Config Templates

This is a collection of configuration files and configuration scripts that are great starting points. I have tried to include mostly files related to securing different protocols in different ways however that is not always what is needed so I have included some insecure configuations such as in the file smb.conf.

File Description

1. tmux.conf Configuration file that can be used to start your Tmux configuration
2. 1-ConfigureWindowsFTPS-CreateFTP-UsersAndGroup.ps1 This script is meant to be run on a Domain Controller. It creates an FTP users and administrators group
3. 2-ConfigureWindowsFTPS-ConfigureFTPoverSSLserver.ps1 This script is meant to be run on a Windows Server 2019 FTPS server hosted through IIS
4. Cloudflare Dynamic DNS Update.ps1 Script from Cloudflare that allows you to update your Dynamic DNS records automatically
5. Apache LDAPS Template for nagios.conf LDAP over SSL authentication configuration for Nagios Core on Apache
6. Bastillion LDAPS Tempalte for jaas.conf LDAP over SSL authentication configuration for Bastillion Servers
7. Configure-SFTP-Only.ps1 Setup an SFTP server without SSH open on a Windows Server
8. Harden-Windows10.ps1 Script to harden the Windows 10 Operating System for the everyday user
9. LAPS-Setup.ps1 Performs all the steps required to setup LAPS and keep password backups in an environment
10. Microsoft.PowerShell_profile.ps1 Default PowerShell profile Template that can be used
11. New-AOVPNClientProfile.ps1 Create a Client AOVPN profile that uses Split Tunneling and Certificate authentication with IKEv2 failing over to SSTP
12. Set-AOVPNServerProfile.ps1 Configure AOVPN Server to use Secure Encrpytion algorithms
13. Set-NTPServerUp.ps1 Configure a Windows Server to act as an NTP server which is secure by default 1, Set-NewLDAPSCertificate.ps1 Run this as a task to auto replace expiring LDAP over SSL certificate automatically on Domain Controllers
14. Set-RdpSslCertificate.ps1 Set the SSL certificate used by RDP
15. SetupRADIUSserver.ps1 Script to more quickly add client Authentictors to a RADIUS Authentication NPS Windows Server
16. StartupScriptDisableNetBIOSandLMHO This script is meant to be run as a startup script in a domain environment to ensure NetBIOS and LLMNR are disabled
17. apache2-default-ssl.conf Apache defaut-ssl.conf template for using hardened SSL
18. apache2-mods-enabled-ssl.conf Apache mods-enabled-ssl.conf template for using hardened SSL
19. apache2-security.conf Apache security.conf configuration template for securing an Apache web server
20. apache2.conf Apache configuration file template for hardening an Apache web server
21. apache2file-000-default.conf Apache 000-default.conf configuration file templtae for hardeing the default site profile
22. ccpd-config.yml Configuration file used to provide a template that allows you to use LDAP over SSL authentication with CIS-CAT Pro Dashboard (CCPD) when it is hosted on a Window Server. The documentation on their site does not cover how to define this values when hosted on a Windows Server so I made the info readily available.
23. cronjob-vsftpd-cert-expires.sh Script can be used as a cronjob that runs once a year to replace expired certificates used by VSFTPD or whatever service you wish to modify this too
24. fail2ban-apacheSSH-jail.local Configuration file template to use fail2ban to harden open apache and SSH ports
25. lighttpd-external.conf Configuration file to harden a lighttpd server hosting Pi-Hole
26. lighttpd-rejection.conf Configuration file to created WAF rules for a lighttpd server hosting a Pi-Hole
27. postfix-installer.sh This script is used to quickly set up a secure instance of Postfix on a Debian or Fedora OS. This does not include all the security features as the main.cf file below because of other outside factors that are not predictable. This does still set up secured SMTP server options.
28. postfix.main.cf Hardened Postfix Coniguration file main.cf that uses secure methods of sending emails from your local device
29. smb.conf Anonymous SMB access Not Secure This Samba configuration file is one I used while performing offensive attacks, hosting payloads over SMB. DO NOT use this as a main configuration for any SMB servers in an enviornment as it is purposefully insecure
30. sshd_config Great starting place for configuring SSH in a secure manner. I have included/centralized setting descriptors for anyone who may not be familiar with the protocol
31. vsftpd-installer.sh Bash script to install a secure instance of VSFTPD using FTP over SSL and a whitelisted user list
32. vsftpd.conf Anonymous Downloads FTP configuration for securely allowing anonymous users to only download files from a server
33. vsftpd.conf Anonymous Uploads FTP configuration for securely allowing anonymous users to only upload files to a server
34. vsftpd.conf for FTP over SSL FTP configuration for securely allowing authenticated users to upload or download files to an FTP server