Added the Linux modules

grapheneX · Jul 8, 2019 · ac1ef52 · ac1ef52
1 parent c0bbec9
commit ac1ef52
Showing 1 changed file with 57 additions and 1 deletion.
diff --git a/graphenex/modules.json b/graphenex/modules.json
@@ -141,6 +141,20 @@
             "command": "echo \"readonly TMOUT=900\" >> /etc/profile.d/idle-users.sh; echo \"readonly HISTFILE\" >> /etc/profile.d/idle-users.sh; chmod +x /etc/profile.d/idle-users.sh",
             "require_superuser": "True",
             "target_os": "linux"
+        },
+        {
+          "name": "Enable_Password_Control",
+          "desc": "Enable password change control to root user",
+          "command": "chage -M 20 root",
+          "require_superuser": "True",
+          "target_os": "linux"
+        },
+        {
+          "name": "Set_File_Permissions",
+          "desc": "Set file permissions",
+          "command": "chown root:root; chmod og-rwx",
+          "require_superuser": "*",
+          "target_os": "linux"
         }
     ],
     "network": [
@@ -227,6 +241,27 @@
             "command": "iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP",
             "require_superuser": "False",
             "target_os": "linux"
+        },
+        {
+            "name": "Set_Permissions_Network_Settings",
+            "desc": "Set permissions on network settings",
+            "command": "chmod 02750 /bin/ping ; chmod 02750  /sbin/ifconfig",
+            "require_superuser": "False",
+            "target_os": "linux"
+        },
+        {
+            "name": "Set_Permissions_Users",
+            "desc": "Set permissions on users",
+            "command": "chmod 02750 /usr/bin/w ; chmod 02750 /usr/bin/who",
+            "require_superuser": "False",
+            "target_os": "linux"
+        },
+        {
+            "name": "Set_Permissions_System_Configuration",
+            "desc": "Set permissions on system configuration",
+            "command": "chmod 02750 /usr/bin/locate ; chmod 02750 /usr/bin/whereis",
+            "require_superuser": "False",
+            "target_os": "linux"
         }
     ],
     "services": [
@@ -322,6 +357,27 @@
             "command": "echo \"kernel.randomize_va_space=2\" > /etc/sysctl.d/50-rand-va-space.conf",
             "require_superuser": "False",
             "target_os": "linux"
+        },
+        {
+            "name": "Set_Permissions_Firewall_File",
+            "desc": "Set permissions on sensitive system files to firewall",
+            "command": "chmod 0700 /etc/profile ; chmod 0700 /etc/hosts.allow ; chmod 0700 /etc/mtab ; chmod 0700 /etc/utmp ; chmod 0700 /var/adm/wtmp ; chmod 0700 /etc/syslog.pid",
+            "require_superuser": "False",
+            "target_os": "linux"
+        },
+        {
+            "name": "Set_Permissions_Kernel_File",
+            "desc": "Set permissions on sensitive system files to kernel",
+            "command": "chmod 0700 /etc/sysctl.conf ; chmod 0700 /etc/inittab",
+            "require_superuser": "False",
+            "target_os": "linux"
+        },
+        {
+            "name": "Set_Permissions_Privelege_Escalation",
+            "desc": "Set permissions on privelege escalation",
+            "command": "chmod 02750 /bin/su ; chmod 02750 /bin/sudo",
+            "require_superuser": "False",
+            "target_os": "linux"
         }
     ],
     "filesystem": [
@@ -366,4 +422,4 @@
             "target_os": "linux"
         }
     ]
-}
+}