Skip to content

Instantly share code, notes, and snippets.

@mclosson
Last active November 4, 2015 15:35
Show Gist options
  • Save mclosson/17dd10f0af886a4d74d3 to your computer and use it in GitHub Desktop.
Save mclosson/17dd10f0af886a4d74d3 to your computer and use it in GitHub Desktop.
Create known good baseline of FreeBSD server basics
#!/bin/sh
# Script to generate a baseline of known good values for a FreeBSD 10.x server
# The outputs should be able to be diff'd later to verify that no changes have occured
BASELINE=baseline
SUDO=/usr/local/bin/sudo
/bin/rm -rf $BASELINE
/bin/mkdir $BASELINE
/bin/hostname > $BASELINE/hostname
/bin/cp /etc/passwd $BASELINE/users
/bin/cp /etc/group $BASELINE/groups
/sbin/ifconfig -a > $BASELINE/interfaces
/usr/sbin/ifmcstat -v > $BASELINE/multicast_groups
/sbin/kldstat > $BASELINE/kernel_modules
/usr/bin/netstat -an | grep -E '(LISTEN|udp.*\*\.\*.*$)' > $BASELINE/network_ports
/usr/bin/netstat -rn > $BASELINE/routing
/bin/ps waxo jid,uid,user,args | sort -k 2,4 > $BASELINE/processes
/usr/sbin/jls > $BASELINE/jails
/sbin/mount > $BASELINE/filesystems
/usr/sbin/service -e > $BASELINE/enabled_services
/usr/sbin/pkg info > $BASELINE/installed_packages
/usr/sbin/pkg audit > $BASELINE/vulnerable_packages
$SUDO /sbin/pfctl -sr 2>1 > $BASELINE/firewall_rules
/bin/cp /etc/crontab $BASELINE/system_crontab
/bin/cat /etc/passwd | cut -d ':' -f1 | grep -v "^#" | \
xargs -n1 $SUDO /usr/bin/crontab -lu 2>1 > $BASELINE/user_crontabs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment