Example of an IT security procedure

The following article attempts to address the topic of creating security procedures. It can be used in your company in its entirety or as a model for further development.
The safety procedure should be a kind of instruction where reading it will be carried out as a handle after the next required implementation of the actions.

Areas where appropriate measures of correct operation must be implemented:

  • Automatic monitoring of changes made to the script responsible for creating firewall rules – "firewall.sh".
  • Automatic monitoring of changes made to the file responsible for firewall rules – "rules.v4".
  • Automatic monitoring of the correctness of the permissions of the script responsible for firewall rules – "firewall.sh".
  • Automatic monitoring of the correctness of firewall rule file permissions – "rules.v4".
  • Automatic detection of firewall misalming.
  • Automatic check of the correct deposition of firewall logs.
  • Automatic monitoring of the correctness of the BIND dns configuration file – "named.conf.options".
  • Automatically check the lock on the corporate server for other internal addresses outside the internal network.
  • Automatically check the blocking of domain transfer capabilities by an external server.

  1. Instructions for implementing automatic monitoring of changes to the firewall rule script – "firewall.sh".
  • After the "firewall.sh"script isconfigured correctly, the primary administrator checks its checksum with md5sum firewall.sh :
configuring the "firewall.sh" script correctly
  • It then runs the "monitorfirewall.sh" script, specifying e82b20546d3deefa3bb9611744f64c03 as a parameter monitorfirewall.sh the previously received checksum.
  • The script looks like this:
#!/bin/sh
cat <EOT> /usr/monitors/monitorfirewalla.sh#!/bin/bashmd5='md5sum /usr/conf/firewall.sh | awk '{ print $1 }''if[ "$md 5" == "$1" ]; then echo "monitorfirewall.sh script works properly!"</EOT> | mail -s "Script monitorfirewall.sh! works improvement" [email protected] — -f [email protected] echo "WARNING! – Changes in the firewall.sh!" | mail -s "WARNING! – Changes detected in firewall.sh!" [email protected] — -f [email protected]
bash /usr/monitors/monitorfirewalla.sh $1
crontab -l > mycronecho "0 * * * * /var/monitors/monitorfirewalla.sh $1" >> mycroncrontab mycronrm mycronrm mycron
  • When you run the"monitorfirewall.sh"script, it sends an email to its mailbox informing you that it is doing the right way:
running the script "monitorfirewall.sh"
  • It also adds a recurring check of the "firewall.sh" script's checksum every hour through the cron mechanism, and if a change is detected, it sends an email informing you:
when a change is detected, he sends an e-mail informing the
  • If configuration changes are detected, the primary administrator is responsible for identifying the caustic agent and correcting the changed configuration.
  • Additionally, the script sends an email every day at 9:00 a.m. informing you that your operation is correct:
the script sends an e-mail every day at 9:00 a.m. informing you that its operation is correct
  • If the server restarts or does not receive an e-mail that the monitoring script is correct, the primary administrator is responsible for restarting the script.

2. Instructions for implementing automatic monitoring of changes to the firewall rule script – "rules.v4".

  • The primary administrator checks the checksum of the file responsible for firewall rules with the command md5sum /etc/iptables/rules.v4 :
responsible for firewall rules with md5sum command
  • It then runs the "monitorrules.sh" script, specifying as a parameter the previously received checksume.g. monitrorrules.sh c6479dff712135ae961316eb92a12ac0.
  • The script looks like this:
#!/bin/sh
cat <EOT> /usr/monitors/monitorrulesa.sh#!/bin/bashmd5='md5sum /usr/conf/firewall.sh | awk '{ print $1 }''if[ "$md 5" == "$1" ]; then echo "script monitorrules.sh works properly!"</EOT> | mail -s "Script monitorrules.sh! works improvement" [email protected] — -f [email protected] echo "WARNING! – Changes in the firewall.sh!" | mail -s "WARNING! – Changes detected in firewall.sh!" [email protected] — -f [email protected] bash
/usr/monitors/monitorrulesa.sh $1
crontab -l > mycronecho "0 * * * * /var/monitors/monitorrulesa.sh $1" >> mycroncrontab mycronrm mycronrm mycron
  • When you run the" monitorrules.sh" script, it sends an e-mail to its mailbox informing you that the correct operation is correct:
"Monitorrules.sh" sends an email to his mailbox
  • It also adds a recurring check of the checksum of the "rules.v4" script every hour through the cron mechanism, and if a change is detected, it sends an email informing you:
when a change is detected, he sends an e-mail informing the
  • If configuration changes are detected, the primary administrator is responsible for identifying the caustic agent and correcting the changed configuration.
  • Additionally, the script sends an email every day at 9:00 a.m. informing you that your operation is correct:
script sends an e-mail every day at 9:00 a.m.
  • If the server restarts or does not receive an e-mail that the monitoring script is correct, the primary administrator is responsible for restarting the script.

3. Instructions for implementing automatic monitoring of the validation of the permissions of the script responsible for firewall rules – "firewall.sh".

  • When the "firewall.sh" scriptpermissions are permfirewall.sh"areset correctly.
  • The script looks like this:
#!/bin/sh
cat <EOT> /usr/monitors/permfirewalla.sh#!/bin/bashperm='ls -al /usr/conf/firewall.sh | awk '{ print $1 $2 $3}''if [ "$perm" == "-rwxrwx—1root" ]; then echo "script permfirewall.sh works properly!"</EOT> | mail -s "Script permfirewall.sh! works improvement" [email protected] — -f [email protected] echo "WARNING! – Changes in the firewall.sh!" | mail -s "WARNING! – Permission changes detected in firewall.sh!" [email protected] — -f [email protected] bash
/usr/monitors/permfirewalla.sh $1
crontab -l > mycronecho "0 * * * * / /var/monitors/permfirewalla.sh $1" >> mycroncrontab mycronrm mycronron
  • When you run thepermfirewall.sh" sends an e-mail to its mailbox informing you that the correct operation is correct:
"Permfirewall.sh" script sends an e-mail
  • It also adds a recurring hourly validation of thefirewall.shscript permissions through the cron mechanism, and if a change is detected, it sends an email informing you:
cron mechanism recurring hourly validation of script permissions "firewall.sh"
  • If configuration changes are detected, the primary administrator is responsible for identifying the caustic agent and correcting the changed configuration.
  • Additionally, the script sends an email every day at 9:00 a.m. informing you that your operation is correct:
script sends an e-mail every day at 9:00 a.m.
  • If the server restarts or does not receive an e-mail that the monitoring script is correct, the primary administrator is responsible for restarting the script.

4. Instructions for implementing automatic monitoring of the validation of firewall rule file permissions – "rules.v4".

  • When the"rules.v4"script permissions are set correctly, the primary administrator runs the "permrules.sh" script.
  • The script looks like this:
#!/bin/sh
cat <EOT> /usr/monitors/permrulesa.sh#!/bin/bashperm='ls -al /usr/conf/rules.v4 | awk '{ print $1 $2 $3}''if[ "$perm" == "-rwxrwx—1root" ]; then echo "The permrules.sh works correctly!"</EOT> | mail -s "Script permrules.sh! works improvement" [email protected] — -f [email protected] echo "WARNING! – Changes in the firewall.sh!" | mail -s "WARNING! – Changes detected in permrules.sh!" [email protected] — -f [email protected]
bash /usr/monitors/permrulesa.sh $1
crontab -l > mycronecho "0 * * * * /var/monitors/permrulesa.sh $1" >> mycroncrontab mycronrm mycronrm
  • When you run the"permrules.sh"script, it sends an email to its mailbox informing you that it is doing the correct way:
running the script "permrules.sh" sends an e-mail
  • It also adds a recurring hourly validation of permissions in the" rules.v4" file through the cron mechanism, and if a change is detected, it sends an e-mail informing you:
cron mechanism recursive hourly validation of permissions of the file "rules.v4"
  • If configuration changes are detected, the primary administrator is responsible for identifying the caustic agent and correcting the changed configuration.
  • Additionally, the script sends an email every day at 9:00 a.m. informing you that your operation is correct:
script sends an e-mail every day at 9:00 a.m.
  • If the server restarts or does not receive an e-mail that the monitoring script is correct, the primary administrator is responsible for restarting the script.

5. Instructions for implementing automatic monitoring of the correctness of the firewall operation.

  • After the firewall rules have been configured, the main administrator runs the"checkfirewall.sh"script.
  • When you run the" checklogs.sh" script, it sends an e-mail to its mailbox informing you that the correct operation is correct:
running the script "checklogs.sh" sends an e-mail
  • It also adds a recurring hourly verification of firewall rules by scanning open ports from an external server, and if an irregularity is detected, it sends an e-mail informing it along with the open port numbers:
it sends an e-mail informing the
  • If configuration changes are detected, the primary administrator is responsible for identifying the caustic agent and correcting the changed configuration.
  • Additionally, the script sends an email every day at 9:00 a.m. informing you that your operation is correct:
script sends an e-mail every day at 9:00 a.m.
  • If the server restarts or does not receive an e-mail that the monitoring script is correct, the primary administrator is responsible for restarting the script.

6. Instructions for implementing automatic monitoring of the correctness of the deposition of firewall logs.

  • After the firewall rules have been configured, the main administrator runs the"checklogs.sh"script.
  • When you run the" checklogs.sh" script, it sends an e-mail to its mailbox informing you that the correct operation is correct:
running the script "checklogs.sh" sends an e-mail
  • It also adds a recurring check-in every hour through the cron mechanism, and if an irregularity is detected, it sends an e-mail informing:
irregularity sends an e-mail
  • If configuration changes are detected, the primary administrator is responsible for identifying the caustic agent and correcting the changed configuration.
  • Additionally, the script sends an email every day at 9:00 a.m. informing you that your operation is correct:
script sends an e-mail every day at 9:00 a.m.
  • If the server restarts or does not receive an e-mail that the monitoring script is correct, the primary administrator is responsible for restarting the script.

7. Instructions for implementing automatic monitoring of the correctness of the BIND dns configuration file – "named.conf.options".

  • After the BIND dns configuration file is configured correctly ,"named.conf.options",the primary administrator checks its checksum with md5sum named.conf.options :
md5sum named.conf.options
  • It then runs the"monitordns.sh"script, specifying the previously received checksum e.g. monitordns.sh e82b20546d3deefa3bb9611744f64c03 as a parameter.
  • The script looks like this:
#!/bin/sh
cat <EOT> /usr/monitors/monitordnsa.sh#!/bin/bashmd5='md5sum /usr/conf/named.conf.options | awk '{ print $1 }''if[ "$md 5" == "$1" ]; then echo "monitordns.sh script works properly!"</EOT> | mail -s "Script monitordns.sh! works improvement" [email protected] — -f [email protected] echo "WARNING! – Changes detected in named.conf.options!" | mail -s "WARNING! – Changes detected in named.conf.options!" [email protected] — -f [email protected]
bash /usr/monitors/monitordnsa.sh $1
crontab -l > mycronecho "0 * * * * /var/monitors/monitordnsa.sh $1" >> mycroncrontab mycronrm mycronrm mycron
  • When you run the"monitordns.sh"script, it sends an email to its mailbox informing you that the correct operation is running:
"Monitordns.sh" script sends an e-mail
  • It also adds a recurring check ofthe script's checksum " firewall.sh" every hour through the cron mechanism, and if a change is detected, it sends an email informing you:
cron mechanism recurring hourly checking of the checksum of the script "firewall.sh"
  • If configuration changes are detected, the primary administrator is responsible for identifying the caustic agent and correcting the changed configuration.
  • Additionally, the script sends an email every day at 9:00 a.m. informing you that your operation is correct:
script sends an e-mail every day at 9:00 a.m.
  • If the server restarts or does not receive an e-mail that the monitoring script is correct, the primary administrator is responsible for restarting the script.

8. Instructions for implementing an automatic lock check to query the corporate server for other internal addresses outside the internal network.

  • After configuring the DNS rules, the primary administrator runs the"digdns.sh"script.
  • When you run the"digdns.sh"script, it sends an email to its mailbox informing you that it is doing the correct work:
running the script "digdns.sh" sends an e-mail
  • It also adds a recurring hourly check for the company server's query lock for other internal addresses outside the internal network, and if an irregularity is detected, it sends an email informing you:
cron mechanism recurring hourly check the lock on the company server query
  • If configuration changes are detected, the primary administrator is responsible for identifying the caustic agent and correcting the changed configuration.

  • Additionally, the script sends an email every day at 9:00 a.m. informing you that your operation is correct:
the script sends an e-mail every day at 9:00 a.m. informing you that its operation is correct
  • If the server restarts or does not receive an e-mail that the monitoring script is correct, the primary administrator is responsible for restarting the script.

9. Instructions for implementing an automatic check to block domain transfer capabilities by an external server.

  • After the firewall rules are configured, the main administrator runs the"transferdns.sh"script.
  • When you run thetransferdns.sh" sends an e-mail to its mailbox informing you that the correct operation is correct:
"Transferdns.sh" script sends an email to its mailbox
  • It also adds a recurring check through the cron mechanism every hour to check the blocking of domain transfer capabilities by an external server, and if irregularities are detected, it sends an e-mail informing:
he/she sends an e-mail informing the
  • If configuration changes are detected, the primary administrator is responsible for identifying the caustic agent and correcting the changed configuration.
  • Additionally, the script sends an email every day at 9:00 a.m. informing you that your operation is correct:
sends an e-mail informing you that your operation is correct
  • If the server restarts or does not receive an e-mail that the monitoring script is correct, the primary administrator is responsible for restarting the script.

Chcesz wiedzieć więcej?

Zapisz się i bądź informowany o nowych postach (zero spamu!).
Dodatkowo otrzymasz, moją prywatną listę 15 najbardziej przydatnych narzędzi (wraz z krótkim opisem), których używam przy testach penetracyjnych.

Nigdy nie podam, nie wymienię ani nie sprzedam Twojego adresu e-mail. W każdej chwili możesz zrezygnować z subskrypcji.

Bookmark the permalink.

Podziel się swoją opinią na temat artykułu