Scribd
Upload
1K views6 pages

Window Boss PC Audit 1

Uploaded by

rane.samir57
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views6 pages

Window Boss PC Audit 1

Uploaded by

rane.samir57
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

AUDIT WINDOWS PC

Ser No
01 IP address Start->run->cmd->ipconfig
02 MAC address Start->run->cmd->getmac
03 Machine Ser No Start->run->cmd->bios get serialnumber
04 PC Make & Model Start->run->cmd->wmic csproduct get name
05 BIOS Password Boot your system and Displayed menu Press Key on
BIOS SETUP or SYSTEM SETUP
06 BIOS Hardening

Card Reader Disabled BIOS menu->on board device->card reader->Disable / off

Wireless Nw Adapter Disable BIOS menu->on board device->wireless NW adopter-


>Disable / off
Multiple Nw Card Disabled BIOS menu->on board device->NW card->Disable / off
Network(icon) R-Click->Properties->lan card->disable
Multiple Booting Disabled BIOS menu->boot->boot menu->Disable
Wake on LAN Disabled BIOS menu->power management->wake on LAN -
>Disable
Chassis Intrusion Enabled BIOS menu->on board device->chassis intrusion->Enable

BIOS Updated Start->Run->msinfo32.exe


07 Win Password Start->Control Panel->Administrative Tools->User
Accounts
08 Screen Saver Password Right click on desktop -> Personalize -> Click on
Screensaver -> Set time and check ‘On resume display
logon screen’
09 No of LAN Cards Network(icon) R-Click->Properties
10 IPv6 Disabled Network(icon) R-Click->Properties->un check ipv6
11 Operating Sys installed on Start->run->cmd->systeminfo
(Date)
12 OS With Service Pack / Start->run->cmd->systeminfo
No of Patches /
13 Patches Last Updated Control Panel\All Control Panel Items\Programs and
Features\Installed Updates
14 OS Pirated/ Unactivated Sw My computer(icon) R-Click->Properties
15 AV installed Control Panel\All Control Panel Items\Programs and
Features
16 Malware Found C:\Users\mint\AppData\Roaming
17 Non ADN IP Address Start->run->cmd->netstate -ano
Connection Establised
18 Unwanted Sw intalled Control Panel\All Control Panel Items\Programs and
Features
19 Active Directory/ Domain My computer(icon) R-Click->Properties
Controller Impl :
20 SCCM installed Control Panel\All Control Panel Items\configuration
manager
21 Firewall Installed/ Enabled Control Panel\All Control Panel Items\Windows Firewall
22 Firewall Configured Control Panel\All Control Panel Items\Windows
Firewall\Customize Settings
23 Encryption Tool Installed Control Panel\All Control Panel Items\Programs and
Features
24 Sharing. Start->run->cmd->net share

25 Security Policy.
Password policy implemented. Start -> Control Panel -> Administrative Tools -> Local
Security Policy -> Account Policies -> Password Policy ->
Change the value as per your Requirement -> Apply ->
OK
Account Lockout policy Start -> Control Panel -> Administrative Tools -> Local
implemented. Security Policy -> Account Policies -> Account Lockout
Policy -> Change the value as per your Requirement ->
Apply -> OK
Audit Policy Implemented. Start -> Control Panel -> Administrative Tools -> Local
Security Policy -> Local Policies -> Audit Policy ->
Change the value as per your Requirement -> Apply ->
OK
No of User Account Present Start->run->cmd->net user
Guest acct Enabled Start -> Control Panel -> Administrative Tools -> Local
Security Policy -> Local Policies-> Security Options->
Guest account Status-> Double Click-> Check Disabled->
Apply -> OK
Administrator renamed Start -> Control Panel -> Administrative Tools -> Local
Security Policy -> Local Policies-> Security Options->
Rename administrator account -> Double Click-> Enter
Name-> Apply -> OK
Ctrl+Alt+Del Disabled Start -> Control Panel -> Administrative Tools -> Local
Security Policy -> Local Policies-> Security Options-> Do
not require CTRL+ALT+DEL -> Double Click-> Check
Disabled-> Apply -> OK
Display Last User Name Start -> Control Panel -> Administrative Tools -> Local
Enabled Security Policy -> Local Policies-> Security Options-> Do
not Display Last User Name -> Double Click-> Check
Enabled-> Apply -> OK
Clear virtual Memory Enabled Start -> Control Panel -> Administrative Tools -> Local
Security Policy -> Local Policies-> Security Options->
Clear Virtual Memory Pagefile -> Double Click-> Check
Enabled-> Apply -> OK

Usage of Admin Acct for Daily Start->run->cmd->net user username


Wk
26 Services Start -> Control Panel -> Administrative Tools -> Services
-> Select Required Services -> Double Click-> Stop
Services and Select Disabled-> Apply -> OK
27 USB Port Enabled Start->run->regedit-> Computer\
HKEY_LOCAL_MACHINE \SYSTEM\ CurrentControlSet\
Services\ USBSTOR\start(D-Click)\ Change the value
greater than 3 and click OK
28 Wireless Enabled My computer(icon) R-Click->manage ->device manager
29 USB Based Mass Storage Start->run->regedit-> Computer\
Device Used HKEY_LOCAL_MACHINE \SYSTEM\
CurrentControlSet\Enum\USBSTOR
30 Attempt to Log Start->run->regedit-> Computer\
HKEY_LOCAL_MACHINE \SYSTEM\
CurrentControlSet\Control\Device Classes\check start line
no 53
BOSS AUDITING

Ser No Audit Command

1) BIOS VERSION sudo cat /sys/class/dmi/id/bios_version

2) BIOSDATE sudo cat /sys/class/dmi/id/bios_date

3) PC MAKE AND MODEL sudo cat /sys/class/dmi/id/product_name

4) COMPUTER SERNO sudo cat /sys/class/dmi/id/product_serial

5) HDD SERNO sudo hdparm -I /dev/sda | grep Serial


sudo lshw -class disk | grep serial

6) HOST NAME sudo hostname

7) VERSION OF LINUX sudo lsb_release -a

8) KERNEL VERSION sudo uname -a

9) GLIBC VERSION OF LINUX sudo ldd --version | grep ldd

10) INSTALLED DATE sudo ls -ld /var/log/installer

11) IP ADDRESS sudo ifconfig -a | grep inet

12) NUMBER OF LAN CARD AND MAC sudo ifconfig -a | grep eth
ADDRESS

13) BUILD DATE sudo cat /var/log/Xorg.0.log | grep Build

14) FIREFOX BROWSER VERSION sudo firefox -v

15) GOOGLE CHROMIUM BROWSER sudo chromium-browser --product-version


VERSION

16) USER DETAILS sudo ls /home

17) ISOC REGISTRATION (CIVIL NET) sudo cat /var/log/client/comm | grep Approved
sudo cat /var/log/client/comm | grep Rejected
sudo cat /var/log/client/comm | grep Invalid

18) SAMITHA REGISTRATION (ARMY NET) sudo cat /var/log/client/process.log | grep Approved
sudo cat /var/log/client/process.log | grep Rejected
sudo cat /var/log/client/process.log | grep Invalid
19) ALL PACKAGES UPDATED sudo gedit /var/log/apt/history.log

20) CONNECTION TO ANY MALICIOUS IP sudo netstat -tulpn


ADDRESS

21) GRUB BOOT LOADER PASSWORD sudo cat /boot/grub/grub.cfg | grep password_pbkdf2

22) GRUB BOOT LOADER TIME sudo cat /boot/grub/grub.cfg | grep timeout=

23) GRUB LOADER FILE SECURED sudo ls -l /boot/grub/grub.cfg

24) ROOT USER DISABLED AND LOCKED sudo cat /etc/shadow | grep root

25) ACCESS TO CORE DUMPS sudo cat /proc/sys/fs/suid_dumpable


RESTRICTED

26) BUFFER OVERFLOW PROTECTION sudo dmesg | grep --color '[NX|DX]*protection'


ENABLED

27) VITURAL MEMORY REGION sudo cat /proc/sys/kernel/randomize_va_space


PLACEMENT RANDOMIZATION
ENABLED

28) FIREWALL STATUS sudo service ufw status | grep active


sudo /etc/init.d/ufw status | grep active

29) FIREWALL VERSION sudo iptables -V

30) ANTIVIRUS INSTALLED sudo /etc/init.d/clamav-freshclam status | grep Active

31) ANTIVIRUS LAST UPDATED sudo gedit /var/log/clamav/freshclam.log

32) USB STORAGE DISABLED sudo cat /etc/modprobe.d/usb.conf

33) USB USAGE DETAILS sudo gedit /var/log/syslog | grep USB device

34) PREVENT USAGE OF UNCOMMON sudo cat /etc/modprobe.d/wifi.conf | grep btusb


FILE SYSTEM
sudo cat /etc/modprobe.d/wifi.conf | grep joydev
sudo cat /etc/modprobe.d/wifi.conf | grep blutooth
sudo cat /etc/modprobe.d/wifi.conf | grep uvcvideo
sudo cat /etc/modprobe.d/wifi.conf | grep videodev
sudo cat /etc/modprobe.d/wifi.conf | grep msdos

35) PASSWORD POLICY sudo cat /etc/login* | grep PASS

36) EMPTY PASSWORD ACCOUNT sudo awk -F":" '($2 == "!") {print $1}' /etc/shadow
LOCKED

37) PASSWORD REUSE IS RESTRICTED sudo gedit /etc/security/opasswd


38) SERVICES STATUS sudo service --status-all

39) SECURED SHARE MEMORY sudo cat /etc/mtab | grep shm

40) SSH ROOT LOGIN DISABLED sudo ufw status | grep 22

41) IPv6 FORWARDING ENABLED sudo cat /proc/sys/net/ipv6/conf/all/forwarding

42) IPv6 DISABLED sudo cat /proc/sys/net/ipv6/conf/all/disable_ipv6

43) IP SPOOFING PREVENTED sudo cat /proc/sys/net/ipv4/conf/all/rp_filter

44) IP SPOOFING PROTECTION sudo cat /proc/sys/net/ipv4/conf/all/rp_filter


ENABLED

45) SPOOFED PACKETS LOGGED OR NOT sudo cat /proc/sys/net/ipv4/conf/all/log_martians

46) IP SOURCE ROUTING DISABLED sudo cat /proc/sys/net/ipv4/conf/all/accept_source_route

47) LOG SUSPICIOUS PACKETS ENABLED sudo cat /process/sys/net/ipv4/conf/default/log_martians

48) IP FORWARDING DISABLED sudo cat /proc/sys/net/ipv4/ip_forward

49) SEND PACKETS REDIRECT DISABLED sudo cat /proc/sys/net/ipv4/conf/all/send_redirects


sudo cat /proc/sys/net/ipv4/conf/default/send_redirects

50) SOURCE ROOTED PACKET sudo cat /proc/sys/net/ipv4/conf/all/accept_source_route


ACCEPTANCE DISABLED
sudo cat /proc/sys/net/ipv4/conf/default/accept_source_route

51) ICMP REDIRECT ACCEPTANCE sudo cat /proc/sys/net/ipv4/conf/all/accept_redirects


DISABLED
sudo cat /proc/sys/net/ipv4/conf/default/accept_redirects

52) SECURE ICMP REDIRECT sudo cat /proc/sys/net/ipv4/conf/all/secure_redirects


ACCEPTANCE DISABLED
sudo cat /proc/sys/net/ipv4/conf/default/secure_redirects

53) TCP SYN COOKIES ENABLED sudo cat /proc/sys/net/ipv4/tcp_syncookies

54) IP BROADCAST REQUEST DISABLED sudo cat /proc/sys/net/ipv4/icmp__ignore_broadcasts


sudo cat /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

55) COMPILERS DISABLED OR NOT sudo ls -l /usr/bin/*cc /usr/bin/*++* /usr/bin/ld /usr/bin/as


/usr/bin/mysqlaccess

56) WIRELESS CONNECTION DISABLED sudo cat /etc/modprobe.d/wifi.conf | grep wireless

57) ROOT ACCTS PERMISSION TO sudo cat /etc/passwd | grep root:x:0:0:root:


ACCESS THE SYS DEFINED

58) ACCESS TO THE "SU"COMD BE sudo cat /etc/pam.d/su | grep group=admin


RESTRICTED
59) PERMISSION OF DANGEROUS FILES sudo ls -l /bin/ping /usr/bin/who /usr/bin/w
CHANGED
/usr/bin/locate /usr/bin/whereis /sbin/ifconfig
/bin/nano /usr/bin/vi /usr/bin/which /usr/bin/gcc
/usr/bin/make /usr/bin/apt-get /usr/bin/aptitude

60) SNORT LOG sudo gedit /var/log/snort/snort.log

61) [SYSTEM DATE AND TIME sudo date

You might also like