 - -## 修复建议 - -ssh配置中确保 protocol 2 - -存在该选项则修改,没有则添加 - -```shell -# sed -i "/^Protocol/cProtocol 2" /etc/ssh/sshd_config; -# or -# echo -e "Protocol 2" >> /etc/ssh/sshd_config; -# systemctl restart sshd -``` - -## 扫描检测 - -sshd -T 查看默认选项或查看文件内容 - -```shell -# grep -R "^Protocol" /etc/ssh/sshd_config -Protocol 2 -``` - -如结果为`Protocol 2`,则视为通过此项检查。 - -## 参考 -- Gitee