admin/HomeAudit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
HomeAudit/secure_network.sh
admin fb869f1131 Initial commit
2025-08-24 11:13:39 -04:00

211 lines
6.8 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# Network Security Script - Post-Compromise Cleanup
# This script helps secure your network after a device compromise
echo "🔒 NETWORK SECURITY CLEANUP SCRIPT"
echo "=================================="
echo "Timestamp: $(date)"
echo ""
# Function to check current network status
check_network_status() {
echo "1. Checking current network status..."
echo ""
echo "Active network interfaces:"
ip addr show | grep -E "inet.*192\.168\.50\." | awk '{print $2}' | head -5
echo ""
echo "Current firewall status:"
sudo iptables -L -n | grep -E "(DROP|REJECT)" | wc -l | xargs echo "Active firewall rules:"
echo ""
echo "Blocked device status:"
if sudo iptables -L -n | grep "192.168.50.81" > /dev/null; then
echo "✅ 192.168.50.81 is blocked"
else
echo "❌ 192.168.50.81 is NOT blocked"
fi
}
# Function to scan for other suspicious devices
scan_suspicious_devices() {
echo ""
echo "2. Scanning for other suspicious devices..."
echo ""
echo "All devices on network:"
arp -n | grep -v "incomplete" | while read line; do
IP=$(echo $line | awk '{print $1}')
MAC=$(echo $line | awk '{print $3}')
if [ ! -z "$IP" ] && [ ! -z "$MAC" ]; then
echo "IP: $IP | MAC: $MAC"
# Check for suspicious MAC patterns
if echo "$MAC" | grep -E "(00:00:00|ff:ff:ff|aa:aa:aa)" > /dev/null; then
echo "⚠️ Suspicious MAC pattern detected: $MAC"
fi
fi
done
}
# Function to check for open ports on network
check_network_ports() {
echo ""
echo "3. Checking for open ports on network..."
echo ""
echo "Scanning common ports on network devices..."
for ip in $(arp -n | grep -v "incomplete" | awk '{print $1}' | grep "192.168.50."); do
if [ "$ip" != "192.168.50.81" ]; then
echo "Checking $ip..."
timeout 3 bash -c "</dev/tcp/$ip/22" 2>/dev/null && echo " SSH (22): OPEN"
timeout 3 bash -c "</dev/tcp/$ip/80" 2>/dev/null && echo " HTTP (80): OPEN"
timeout 3 bash -c "</dev/tcp/$ip/443" 2>/dev/null && echo " HTTPS (443): OPEN"
fi
done
}
# Function to provide security recommendations
security_recommendations() {
echo ""
echo "4. SECURITY RECOMMENDATIONS:"
echo "============================"
echo ""
echo "🚨 IMMEDIATE ACTIONS REQUIRED:"
echo "1. PHYSICALLY DISCONNECT the compromised Amazon device"
echo "2. Change your WiFi password NOW"
echo "3. Update your router's firmware"
echo "4. Enable MAC address filtering on your router"
echo "5. Factory reset the Amazon device"
echo ""
echo "🔧 ROUTER SECURITY SETTINGS:"
echo "1. Access your router's admin interface (usually 192.168.50.1)"
echo "2. Change the admin password"
echo "3. Enable MAC address filtering"
echo "4. Block the MAC address: cc:f7:35:53:f5:fa"
echo "5. Enable firewall features"
echo "6. Disable WPS if enabled"
echo "7. Use WPA3 encryption if available"
echo ""
echo "📱 DEVICE SECURITY:"
echo "1. Update all devices to latest firmware"
echo "2. Use strong, unique passwords"
echo "3. Enable two-factor authentication where possible"
echo "4. Install security software on computers"
echo "5. Regularly backup important data"
echo ""
echo "🔍 MONITORING:"
echo "1. Check router logs regularly"
echo "2. Monitor network traffic"
echo "3. Watch for unusual activity"
echo "4. Consider network segmentation for IoT devices"
echo ""
}
# Function to create network monitoring script
create_monitoring_script() {
echo ""
echo "5. Creating network monitoring script..."
cat > network_monitor.sh << 'EOF'
#!/bin/bash
# Network Monitoring Script
# Monitors for suspicious activity
LOG_FILE="network_monitor_$(date +%Y%m%d_%H%M%S).log"
echo "Starting network monitoring..." | tee $LOG_FILE
while true; do
echo "[$(date)] Checking network..." | tee -a $LOG_FILE
# Check for new devices
NEW_DEVICES=$(arp -n | grep -v "incomplete" | wc -l)
echo "Active devices: $NEW_DEVICES" | tee -a $LOG_FILE
# Check for suspicious connections
SUSPICIOUS=$(netstat -tuln 2>/dev/null | grep -E ":(25|1433|3306|5432|27017|6379|8080|8443|4444|31337)" | wc -l)
if [ $SUSPICIOUS -gt 0 ]; then
echo "⚠️ Suspicious connections detected: $SUSPICIOUS" | tee -a $LOG_FILE
fi
# Check firewall status
if ! sudo iptables -L -n | grep "192.168.50.81" > /dev/null; then
echo "🚨 WARNING: Compromised device is no longer blocked!" | tee -a $LOG_FILE
fi
sleep 300 # Check every 5 minutes
done
EOF
chmod +x network_monitor.sh
echo "✅ Network monitoring script created: network_monitor.sh"
}
# Function to provide Amazon device reset instructions
amazon_reset_instructions() {
echo ""
echo "6. AMAZON DEVICE FACTORY RESET INSTRUCTIONS:"
echo "============================================="
echo ""
echo "For Amazon Fire TV Stick:"
echo "1. Unplug the device from power"
echo "2. Hold the BACK button and RIGHT side of the navigation circle"
echo "3. While holding these buttons, plug the device back in"
echo "4. Keep holding until you see the Amazon logo"
echo "5. Release the buttons when you see 'Installing system update'"
echo "6. Wait for the reset to complete"
echo ""
echo "For Amazon Echo:"
echo "1. Press and hold the Action button for 25 seconds"
echo "2. Wait for the light ring to turn orange"
echo "3. Release the button when the light turns off"
echo "4. Wait for the light to turn blue and then orange"
echo "5. The device will reset to factory settings"
echo ""
echo "For Amazon Fire Tablet:"
echo "1. Go to Settings > Device Options > Reset to Factory Defaults"
echo "2. Tap 'Reset' to confirm"
echo "3. Enter your Amazon password if prompted"
echo "4. Wait for the reset to complete"
echo ""
echo "⚠️ IMPORTANT: After factory reset, do NOT restore from backup"
echo "⚠️ Set up the device as new and only install trusted apps"
}
# Main execution
main() {
check_network_status
scan_suspicious_devices
check_network_ports
security_recommendations
create_monitoring_script
amazon_reset_instructions
echo ""
echo "=== NETWORK SECURITY CLEANUP COMPLETE ==="
echo ""
echo "Next steps:"
echo "1. Run: ./network_monitor.sh (in background)"
echo "2. Follow the security recommendations above"
echo "3. Contact Amazon support if needed: 1-877-375-9365"
echo ""
echo "⚠️ REMEMBER: This is a serious security incident!"
echo "Take immediate action to protect your network."
}
# Run the main function
main
Reference in New Issue View Git Blame Copy Permalink