-
-
Save RasPhilCo/01c63da9777a87c3be59 to your computer and use it in GitHub Desktop.
Create known good baseline of FreeBSD server basics
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Script to generate a baseline of known good values for a FreeBSD 10.x server | |
| # The outputs should be able to be diff'd later to verify that no changes have occured | |
| BASELINE=baseline | |
| SUDO=/usr/local/bin/sudo | |
| /bin/rm -rf $BASELINE | |
| /bin/mkdir $BASELINE | |
| /bin/hostname > $BASELINE/hostname | |
| /bin/cp /etc/passwd $BASELINE/users | |
| /bin/cp /etc/group $BASELINE/groups | |
| /sbin/ifconfig -a > $BASELINE/interfaces | |
| /sbin/kldstat > $BASELINE/kernel_modules | |
| /usr/bin/netstat -an | grep -E '(LISTEN|udp.*\*\.\*.*$)' > $BASELINE/network_ports | |
| /usr/bin/netstat -rnfinet > $BASELINE/routing | |
| /bin/ps waxo jid,uid,user,args | sort -k 2,4 > $BASELINE/processes | |
| /usr/sbin/jls > $BASELINE/jails | |
| /sbin/mount > $BASELINE/filesystems | |
| /usr/sbin/service -e > $BASELINE/enabled_services | |
| /usr/sbin/pkg info > $BASELINE/installed_packages | |
| /usr/sbin/pkg audit > $BASELINE/vulnerable_packages | |
| $SUDO /sbin/pfctl -sr 2>1 > $BASELINE/firewall_rules | |
| /bin/cp /etc/crontab $BASELINE/system_crontab | |
| /bin/cat /etc/passwd | cut -d ':' -f1 | grep -v "^#" | \ | |
| xargs -n1 $SUDO /usr/bin/crontab -lu 2>1 > $BASELINE/user_crontabs |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment