General Links
About Our Groups
Competitions
- DSU Competitions
- DCDC (Mock CCDC)
- External Competitions
- More coming soon
User Tools
Sidebar
ccdc_checklist
This is an old revision of the document!
Table of Contents
CCDC Checklist
This is a sample checklist for CCDC-style competitions.
Linux
Password Changes
Change all shell user passwords:
read; for u in $(cat /etc/passwd | grep -E "/bin/.*sh" | cut -d":" -f1); do echo "$u:$REPLY" | chpasswd ; done
Change all shell users' Samba passwords:
read; for u in $(cat /etc/passwd | grep -E "/bin/.*sh" | cut -d":" -f1); do echo -e "$REPLY\n$REPLY" | smbpasswd -sU $u ; done
Firewall
Enable the firewall:
ufw enable
Check the permitted ports and remove unnecessary whitelists:
ufw status numbered ufw delete [number]
Service Hardening
Windows
Password Changes
Change all passwords for local users:
Get-LocalUser | Set-LocalUser -password (read-host -AsSecureString)
Change all passwords for domain users:
Get-ADUser -Filter * | Out-GridView -PassThru | Set-ADAccountPassword -NewPassword (Read-Host -AsSecureString) -Reset
Note: These must be ran in an administrative powershell. When ran there is sometimes no prompt. Just type in the password and hit enter.
Firewall
Enable it. Good luck.
Service Hardening
SMB
Check SMB Version:
Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol OR Get-SmbServerConfiguration | Select EnableSMB1Protocol
If SMBv1 is enabled then disable it:
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol OR Set-SmbServerConfiguration -EnableSMB1Protocol $false
If SMB is required then enable SMBv2 which is secure:
Set-SmbServerConfiguration -EnableSMB2Protocol $true
RDP
-Enable Network Level Authentication -Make sure only required users are in RDP group
ccdc_checklist.1636182470.txt.gz · Last modified: 2021/11/06 07:07 by Charlie Root
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
