Update docs for auto-server-patcher

jishnurippon · Jul 1, 2019 · d0711f5 · d0711f5
1 parent 7a32e50
commit d0711f5
Showing 1 changed file with 97 additions and 2 deletions.
diff --git a/doc/en-US/user_guide.md b/doc/en-US/user_guide.md
@@ -63,6 +63,7 @@ Read developer guide [here](/doc/en-US/dev_guide.md).
     - [Setting up System Log Monitor](#setting-up-system-log-monitor)
     - [Setting up Server Log Monitor](#setting-up-server-log-monitor)
     - [Setting up Insecure Headers](#setting-up-insecure-headers)
+    - [Setting up Auto Server Patcher](#setting-up-auto-server-patcher)
 
 -  [Firewall](#firewall)
 
@@ -73,6 +74,8 @@ Read developer guide [here](/doc/en-US/dev_guide.md).
 -  [System Log Monitor](#system-log-monitor)
 
 -  [Server Log Monitor](#server-log-monitor)
+
+-  [Auto Server Patcher](#auto-server-patcher)
 
 -  [License](#license)
 
@@ -270,6 +273,13 @@ Default configuration:
 		"ip_list": "",
 		"status_code": ""
 	},
+	"auto-server-patcher": {
+		"url": "XXXX",
+		"apache": "1",
+		"sysctl": "1",
+		"login": "1",
+		"ssh": "1"
+	},
 	"debug": false
 }
 ```
@@ -358,7 +368,8 @@ usage: SecureTea.py [-h] [--conf CONF] [--debug] [--twitter] [--twilio_sms]
                     [--threshold THRESHOLD] [--system_log] [--server_log]
                     [--log_file LOG_FILE] [--log_type LOG_TYPE]
                     [--window WINDOW] [--ip_list IP_LIST]
-                    [--status_code STATUS_CODE]
+                    [--status-code STATUS_CODE] [--auto-server-patcher]
+                    [--ssh] [--sysctl] [--login] [--apache] [--ssl]		    
 ```
 
 Example usage:
@@ -515,6 +526,13 @@ The following argument options are currently available:
   --ip_list IP_LIST     List of IPs to grab from log file
   --status_code STATUS_CODE
                         List of status code to grab from log file
+  --auto-server-patcher, -asp
+                        Start auto server patcher
+  --ssh                 Patch SSH config
+  --sysctl              Patch system configuration
+  --login               Patch login configuration
+  --apache              Patch apache configuration
+  --ssl                 Scan for SSL vulnerability
  ```
 
 ### Example usages
@@ -710,6 +728,26 @@ sudo SecureTea.py --system_log
 #### 2. Argument list
 No optional arguments.
 
+#### Setting up Auto Server Patcher
+Example usage:<br>
+#### 1. Using interactive setup
+```argumnent
+sudo SecureTea.py --auto-server-patcher
+```
+**or:**
+```argumnent
+sudo SecureTea.py -asp
+```
+#### 2. Argument list
+| Argument      | Default value | Description |
+| ------------- | ------------- |--------------
+| `--url` | XXXX |URL for SSL scanning|
+| `--apache` | 1 |Patch apache configuration or not (0:no, 1:yes)|
+| `--sysctl` | 1 |Patch system configuration or not (0:no, 1:yes)|
+| `--login` | 1 |Patch login configuration or not (0:no, 1:yes)|
+| `--ssh` | 1 |Patch SSH configuration or not (0:no, 1:yes)|
+| `--ssl` | 1 |Scan for SSL vulnerability|
+
 ## Firewall
 SecureTea Firewall currently uses the following rules to filter the incoming traffic:
 <br><br>
@@ -812,7 +850,7 @@ The following suspicious activities/attacks can be detected:
    - SQL injection (SQLi)
    - Local file inclusion (LFI)
    - Web shell injection
-   
+
  - Reconnaissance attacks
    - Web crawlers / spiders / bots
    - URL Fuzzing
@@ -824,6 +862,63 @@ The following suspicious activities/attacks can be detected:
 - User defined rules:
    - Filter based on selected IPs
    - Filter based on response code
+
+## Auto Server Patcher
+SecureTea Auto Server Patcher will patch the server configurations for highest security & help overcome common security deployment mistakes.
+
+The following features are currently supported:
+
+- Auto update packages
+
+- Set password expiration & password strength rules
+
+- Check for rootkits
+
+- Auto remove discarded package
+
+- Enhance **IP TABLE** rules:
+  - Force SYN packets check
+  - Drop XMAS packets
+  - Drop null packets
+  - Drop incoming packets with fragments
+
+- Configure **`/etc/sysctl.conf`**
+  - Disable IP forwarding & IP source routing
+  - Disable sent packets redirects
+  - Disable ICMP redirect acceptance
+  - Enable IP spoofing protection
+  - Enable bad error message protection
+
+- Patch **Apache** server configurations
+  - Prevent server from broadcasting version number
+  - Turn off TRACE method to prevent Cross-Site Scripting
+  -  X-powered by headers
+
+- Configure **SSH**
+  -  Disallow root access via SSH
+  -  Disallow SSH from trusting a host based only on its IP
+  -  Prevent users from logging into SSH with an empty password
+  -  Sop the possibility of the server sending commands back to the client
+  -  Drop the SSH connection after 5 failed authorization attempts
+  -  Disable weak ciphers
+  -  Disables password authentication and defers authorization to the key-based PAM
+  -  Log out idle users after 15 minutes
+  - Configure server checks whether the session is active before dropping
+
+- List all the possible **SSL** vulnerabilities in the server using SSL Labs API
+  - Beast attack
+  -  Poodle
+  - Poodle TLS
+  - RC4
+  - Heartbeat
+  - Heartbleed
+  - Ticketbleed
+  - OpenSSL CCS
+  - OpenSSL padding
+  - Robot attack
+  - Freak
+  - Logjam
+  - Drown attack
 
 ## License
 **MIT License**