Update in: 16 February 2021
This plugin is intended to run ONLY on modern Linux boxes. It’s ready to run on 64 & 32 bits.
It contains a custom build of John the ripper 1.8 + Contrib patches with 32&64 static binaries. The main concept of the plugin is to be monolothic, detect what can be hardened and try to solve differences between distros without asking nothing to the admin, so deployment could be the same for any system, ignoring versions, distro or architecture.
This plugin will check:
- User password audit check, using dictionary (provided) with the
500 most common used passwords. This usually don’t take more than a few seconds. If you have hundred of users, probably need to customize the plugin execution to be executed only each 2-6 hours. You can customize the password dictionary just adding your organization typical password in the file “basic_security/password-list”.
- Check SSH on default port
- Check FTP on default port
- Check SSH to allow root access
- Verify if is there a MySQL running without root password defined.
In the future we want to expand it’s features to include file hashing check, detect bruteforce attacks by analyzing logs, improve hardening check on root enviroment, etc. Keep updated to see what’s new in the next months.
basic_security (sources update, Jan 2021)
basic.security.tar.bz2 (contains password audit tool, optional)