Hugging Face's logo

Spaces:
S-Dreamer
/
hard-os
Running

App Files Community
hard-os / index.html
S-Dreamer's picture
S-Dreamer
Add 3 files
1a74165 verified
raw
history blame contribute delete
48.1 kB
 <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Parrot OS Hardening Toolkit</title>
<script src="https://cdn.tailwindcss.com"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
<style>
.code-block {
background-color: #2d2d2d;
color: #f8f8f2;
border-radius: 0.375rem;
padding: 1rem;
font-family: 'Courier New', Courier, monospace;
overflow-x: auto;
margin: 1rem 0;
}
.tab-content {
display: none;
}
.tab-content.active {
display: block;
}
.nav-tabs .active {
border-bottom: 3px solid #3b82f6;
color: #3b82f6;
font-weight: 600;
}
.copy-btn {
transition: all 0.2s ease;
}
.copy-btn:hover {
background-color: #3b82f6;
color: white;
}
.copy-btn.copied {
background-color: #10b981;
color: white;
}
</style>
</head>
<body class="bg-gray-100 min-h-screen">
<div class="container mx-auto px-4 py-8">
<!-- Header -->
<header class="mb-8">
<div class="flex items-center justify-between">
<div>
<h1 class="text-3xl font-bold text-gray-800">
<i class="fas fa-shield-alt text-blue-500 mr-2"></i>
Parrot OS Hardening Toolkit
</h1>
<p class="text-gray-600 mt-2">
A comprehensive guide to building a secure penetration testing environment
</p>
</div>
<div class="hidden md:block">
<img src="https://www.parrotsec.org/images/logo.png" alt="Parrot OS Logo" class="h-16">
</div>
</div>
</header>
<!-- Main Content -->
<div class="bg-white rounded-lg shadow-lg overflow-hidden">
<!-- Tabs Navigation -->
<div class="border-b border-gray-200">
<nav class="flex nav-tabs overflow-x-auto">
<button class="px-6 py-3 text-sm font-medium active" data-tab="overview">
<i class="fas fa-info-circle mr-2"></i>Overview
</button>
<button class="px-6 py-3 text-sm font-medium" data-tab="ansible">
<i class="fas fa-code mr-2"></i>Ansible Playbook
</button>
<button class="px-6 py-3 text-sm font-medium" data-tab="manual">
<i class="fas fa-terminal mr-2"></i>Manual Setup
</button>
<button class="px-6 py-3 text-sm font-medium" data-tab="verification">
<i class="fas fa-check-circle mr-2"></i>Verification
</button>
<button class="px-6 py-3 text-sm font-medium" data-tab="resources">
<i class="fas fa-book mr-2"></i>Resources
</button>
</nav>
</div>
<!-- Tab Contents -->
<div class="p-6">
<!-- Overview Tab -->
<div id="overview" class="tab-content active">
<h2 class="text-2xl font-bold text-gray-800 mb-4">
<i class="fas fa-shield-virus text-blue-500 mr-2"></i>
Hardened Parrot OS Security Edition
</h2>
<div class="grid grid-cols-1 md:grid-cols-2 gap-6 mb-6">
<div class="bg-blue-50 p-4 rounded-lg">
<h3 class="font-bold text-blue-800 mb-2">
<i class="fas fa-bullseye mr-2"></i>Objective
</h3>
<p class="text-gray-700">
Create a secure, minimal, and reliable penetration testing environment based on Parrot OS Security Edition with full disk encryption, network hardening, and intrusion detection.
</p>
</div>
<div class="bg-green-50 p-4 rounded-lg">
<h3 class="font-bold text-green-800 mb-2">
<i class="fas fa-users mr-2"></i>Target Audience
</h3>
<p class="text-gray-700">
Penetration testers, security researchers, and cybersecurity professionals who need a secure field kit for assessments.
</p>
</div>
</div>
<h3 class="text-xl font-bold text-gray-800 mt-6 mb-3">
<i class="fas fa-lock mr-2"></i>Key Security Considerations
</h3>
<div class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4 mb-6">
<div class="bg-gray-50 p-4 rounded-lg border-l-4 border-blue-500">
<h4 class="font-semibold text-gray-800">Minimal Attack Surface</h4>
<p class="text-sm text-gray-600">Reduce installed packages and services to only what's necessary</p>
</div>
<div class="bg-gray-50 p-4 rounded-lg border-l-4 border-green-500">
<h4 class="font-semibold text-gray-800">Strong Authentication</h4>
<p class="text-sm text-gray-600">Implement MFA and secure password policies</p>
</div>
<div class="bg-gray-50 p-4 rounded-lg border-l-4 border-purple-500">
<h4 class="font-semibold text-gray-800">Disk Encryption</h4>
<p class="text-sm text-gray-600">Full disk encryption to protect data at rest</p>
</div>
<div class="bg-gray-50 p-4 rounded-lg border-l-4 border-red-500">
<h4 class="font-semibold text-gray-800">Network Hardening</h4>
<p class="text-sm text-gray-600">Minimize network exposure and secure services</p>
</div>
<div class="bg-gray-50 p-4 rounded-lg border-l-4 border-yellow-500">
<h4 class="font-semibold text-gray-800">Regular Updates</h4>
<p class="text-sm text-gray-600">Automatic security updates and patch management</p>
</div>
<div class="bg-gray-50 p-4 rounded-lg border-l-4 border-indigo-500">
<h4 class="font-semibold text-gray-800">Logging & Auditing</h4>
<p class="text-sm text-gray-600">Comprehensive activity tracking and monitoring</p>
</div>
</div>
<h3 class="text-xl font-bold text-gray-800 mt-6 mb-3">
<i class="fas fa-tools mr-2"></i>Included Security Tools
</h3>
<div class="grid grid-cols-2 md:grid-cols-3 lg:grid-cols-4 gap-3 mb-6">
<span class="bg-gray-100 px-3 py-1 rounded-full text-sm">UFW Firewall</span>
<span class="bg-gray-100 px-3 py-1 rounded-full text-sm">Fail2Ban</span>
<span class="bg-gray-100 px-3 py-1 rounded-full text-sm">Lynis</span>
<span class="bg-gray-100 px-3 py-1 rounded-full text-sm">OpenVAS</span>
<span class="bg-gray-100 px-3 py-1 rounded-full text-sm">AIDE</span>
<span class="bg-gray-100 px-3 py-1 rounded-full text-sm">Rkhunter</span>
<span class="bg-gray-100 px-3 py-1 rounded-full text-sm">Chkrootkit</span>
<span class="bg-gray-100 px-3 py-1 rounded-full text-sm">Auditd</span>
</div>
</div>
<!-- Ansible Playbook Tab -->
<div id="ansible" class="tab-content">
<h2 class="text-2xl font-bold text-gray-800 mb-4">
<i class="fas fa-code mr-2"></i>Ansible Playbook for Hardening
</h2>
<p class="text-gray-700 mb-4">
This Ansible playbook automates the hardening process for Parrot OS Security Edition. It includes disk encryption setup, firewall configuration, service management, and intrusion detection.
</p>
<div class="mb-6">
<div class="flex justify-between items-center bg-gray-800 px-4 py-2 rounded-t-lg">
<span class="text-white text-sm">parrot_hardening.yml</span>
<button class="copy-btn bg-gray-700 text-white px-3 py-1 rounded text-sm" data-clipboard-target="#ansible-playbook">
<i class="far fa-copy mr-1"></i> Copy
</button>
</div>
<pre id="ansible-playbook" class="code-block">---
- name: Harden Parrot OS Security Edition
hosts: all
become: true
vars:
# User configuration
admin_user: "pentester"
admin_groups: "sudo"
ssh_port: 2222
# Packages to remove
packages_to_remove:
- xserver-xorg
- bluetooth
- cups
- avahi-daemon
- modemmanager
# Services to disable
services_to_disable:
- bluetooth
- cups
- avahi-daemon
- modemmanager
- apparmor
tasks:
# Update system
- name: Update all packages
apt:
update_cache: yes
upgrade: dist
autoremove: yes
# Remove unnecessary packages
- name: Remove unwanted packages
apt:
name: "{{ packages_to_remove }}"
state: absent
purge: yes
# Disable unnecessary services
- name: Disable unwanted services
systemd:
name: "{{ item }}"
enabled: no
state: stopped
loop: "{{ services_to_disable }}"
# Configure UFW firewall
- name: Install UFW
apt:
name: ufw
state: present
- name: Configure UFW default policies
ufw:
state: enabled
policy: deny
direction: incoming
- name: Allow SSH on custom port
ufw:
rule: allow
port: "{{ ssh_port }}"
proto: tcp
# Install and configure Fail2Ban
- name: Install Fail2Ban
apt:
name: fail2ban
state: present
- name: Configure Fail2Ban
copy:
dest: /etc/fail2ban/jail.local
content: |
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 3600
findtime = 600
maxretry = 3
[sshd]
enabled = true
port = {{ ssh_port }}
filter = sshd
logpath = /var/log/auth.log
- name: Restart Fail2Ban
systemd:
name: fail2ban
state: restarted
# Configure automatic updates
- name: Install unattended-upgrades
apt:
name: unattended-upgrades
state: present
- name: Configure automatic updates
copy:
dest: /etc/apt/apt.conf.d/50unattended-upgrades
content: |
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
"${distro_id}ESM:${distro_codename}";
};
Unattended-Upgrade::Package-Blacklist {
};
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "02:00";
# Install security tools
- name: Install security tools
apt:
name:
- lynis
- aide
- rkhunter
- chkrootkit
- auditd
state: present
# Configure auditd
- name: Configure auditd rules
copy:
dest: /etc/audit/rules.d/hardening.rules
content: |
-a always,exit -F arch=b64 -S adjtimex -S settimeofday -k time-change
-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -k time-change
-a always,exit -F arch=b64 -S clock_settime -k time-change
-a always,exit -F arch=b32 -S clock_settime -k time-change
-w /etc/localtime -p wa -k time-change
-w /etc/group -p wa -k identity
-w /etc/passwd -p wa -k identity
-w /etc/gshadow -p wa -k identity
-w /etc/shadow -p wa -k identity
-w /etc/security/opasswd -p wa -k identity
- name: Restart auditd
systemd:
name: auditd
state: restarted
# Configure sysctl hardening
- name: Configure sysctl settings
sysctl:
name: "{{ item.key }}"
value: "{{ item.value }}"
state: present
reload: yes
with_items:
- { key: "net.ipv4.conf.all.rp_filter", value: "1" }
- { key: "net.ipv4.conf.default.rp_filter", value: "1" }
- { key: "net.ipv4.icmp_echo_ignore_broadcasts", value: "1" }
- { key: "net.ipv4.icmp_ignore_bogus_error_responses", value: "1" }
- { key: "net.ipv4.conf.all.accept_redirects", value: "0" }
- { key: "net.ipv4.conf.default.accept_redirects", value: "0" }
- { key: "net.ipv4.conf.all.secure_redirects", value: "0" }
- { key: "net.ipv4.conf.default.secure_redirects", value: "0" }
- { key: "net.ipv6.conf.all.accept_redirects", value: "0" }
- { key: "net.ipv6.conf.default.accept_redirects", value: "0" }
- { key: "net.ipv4.conf.all.send_redirects", value: "0" }
- { key: "net.ipv4.conf.default.send_redirects", value: "0" }
- { key: "net.ipv4.tcp_syncookies", value: "1" }
- { key: "net.ipv4.tcp_max_syn_backlog", value: "2048" }
- { key: "net.ipv4.tcp_synack_retries", value: "2" }
- { key: "net.ipv4.tcp_syn_retries", value: "5" }
- { key: "kernel.randomize_va_space", value: "2" }
# Configure SSH hardening
- name: Configure SSH
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^{{ item.regexp }}$"
line: "{{ item.line }}"
state: present
with_items:
- { regexp: "Port", line: "Port {{ ssh_port }}" }
- { regexp: "PermitRootLogin", line: "PermitRootLogin no" }
- { regexp: "Protocol", line: "Protocol 2" }
- { regexp: "X11Forwarding", line: "X11Forwarding no" }
- { regexp: "MaxAuthTries", line: "MaxAuthTries 3" }
- { regexp: "IgnoreRhosts", line: "IgnoreRhosts yes" }
- { regexp: "HostbasedAuthentication", line: "HostbasedAuthentication no" }
- { regexp: "PermitEmptyPasswords", line: "PermitEmptyPasswords no" }
- { regexp: "ClientAliveInterval", line: "ClientAliveInterval 300" }
- { regexp: "ClientAliveCountMax", line: "ClientAliveCountMax 2" }
- { regexp: "LoginGraceTime", line: "LoginGraceTime 60" }
- { regexp: "AllowAgentForwarding", line: "AllowAgentForwarding no" }
- { regexp: "AllowTcpForwarding", line: "AllowTcpForwarding no" }
- { regexp: "PermitTunnel", line: "PermitTunnel no" }
- name: Restart SSH
systemd:
name: ssh
state: restarted
# Configure password policies
- name: Install libpam-pwquality
apt:
name: libpam-pwquality
state: present
- name: Configure password policies
copy:
dest: /etc/security/pwquality.conf
content: |
minlen = 14
minclass = 4
maxrepeat = 2
maxsequence = 3
maxclassrepeat = 2
gecoscheck = 1
dictcheck = 1
usercheck = 1
enforcing = 1
- name: Configure PAM password policies
lineinfile:
dest: /etc/pam.d/common-password
regexp: "^password.*pam_pwquality.so.*$"
line: "password requisite pam_pwquality.so retry=3"
state: present
# Final message
- name: Display completion message
debug:
msg: "Parrot OS hardening complete. System reboot recommended."</pre>
</div>
<div class="bg-blue-50 p-4 rounded-lg mb-6">
<h3 class="font-bold text-blue-800 mb-2">
<i class="fas fa-info-circle mr-2"></i>Usage Instructions
</h3>
<ol class="list-decimal pl-5 text-gray-700 space-y-2">
<li>Install Ansible on your control machine: <code class="bg-gray-200 px-1 rounded">sudo apt install ansible</code></li>
<li>Create an inventory file with your target Parrot OS system's IP address</li>
<li>Save the playbook as <code class="bg-gray-200 px-1 rounded">parrot_hardening.yml</code></li>
<li>Run the playbook: <code class="bg-gray-200 px-1 rounded">ansible-playbook -i inventory parrot_hardening.yml</code></li>
<li>Reboot the system after completion</li>
</ol>
</div>
</div>
<!-- Manual Setup Tab -->
<div id="manual" class="tab-content">
<h2 class="text-2xl font-bold text-gray-800 mb-4">
<i class="fas fa-terminal mr-2"></i>Manual Hardening Steps
</h2>
<div class="space-y-6">
<!-- Initial Setup -->
<div class="bg-white border border-gray-200 rounded-lg shadow-sm">
<div class="flex items-center justify-between p-4 border-b border-gray-200 bg-gray-50 rounded-t-lg">
<h3 class="font-semibold text-gray-800">
<i class="fas fa-download mr-2 text-blue-500"></i>
Initial Setup
</h3>
<span class="bg-blue-100 text-blue-800 text-xs px-2 py-1 rounded-full">Step 1</span>
</div>
<div class="p-4">
<ol class="list-decimal pl-5 space-y-2 text-gray-700">
<li>Download Parrot OS Security Edition ISO from the <a href="https://www.parrotsec.org/download/" class="text-blue-600 hover:underline" target="_blank">official website</a></li>
<li>Verify the ISO checksum:
<div class="mt-2 code-block">sha256sum parrot-security-5.1_amd64.iso</div>
</li>
<li>Create bootable USB using Balena Etcher or dd:
<div class="mt-2 code-block">dd if=parrot-security-5.1_amd64.iso of=/dev/sdX bs=4M status=progress</div>
</li>
<li>Boot from USB and start installation</li>
<li>During installation:
<ul class="list-disc pl-5 mt-2 space-y-1">
<li>Select <strong>Guided - use entire disk with encrypted LVM</strong></li>
<li>Set a strong encryption passphrase (minimum 20 characters)</li>
<li>Create a non-root user account for daily use</li>
<li>Disable automatic login</li>
</ul>
</li>
</ol>
</div>
</div>
<!-- System Update -->
<div class="bg-white border border-gray-200 rounded-lg shadow-sm">
<div class="flex items-center justify-between p-4 border-b border-gray-200 bg-gray-50 rounded-t-lg">
<h3 class="font-semibold text-gray-800">
<i class="fas fa-sync-alt mr-2 text-green-500"></i>
System Update
</h3>
<span class="bg-blue-100 text-blue-800 text-xs px-2 py-1 rounded-full">Step 2</span>
</div>
<div class="p-4">
<div class="code-block">sudo apt update && sudo apt full-upgrade -y
sudo apt autoremove --purge -y
sudo apt clean</div>
</div>
</div>
<!-- Remove Unnecessary Packages -->
<div class="bg-white border border-gray-200 rounded-lg shadow-sm">
<div class="flex items-center justify-between p-4 border-b border-gray-200 bg-gray-50 rounded-t-lg">
<h3 class="font-semibold text-gray-800">
<i class="fas fa-trash-alt mr-2 text-red-500"></i>
Remove Unnecessary Packages
</h3>
<span class="bg-blue-100 text-blue-800 text-xs px-2 py-1 rounded-full">Step 3</span>
</div>
<div class="p-4">
<div class="code-block">sudo apt purge -y xserver-xorg xserver-xorg-core xserver-xorg-input-all \
xserver-xorg-video-all x11-common x11-utils x11-xserver-utils \
bluetooth bluez bluez-obexd pulseaudio-module-bluetooth \
cups cups-daemon cups-common cups-filters cups-ppdc \
avahi-daemon modemmanager</div>
</div>
</div>
<!-- Firewall Configuration -->
<div class="bg-white border border-gray-200 rounded-lg shadow-sm">
<div class="flex items-center justify-between p-4 border-b border-gray-200 bg-gray-50 rounded-t-lg">
<h3 class="font-semibold text-gray-800">
<i class="fas fa-fire mr-2 text-orange-500"></i>
Firewall Configuration (UFW)
</h3>
<span class="bg-blue-100 text-blue-800 text-xs px-2 py-1 rounded-full">Step 4</span>
</div>
<div class="p-4">
<div class="code-block">sudo apt install -y ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2222/tcp # Custom SSH port
sudo ufw enable
sudo systemctl enable ufw
sudo systemctl start ufw</div>
</div>
</div>
<!-- SSH Hardening -->
<div class="bg-white border border-gray-200 rounded-lg shadow-sm">
<div class="flex items-center justify-between p-4 border-b border-gray-200 bg-gray-50 rounded-t-lg">
<h3 class="font-semibold text-gray-800">
<i class="fas fa-terminal mr-2 text-purple-500"></i>
SSH Hardening
</h3>
<span class="bg-blue-100 text-blue-800 text-xs px-2 py-1 rounded-full">Step 5</span>
</div>
<div class="p-4">
<p class="text-gray-700 mb-2">Edit <code class="bg-gray-200 px-1 rounded">/etc/ssh/sshd_config</code>:</p>
<div class="code-block"># Change default port
Port 2222
# Disable root login
PermitRootLogin no
# Use only SSH protocol 2
Protocol 2
# Disable X11 forwarding
X11Forwarding no
# Limit authentication attempts
MaxAuthTries 3
LoginGraceTime 60
# Disable empty passwords
PermitEmptyPasswords no
# Disable password authentication (use keys only)
PasswordAuthentication no
# Configure key authentication
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
# Disable other features
AllowAgentForwarding no
AllowTcpForwarding no
PermitTunnel no
# Configure session timeouts
ClientAliveInterval 300
ClientAliveCountMax 2</div>
<p class="text-gray-700 mt-4">Then restart SSH:</p>
<div class="code-block">sudo systemctl restart ssh</div>
</div>
</div>
<!-- Fail2Ban Installation -->
<div class="bg-white border border-gray-200 rounded-lg shadow-sm">
<div class="flex items-center justify-between p-4 border-b border-gray-200 bg-gray-50 rounded-t-lg">
<h3 class="font-semibold text-gray-800">
<i class="fas fa-shield-alt mr-2 text-yellow-500"></i>
Fail2Ban Installation
</h3>
<span class="bg-blue-100 text-blue-800 text-xs px-2 py-1 rounded-full">Step 6</span>
</div>
<div class="p-4">
<div class="code-block">sudo apt install -y fail2ban
# Create custom jail configuration
echo '[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 3600
findtime = 600
maxretry = 3
[sshd]
enabled = true
port = 2222
filter = sshd
logpath = /var/log/auth.log' | sudo tee /etc/fail2ban/jail.local
sudo systemctl restart fail2ban
sudo systemctl enable fail2ban</div>
</div>
</div>
<!-- Additional Security Tools -->
<div class="bg-white border border-gray-200 rounded-lg shadow-sm">
<div class="flex items-center justify-between p-4 border-b border-gray-200 bg-gray-50 rounded-t-lg">
<h3 class="font-semibold text-gray-800">
<i class="fas fa-tools mr-2 text-indigo-500"></i>
Additional Security Tools
</h3>
<span class="bg-blue-100 text-blue-800 text-xs px-2 py-1 rounded-full">Step 7</span>
</div>
<div class="p-4">
<div class="code-block"># Install security tools
sudo apt install -y lynis aide rkhunter chkrootkit auditd
# Initialize AIDE database
sudo aideinit
sudo mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db
# Configure daily AIDE checks
echo '#!/bin/sh
/usr/bin/aide --check
exit 0' | sudo tee /etc/cron.daily/aide-check
sudo chmod +x /etc/cron.daily/aide-check
# Configure auditd
echo '-a always,exit -F arch=b64 -S adjtimex -S settimeofday -k time-change
-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -k time-change
-a always,exit -F arch=b64 -S clock_settime -k time-change
-a always,exit -F arch=b32 -S clock_settime -k time-change
-w /etc/localtime -p wa -k time-change
-w /etc/group -p wa -k identity
-w /etc/passwd -p wa -k identity
-w /etc/gshadow -p wa -k identity
-w /etc/shadow -p wa -k identity
-w /etc/security/opasswd -p wa -k identity' | sudo tee /etc/audit/rules.d/hardening.rules
sudo systemctl restart auditd
sudo systemctl enable auditd</div>
</div>
</div>
</div>
</div>
<!-- Verification Tab -->
<div id="verification" class="tab-content">
<h2 class="text-2xl font-bold text-gray-800 mb-4">
<i class="fas fa-check-double mr-2"></i>Verification & Testing
</h2>
<div class="grid grid-cols-1 md:grid-cols-2 gap-6 mb-6">
<div class="bg-white p-4 rounded-lg shadow-sm border border-gray-200">
<h3 class="font-semibold text-gray-800 mb-3">
<i class="fas fa-boot text-blue-500 mr-2"></i>Boot Process Verification
</h3>
<ul class="space-y-2 text-gray-700">
<li class="flex items-start">
<i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
<span>Verify system prompts for disk encryption passphrase on boot</span>
</li>
<li class="flex items-start">
<i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
<span>Check that no automatic login occurs</span>
</li>
<li class="flex items-start">
<i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
<span>Verify that only necessary services are running:
<div class="code-block mt-2">systemctl list-units --type=service --state=running</div>
</span>
</li>
</ul>
</div>
<div class="bg-white p-4 rounded-lg shadow-sm border border-gray-200">
<h3 class="font-semibold text-gray-800 mb-3">
<i class="fas fa-network-wired text-purple-500 mr-2"></i>Network Verification
</h3>
<ul class="space-y-2 text-gray-700">
<li class="flex items-start">
<i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
<span>Check open ports:
<div class="code-block mt-2">sudo ss -tulnp</div>
</span>
</li>
<li class="flex items-start">
<i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
<span>Verify UFW status:
<div class="code-block mt-2">sudo ufw status verbose</div>
</span>
</li>
<li class="flex items-start">
<i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
<span>Test SSH access on custom port only</span>
</li>
</ul>
</div>
<div class="bg-white p-4 rounded-lg shadow-sm border border-gray-200">
<h3 class="font-semibold text-gray-800 mb-3">
<i class="fas fa-shield-virus text-red-500 mr-2"></i>Security Audits
</h3>
<ul class="space-y-2 text-gray-700">
<li class="flex items-start">
<i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
<span>Run Lynis audit:
<div class="code-block mt-2">sudo lynis audit system</div>
</span>
</li>
<li class="flex items-start">
<i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
<span>Check for rootkits:
<div class="code-block mt-2">sudo rkhunter --checkall</div>
</span>
</li>
<li class="flex items-start">
<i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
<span>Run AIDE check:
<div class="code-block mt-2">sudo aide --check</div>
</span>
</li>
</ul>
</div>
<div class="bg-white p-4 rounded-lg shadow-sm border border-gray-200">
<h3 class="font-semibold text-gray-800 mb-3">
<i class="fas fa-user-lock text-yellow-500 mr-2"></i>Authentication Tests
</h3>
<ul class="space-y-2 text-gray-700">
<li class="flex items-start">
<i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
<span>Attempt SSH root login (should fail)</span>
</li>
<li class="flex items-start">
<i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
<span>Attempt password authentication (should fail if disabled)</span>
</li>
<li class="flex items-start">
<i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
<span>Test Fail2Ban by making failed SSH attempts:
<div class="code-block mt-2">ssh -p 2222 root@localhost</div>
</span>
</li>
</ul>
</div>
</div>
<div class="bg-yellow-50 border-l-4 border-yellow-400 p-4 rounded-lg">
<div class="flex">
<div class="flex-shrink-0">
<i class="fas fa-exclamation-triangle text-yellow-500 text-xl"></i>
</div>
<div class="ml-3">
<h3 class="text-sm font-medium text-yellow-800">
Important Note
</h3>
<div class="mt-2 text-sm text-yellow-700">
<p>
After completing all hardening steps, perform a full system reboot and verify all security measures are still in place. Some settings (like sysctl parameters) may require a reboot to take effect.
</p>
</div>
</div>
</div>
</div>
</div>
<!-- Resources Tab -->
<div id="resources" class="tab-content">
<h2 class="text-2xl font-bold text-gray-800 mb-4">
<i class="fas fa-book mr-2"></i>Additional Resources
</h2>
<div class="grid grid-cols-1 md:grid-cols-2 gap-6">
<!-- Documentation -->
<div class="bg-white p-4 rounded-lg shadow-sm border border-gray-200">
<h3 class="font-semibold text-gray-800 mb-3">
<i class="fas fa-file-alt text-blue-500 mr-2"></i>Official Documentation
</h3>
<ul class="space-y-3">
<li>
<a href="https://www.parrotsec.org/docs/" target="_blank" class="flex items-center text-blue-600 hover:underline">
<i class="fas fa-external-link-alt mr-2"></i>
Parrot OS Official Documentation
</a>
</li>
<li>
<a href="https://docs.ansible.com/" target="_blank" class="flex items-center text-blue-600 hover:underline">
<i class="fas fa-external-link-alt mr-2"></i>
Ansible Documentation
</a>
</li>
<li>
<a href="https://help.ubuntu.com/lts/serverguide/firewall.html" target="_blank" class="flex items-center text-blue-600 hover:underline">
<i class="fas fa-external-link-alt mr-2"></i>
UFW Firewall Guide
</a>
</li>
</ul>
</div>
<!-- Security Guides -->
<div class="bg-white p-4 rounded-lg shadow-sm border border-gray-200">
<h3 class="font-semibold text-gray-800 mb-3">
<i class="fas fa-shield-alt text-green-500 mr-2"></i>Security Hardening Guides
</h3>
<ul class="space-y-3">
<li>
<a href="https://www.cisecurity.org/benchmark/ubuntu_linux/" target="_blank" class="flex items-center text-blue-600 hover:underline">
<i class="fas fa-external-link-alt mr-2"></i>
CIS Ubuntu Benchmark
</a>
</li>
<li>
<a href="https://www.sshaudit.com/hardening_guides.html" target="_blank" class="flex items-center text-blue-600 hover:underline">
<i class="fas fa-external-link-alt mr-2"></i>
SSH Hardening Guide
</a>
</li>
<li>
<a href="https://linux-audit.com/" target="_blank" class="flex items-center text-blue-600 hover:underline">
<i class="fas fa-external-link-alt mr-2"></i>
Linux Audit Project
</a>
</li>
</ul>
</div>
<!-- Tools -->
<div class="bg-white p-4 rounded-lg shadow-sm border border-gray-200">
<h3 class="font-semibold text-gray-800 mb-3">
<i class="fas fa-tools text-purple-500 mr-2"></i>Useful Tools
</h3>
<ul class="space-y-3">
<li>
<a href="https://cisofy.com/lynis/" target="_blank" class="flex items-center text-blue-600 hover:underline">
<i class="fas fa-external-link-alt mr-2"></i>
Lynis - Security Auditing Tool
</a>
</li>
<li>
<a href="https://aide.github.io/" target="_blank" class="flex items-center text-blue-600 hover:underline">
<i class="fas fa-external-link-alt mr-2"></i>
AIDE - File Integrity Checker
</a>
</li>
<li>
<a href="https://www.openvas.org/" target="_blank" class="flex items-center text-blue-600 hover:underline">
<i class="fas fa-external-link-alt mr-2"></i>
OpenVAS - Vulnerability Scanner
</a>
</li>
</ul>
</div>
<!-- Community -->
<div class="bg-white p-4 rounded-lg shadow-sm border border-gray-200">
<h3 class="font-semibold text-gray-800 mb-3">
<i class="fas fa-users text-red-500 mr-2"></i>Community Resources
</h3>
<ul class="space-y-3">
<li>
<a href="https://community.parrotsec.org/" target="_blank" class="flex items-center text-blue-600 hover:underline">
<i class="fas fa-external-link-alt mr-2"></i>
Parrot OS Community Forum
</a>
</li>
<li>
<a href="https://www.reddit.com/r/ParrotSecurity/" target="_blank" class="flex items-center text-blue-600 hover:underline">
<i class="fas fa-external-link-alt mr-2"></i>
Parrot Security Subreddit
</a>
</li>
<li>
<a href="https://discord.gg/parrot" target="_blank" class="flex items-center text-blue-600 hover:underline">
<i class="fas fa-external-link-alt mr-2"></i>
Parrot OS Discord Server
</a>
</li>
</ul>
</div>
</div>
<div class="mt-8 bg-blue-50 p-4 rounded-lg border-l-4 border-blue-400">
<h3 class="font-semibold text-blue-800 mb-2">
<i class="fas fa-question-circle mr-2"></i>Need Help?
</h3>
<p class="text-blue-700">
For additional assistance with hardening your Parrot OS system, consider consulting with security professionals or posting specific questions on the Parrot OS community forums.
</p>
</div>
</div>
</div>
</div>
<!-- Footer -->
<footer class="mt-12 text-center text-gray-600 text-sm">
<p>
<i class="fas fa-code-branch mr-1"></i> Parrot OS Hardening Toolkit v1.0
<span class="mx-2">|</span>
<i class="fas fa-calendar-alt mr-1"></i> Last updated: July 2023
</p>
<p class="mt-2">
<i class="fas fa-exclamation-triangle mr-1 text-yellow-500"></i>
This guide is provided for educational purposes only. Use at your own risk.
</p>
<div class="mt-4 flex justify-center space-x-4">
<a href="#" class="text-blue-600 hover:underline">
<i class="fab fa-github mr-1"></i> GitHub
</a>
<a href="#" class="text-blue-600 hover:underline">
<i class="fas fa-bug mr-1"></i> Report Issue
</a>
<a href="#" class="text-blue-600 hover:underline">
<i class="fas fa-envelope mr-1"></i> Contact
</a>
</div>
</footer>
</div>
<script>
// Tab switching functionality
document.querySelectorAll('[data-tab]').forEach(tab => {
tab.addEventListener('click', () => {
// Remove active class from all tabs and contents
document.querySelectorAll('.nav-tabs button').forEach(t => t.classList.remove('active'));
document.querySelectorAll('.tab-content').forEach(c => c.classList.remove('active'));
// Add active class to clicked tab and corresponding content
tab.classList.add('active');
const tabId = tab.getAttribute('data-tab');
document.getElementById(tabId).classList.add('active');
});
});
// Copy button functionality
document.querySelectorAll('.copy-btn').forEach(btn => {
btn.addEventListener('click', function() {
const targetId = this.getAttribute('data-clipboard-target');
const codeBlock = document.querySelector(targetId);
const textToCopy = codeBlock.textContent;
navigator.clipboard.writeText(textToCopy).then(() => {
// Change button appearance temporarily
const originalText = this.innerHTML;
this.innerHTML = '<i class="fas fa-check mr-1"></i> Copied!';
this.classList.add('copied');
// Reset after 2 seconds
setTimeout(() => {
this.innerHTML = originalText;
this.classList.remove('copied');
}, 2000);
}).catch(err => {
console.error('Failed to copy text: ', err);
});
});
});
</script>
<p style="border-radius: 8px; text-align: center; font-size: 12px; color: #fff; margin-top: 16px;position: fixed; left: 8px; bottom: 8px; z-index: 10; background: rgba(0, 0, 0, 0.8); padding: 4px 8px;">Made with <img src="https://enzostvs-deepsite.hf.space/logo.svg" alt="DeepSite Logo" style="width: 16px; height: 16px; vertical-align: middle;display:inline-block;margin-right:3px;filter:brightness(0) invert(1);"><a href="https://enzostvs-deepsite.hf.space" style="color: #fff;text-decoration: underline;" target="_blank" >DeepSite</a> - 🧬 <a href="https://enzostvs-deepsite.hf.space?remix=S-Dreamer/hard-os" style="color: #fff;text-decoration: underline;" target="_blank" >Remix</a></p></body>
</html>