GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → k4yt3x → defense-matrix

k4yt3x / defense-matrix

Licence: GPL-3.0 license
Express security essentials deployment for Linux Servers

Programming Languages

python
139335 projects - #7 most used programming language
shell
77523 projects

Labels

securityfirewallhidslinux-serversecurity-toolsscutum

Projects that are alternatives of or similar to defense-matrix

mikrotik-fwban
Use your Mikrotik firewall to do fail2ban like blocking of unwanted IPs. Written in Go
Stars: ✭ 22 (-63.93%)
Mutual labels:  firewall
laravel-route-blocker
Block routes by IP
Stars: ✭ 77 (+26.23%)
Mutual labels:  firewall
Elkeid
Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.
Stars: ✭ 1,245 (+1940.98%)
Mutual labels:  hids
aws-firewall-factory
Deploy, update, and stage your WAFs while managing them centrally via FMS.
Stars: ✭ 72 (+18.03%)
Mutual labels:  firewall
bash-backup
Simple backup script for GNU/Linux servers
Stars: ✭ 76 (+24.59%)
Mutual labels:  linux-server
IPRadar2
Real-time detection and defense against malicious network activity and policy violations (exploits, port-scanners, advertising, telemetry, state surveillance, etc.)
Stars: ✭ 20 (-67.21%)
Mutual labels:  firewall
Anti-DDOS-Script
Anti DDOS Protection that will stop DDOS from taking down your Linux Server
Stars: ✭ 51 (-16.39%)
Mutual labels:  firewall
appFirewall
A free, fully open-source application firewall for MAC OS High Sierra and later. Allows real-time monitoring of network connections being made by applications, and blocking/allowing of these per app by user. Supports use of hostname lists (Energized Blu etc) to block known tracker and advertising domains for all apps. Also allows blocking of all…
Stars: ✭ 115 (+88.52%)
Mutual labels:  firewall
nftables-example
A playground ruleset to get to know nftables syntax
Stars: ✭ 19 (-68.85%)
Mutual labels:  firewall
XDP-Firewall
An XDP firewall that is capable of filtering specific packets based off of filtering rules specified in a config file. IPv6 is supported!
Stars: ✭ 129 (+111.48%)
Mutual labels:  firewall
Linux-System-Management-Scripts-Tricks
Linux Security & Linux Hardening & Linux Management & Linux Configuration
Stars: ✭ 70 (+14.75%)
Mutual labels:  linux-server
cni-plugins
CNI Plugins compatible with nftables
Stars: ✭ 29 (-52.46%)
Mutual labels:  firewall
Fragscapy
Fragscapy is a command-line tool to fuzz network protocols by automating the modification of outgoing network packets. It can run multiple successive tests to determine which options can be used to evade firewalls and IDS.
Stars: ✭ 52 (-14.75%)
Mutual labels:  firewall
knox-firewall
Restrict mobile data on Samsung devices
Stars: ✭ 17 (-72.13%)
Mutual labels:  firewall
uppersafe-osfw
UPPERSAFE Open Source Firewall
Stars: ✭ 21 (-65.57%)
Mutual labels:  firewall
tlstun
A socks tunnel client and server using websockets over http and tls
Stars: ✭ 36 (-40.98%)
Mutual labels:  firewall
waf4wordpress
WAF for WordPress 🔥 with 60+ security checks and weekly updates
Stars: ✭ 102 (+67.21%)
Mutual labels:  firewall
scutum
Linux Automatic ARP (TCP / UDP / ICMP) Firewall
Stars: ✭ 79 (+29.51%)
Mutual labels:  firewall
BeFree
Website Security, Antivirus & Firewall || a powerful application that can secure your website against hackers, attacks and other incidents of abuse
Stars: ✭ 24 (-60.66%)
Mutual labels:  firewall
Splunk TA paloalto
The Palo Alto Networks Add-on for Splunk allows a Splunk® Enterprise or Splunk Cloud administrator to collect data from Palo Alto Networks Next-Generation Firewall devices and Advanced Endpoint Protection.
Stars: ✭ 15 (-75.41%)
Mutual labels:  firewall
View All Similar Projects ➔

Defense Matrix (Archived Project)

This project was an attempt to automate various aspects of Linux security auditing and hardening. As time passed, I (K4YT3X) found many of the methodologies used in this project to be unideal and obsolete. Therefore, I recommend not continuing using this project but instead turning towards more advanced, up-to-date solutions. Below are some examples.

  • UFW (Uncomplicated Firewall): UFW is a wrapper of iptables/nftables. It makes configuring firewall fast and easy. If you have no experience configuring firewalls, or if you do not want to edit the rules manually, UFW is an excellent option to consider.
  • ArpON: ArpON is a host-based ARP monitoring and MITM prevention software. There are also other solutions like arpwatch and arpalert.
  • Lynis: Lynis is a Linux security auditing tool that helps you to identify security issues on a Linux host. It is also capable of checking a host's compliance with security standards.
  • PAM: Instead of replacing the original /usr/bin/passwd, it's recommended for you to set appropriate password complexity rules in PAM.

This project might be revived as a generic Linux hardening script in the future, but there's too much uncertainty lying in front of this project.

Join the chat at https://gitter.im/K4YT3X-DEV/DefenseMatrix status

Warning: passwd Binary Bug

The current method that defense matrix is using to enforce higher password strength seems defective. Therefore we have temporarily disabled the replacement of default system passwd binary.

If you wish to recover your default passwd binary file, please execute the following command to move the original binary back to its place.

sudo mv /usr/bin/oldpasswd /usr/bin/passwd

In the future, we'll be using a more stable, robust and secure way to implement this feature.

1.1.0 (October 20, 2018)

  • Rearranged executable files.
  • Removed everything that's redundant.
  • All tests passed. We are not expecting major bugs.
  • Integration with SCUTUM firewall fixed.
  • Unified code style (' and ", function and variable naming scheme)

Quick Install

Prerequisites

  • Designed for Linux OS
  • curl or wget is required for quick install
  • git should be installed

Detailed dependency list can be found in DEPENDENCIES.md

Via curl:

sudo bash -c "$(curl -fsSL https://raw.githubusercontent.com/K4YT3X/defense-matrix/master/quickinstall.sh)"

Via wget:

sudo bash -c "$(wget https://raw.githubusercontent.com/K4YT3X/defense-matrix/master/quickinstall.sh -O -)"

What is Defense Matrix?

DefenseMatrix helps individuals and organizations who use Linux to secure their servers on various dimensions automatically. It makes securing a Linux server faster and easier.

Never before have a program been able to have so many security features packed in one. Therefore we provide you with this all-in-one solution that will make the following difficult things easier to handle.

Why do you need Defense Matrix?

During HTN we made a test. Our nameless linux server which is exposed to the internet received roughly 6000 attacks and port scanning attempts every 24 hours.

Defense Matrix Features

scutum

  • TCP/UDP/ICMP firewall
  • ARP firewall

tiger & rkhunter

  • Rootkit Detection
  • Configuration sanity check

Other

  • Password complexity check

TODO

  • Attack analysis and visualization

These basic security features will defend your server(s) against most tech based attacks. We configure these things automatically for you.

Uninstallation

We make this easy for you.

sudo defense-matrix --uninstall

Usages

ALL commands require root privilege.

Firewall Controls

Firewall is controlled by SCUTUM Firewall. For more details please visit SCUTUM Help Page

sudo openport [port1] [port2] [port3]      # Open tcp ports
sudo closeport [port1] [port2] [port3]     # Close tcp ports
sudo service scutum start     # Start scutum service
sudo service scutum stop      # Stop scutum service
sudo systemctl enable scutum  # Start SCUTUM with system
sudo systemctl disable scutum # Don't start SCUTUM with system
sudo scutum                   # Start SCUTUM Normally
sudo scutum --start           # Start SCUTUM Manually for once even it it's disabled
sudo scutum --enable          # Enable SCUTUM (Start automatically on connect)
sudo scutum --disable         # Disable SCUTUM (Don't start automatically on connect)
sudo scutum --reset           # Reset SCUTUM (Allow ALL ARP packages temporarily)
sudo scutum --purgelog        # Purge SCUTUM logs
sudo scutum --install         # Run scutum installation wizard and install SCUTUM into system
sudo scutum --uninstall       # Remove SCUTUM from system completely
sudo scutum --upgrade         # Upgrade SCUTUM and AVALON Framework

Security Audit

Defense Matrix installs a number of security auditing tools for you, and more could be added later. To save you time executing those commands separately, we condense everything in to one command which will execute them all.

sudo defense-matrix --audit

Password Complexity Check

The default passwd binary will be replaced by our enhanced passwd command, and the old binary file will be backed up at /usr/bin/oldpasswd. When you change the password using passwd after installing Defense Matrix, it will require password with higher complexity.

TODO To restore the original passwd binary file:

sudo passwd --restore

What if I want to be more secure?

If you still feel unsafe after installing this security suite, we recommend you to look into IDSs and WAFs. Snort will be a good one to begin with.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].