Questions tagged [hardening]
43 questions
12
votes
3 answers
Hardened runtime for Java and Mojave
I currently distribute a Java application, packaged and signed using pkgbuild on macOS.
Recently, Apple warns developers:
"In an upcoming release of macOS, Gatekeeper will require Developer ID–signed software to be notarized by Apple."
Upon…
tresf
- 7,103
- 6
- 40
- 101
11
votes
2 answers
AOSP block installing apps from unknown source
Is there any way I can block the user from installing apps from an unknown source in custom android OS?
I am trying to create a custom variant of the Android OS using AOSP source, In which I want to allow users to install only apps from trusted…
GoSmash
- 1,096
- 1
- 11
- 38
8
votes
1 answer
Stack Guard and Stack Smashing Protection - canaries, memory
I have a few questions about Stack Guard and SSP protections. First question is about Stack Guard and its three types of canaries, if I am correctly - terminator, random and random XOR.
I'd like to know, how to disabled Stack Guard on x86 Linux…
Yeez
- 282
- 1
- 3
- 9
6
votes
4 answers
How do I prevent root access to my docker container
I am working on hardening our docker images, which I already have a bit of a weak understanding of. With that being said, the current step I am on is preventing the user from running the container as root. To me, that says "when a user runs…
Sean
- 139
- 1
- 1
- 15
2
votes
0 answers
How do you use the win_security_policy module for something in the local policies section using Ansible?
I want to be able to modify certain local policies on my WS 2019. I've tried to use the win_security_policy module from ansible but it doesn't recognize the section "local policies". According to the ansible documentation, local policies is a…
Qcsmocker
- 21
- 3
1
vote
2 answers
Is it correct to compile a C program with the gcc flag -fno-stack-protector in Ubuntu?
*I'm on an Ubuntu x86_64 system, gcc 11.4.0
I have this C program in a file test.c :
int fx( int a, int* b ){
*b = 12;
return a;
}
int main(){
int a = 20;
int b = fx(10,&a);
b+= 5;
}
I compile this file with…
alessio solari
- 313
- 1
- 6
1
vote
0 answers
How to read and fetch data from secpol.msc(local security policy) ---> windows defender firewall with advanced security values in command prompt
We are working on Windows OS hardening as per CIS Benchmark rules .
We are using Windows server 2019 EC2 Instance.
We want to fetch the data of windows defender firewall with advanced security of local security policy(secpol.msc).
We are using below…
Liji Mathew
- 11
- 2
1
vote
2 answers
DCOM Hardening - Autentication level for calls
MS is changing the minimum security level for DCOM. The setting "Authentication level for calls", a setting for the COM+ application, will be set to minimum "Packet integrity" and this will be mandatory by March 2023.
According to Microsoft, the…
Magnus Stenson
- 11
- 2
1
vote
1 answer
What is VirtualBox Hardening?
We use Oracle VirtualBox OSE as a part of our custom virtualization infrastructure, and compile it on our CI servers. One of numerous compilation parameters you can add into LocalConfig.kmk, custom configuration file, is VBOX_WITH_HARDENING = 0,…
user707779
1
vote
0 answers
Prevent admin account from logging-in via WooCommerce Login Page
I am trying to harden the best I can admin access to a WordPress site with WooCommerce.
So far I managed to do the following:
whitelist the admin access from a specific IP in .htaccess with:
order deny,allow
deny from all
…
Antony
- 145
- 6
1
vote
1 answer
Why is my process staying alive after app crash?
I have an application which I make crash at a certain point by deliberately throwing a RuntimeException. The result is that the app crashes, all visible traces of the activity disappear and the user is shown a popup dialog:
App has stopped
[X]…
fgysin
- 11,329
- 13
- 61
- 94
0
votes
0 answers
Root-Restricted-Docker Image
I have a use case, i have to give a docker image to one of my client, but no one should able to see what is inside the container, moreover should not able to copy anything from the Container, is it possible, if possible can you please guide me how…
Niranjan Reddy
- 13
- 6
0
votes
0 answers
How can I make fail2ban recognize a specific error in the log and immediately ban offending IPs?
I'm trying to IMMEDIATELY ban offending ip's from accessing my webserver that try to circumvent my directory restrictions. This would be based on the error they produce after fail2ban scans the error log.
Here is the error I'm trying to use as a…
mordormike
- 1
- 2
0
votes
1 answer
openscap oscap-ssh --local-files option problem, no such file or directory
Description of Problem:
I'm trying to scan a remote machine using my own script that I made using OpenSCAP Script Engine.
From the different options that offers me oscap-ssh I am using the "--local-files" one that allows me to upload a directory to…
gonzalofdv
- 3
- 1
0
votes
0 answers
Oracle Linux 8 hardening with CIS security policy
I am trying to harden an existing Oracle Linux 8 OS with OpenSCAP CISv2 but there is no available bash scripts that can automate this compared to RHEL8.
In Oracle Linux 8 I was told to install OpenSCAP packages.
sudo dnf install openscap…
