KEMBAR78
VAPT Note | PDF | Secure Shell | Transport Layer Security
Scribd
Upload
35 views3 pages

VAPT Note

Uploaded by

pratik.kotecha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
35 views3 pages

VAPT Note

Uploaded by

pratik.kotecha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

* IP Forwarding Enabled closed vapt *

vim /etc/sysctl.conf

(copy paste file & save )

# Controls IP packet forwarding


net.ipv4.ip_forward = 0
.
.
.
.
:wq!

sysctl -p

-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
---

* SSL Certificate Cannot Be Trusted closed vapt *

systemctl status cockpit.socket


systemctl disable --now cockpit.socket

( check for list -unit files service disabled and enbaled for command )

systemctl list-unit-files |grep cockpit.socket

-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-

* SSH Weak Key Exchange Algorithms Enabled closed vapt *

vim /etc/sysconfig/sshd

# Configuration file for the sshd service.

# The server keys are automatically generated if they are missing.


# To change the automatic creation, adjust sshd.service options for
# example using systemctl enable sshd-keygen@dsa.service to allow creation
# of DSA key or systemctl mask sshd-keygen@rsa.service to disable RSA key
# creation.

# Do not change this option unless you have hardware random


# generator and you REALLY know what you are doing

SSH_USE_STRONG_RNG=0
# SSH_USE_STRONG_RNG=1

# System-wide crypto policy:


# To opt-out, uncomment the following line
CRYPTO_POLICY=
.
.
.
:wq! (save )

( ans example : #CRYPTO_POLICY= , # REMOVE AND SAVE )

-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-

* SSH Weak Key Exchange Algorithms Enabled closed vapt *

vim /etc/ssh/sshd_config

(click on up key and search cipler and keying enter and note file copy paste )

( file copy and paste )

(# Ciphers and keying)


(#RekeyLimit default none)

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-
nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-
gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-
etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

.
:wq!

sshd -t
systemctl restart sshd

-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
---------

* X Server Detection closed vapt *

( vnc server closed)

vncserver -list
vncserver

-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
--------------

netstat -tnldup
( check for x server remove vnc )

x (kill -9 : x number type and remove)

less /etc/sysctl.conf
vim /etc/sysctl.conf

sysctl -p

./EOD (ALL CLOSED EOD )


(open terminal and copy paste command)

You might also like