Introduction to System Hardening Basic Security Configuration

Session 17
Introduction to System Hardening
Basic Security Configuration
Automated Security Analyzers – Lynis
Basics Of Shell Scripting

Introduction to System Hardening
Hardening is usually a process of securing the system by reducing its surface of vulnerability.
A system in which 5 different services are running.
5 systems in which 5 services are running, one service per system.
More chances of comporomising is in first setup.

Critical Systems —> On which servers, database, APIs are running
Non-Critical Systems –> In House PC, Reception Systems
Hardware system –> Sensors, CCTV, Biometric

VAPT –> We scan the systems accordingly.
Professionals will deal with Critical System
Little Experience Will deal with Non-Critical System
Freshers|Noobez will deal will Hardware System

Why We need System Hardening?
To secure
To patch
To prevent the system from being compromised

All the organisation use AD (Active Directory) system for securing their devices and network. But they cannot fulfil the requirements for securing the whole system completely. There is always a gap, because they cannot configure the system manualy. Here we as system auditors come into existance for completely Configuring the system manually.

What are the things we need to keep in mind.
1. Software Patching
2. Outdated Applications and versions
3. OS Updated or not
4. Minimum Information revealing

How will you secure your system
1. Update The System
2. Password Protected
3. Acha khasa Anti-Malware
4. Firewall
5. IDS and IPS
6. Closing the services and Ports
7. Disabling Autorun
8. Disabling USB
9. Passwords

|Sr. No | Task | Location | P. Status | Current Status |
1. |Openiing firewall | Start-> Control Panel -> System Security -> Firewall | Disabled | Enables

Group Policy –> gpedit.msc
secpol –> security policies

We create a checklist for all different OS
Windows 10 –> 350 Controls

Hard Wire Coding
Universal Coding

ISO 27001 Compliance
ISMS –> Information Security Management System,
Most widely used ISO Compliance Bible

–> CIO
Lead Auditor

Tools for scaning
1. SPARTA –> GUI Based
2. LYNIS –> CLI Based tool, for unix/linux based Systems

Shell Scipting
MS OS –> .exe
Linux –> .sh

MS OS –> Notepad, Wordpad
Linux –> vi, vim, leafpad, gedit, nano

Edit it and save it
chmod +x
chmod 777



Shell SCripting

Tool -> netdiscover

Tool -> nmap

Linux OS –

Editor -> gedit | nano | leafpad | vi | vim etc

Extension : .sh
chmod 777
file name —->


chmod 777

netdiscover -> machines are runing in my network

ping -c 1 |grep “64 bytes”
ping -c 1 |grep “64 bytes”
ping -c 1 |grep “64 bytes”
ping -c 1 |grep “64 bytes”

working of for loop
for(i = 0; i < 10;i++)
print i;


i value –> 1-255

for Loop Implementation

for ip in $(seq 1 255);do
ping -c 1 172.16.3.$ip | grep “64 bytes”

ping -c 1 | grep “64 bytes”
ping -c 1 | grep “64 bytes”
ping -c 1 | grep “64 bytes”

ping -c 1 | grep “64 bytes” file
Using for loop

for ip in $(seq 1 255);do
ping -c 1 172.16.3.$ip |grep “ttl” |cut -d ” ” -f4 |cut -d “:” -f1

64 bytes from icmp_seq=1 ttl=64 time=1.59 ms

cut -d ” ”

2 comments on “Introduction to System Hardening Basic Security Configuration
  1. Aw, this was a very nice post. In idea I would like to put in writing like this additionally – taking time and precise effort to make a very good article… but what can I say… I procrastinate alot and under no circumstances appear to get one thing done.

  2. Adina Waight says:

    Thank you for the auspicious writeup. It in fact was a amusement account it. Look advanced to more added agreeable from you! However, how could we communicate?

Leave a Reply

Your email address will not be published. Required fields are marked *