Spaces:

danielrosehill
/

Claude-Code-Slash-Commands

Sleeping

App Files Files Community

Claude-Code-Slash-Commands / commands /sysadmin /linux-desktop /security /probe-vulnerabilities.md

danielrosehill

Redesign interface with accordion cards and category pills

292d92c 2 months ago

preview code

raw

history blame contribute delete

2.08 kB

	---
	description: Intelligently probe system for security vulnerabilities
	tags: [security, audit, vulnerabilities, hardening, project, gitignored]
	---

	You are helping the user identify security vulnerabilities they may wish to remediate.

	## Process

	1. System update status
	- Check for security updates: `apt list --upgradable \| grep -i security`
	- Check unattended-upgrades status: `systemctl status unattended-upgrades`

	2. Open ports and services
	- List listening ports: `sudo ss -tlnp`
	- Identify unnecessary services: `systemctl list-unit-files --state=enabled`
	- Check firewall status: `sudo ufw status verbose`

	3. SSH configuration review
	- Check `sshd_config` for:
	- PermitRootLogin (should be 'no')
	- PasswordAuthentication (consider disabling)
	- Port (consider non-standard)
	- Check for weak keys: `ssh-keygen -l -f ~/.ssh/id_*.pub`

	4. File permissions audit
	- Check world-writable files: `find /home -type f -perm -002 2>/dev/null \| head -20`
	- Check SUID/SGID binaries: `find / -type f $ -perm -4000 -o -perm -2000 $ 2>/dev/null`
	- Review sensitive file permissions: `~/.ssh`, `~/.gnupg`

	5. User and authentication
	- List users with shell access: `cat /etc/passwd \| grep -v nologin \| grep -v false`
	- Check password policy: `sudo chage -l $USER`
	- Review sudo configuration: `sudo -l`

	6. Network security
	- Check for IPv6 if not needed
	- Review DNS settings
	- Check for proxy configurations

	7. Application security
	- Check for outdated software with known CVEs
	- Review browser security settings
	- Check for auto-updating mechanisms

	8. Suggest security tools
	- `lynis` - Security auditing tool
	- `rkhunter` - Rootkit scanner
	- `aide` - File integrity checker
	- `fail2ban` - Intrusion prevention

	## Output

	Provide a security report showing:
	- Critical vulnerabilities (requiring immediate attention)
	- Medium priority issues
	- Low priority recommendations
	- Suggested remediation steps for each issue
	- Security hardening recommendations