Linux is known to be more secure then Windows. This is true, mostly because of the user hierarchy and it being open source, which makes it easier to find and patch security vulnerabilities. Viruses, rootkits and exploits for Linux exist. This is a guide on how to keep your system secure and under control.
I recommend this for your main host and Whonix to card with. Follow this tutorial if you are interested wiki/index.php/Setting_Up_Whonix
Keep your system updated daily. With every update comes security improvements. In Arch you type “pacman -syu”, Ubuntu, *buntu, Debian you type “apt-get update && upgrade”, Gentoo with emerge “emerge –update –deep –with-bdeps=y –newuse world” or with yum “yum update”
Encrypt your entire system with LUKS and your /home folder, this is done during installation of the OS, you can use TrueCrypt 7.1a for everything else.
Encrypt swap if it isn’t already.
Code: Select all
apt-get install ecryptfs-utils cryptsetup
then
Code: Select all
ecryptfs-setup-swap
check if it’s working with blkid
Code: Select all
blkid | grep ‘swap’
Wipe files with BleachBit, forensics cannot recover these files.
Code: Select all
apt-get install bleachbit
Use command “who” or “w” to check who is logged in.
Look for open ports with “netstat -punta” if you find anything suspicious you can kill that process or close the port.
Never use telnet or SFTP, always use encrypted connections like SFTP and SSH with SSH-keys.
If you run a server or website, run it in jail, which means it can’t read files that it doesn’t use. You should use “chattr”, then no one can modify the files because they are locked. This is good to put on index files so you won’t get defaced. Useful for log files and you can even lock folders. After everything is setup you can test if it works with
Code: Select all
echo “killua” >> /var/www/index.html
if you get permission denied even as root, then it’s working correctly.
If your server is going to be open to the internet, create a syslog-server. This logs the activity on the server, especially useful if a hacker is erasing evidence after a successful hack. Syslog also gives you more information about your server, which always comes in handy.
If your web server gets hacked then it’s very important to know which files are SUID/SGID. These files can be run like another users rights, root, etc.
Code: Select all
find / -xdev \( -perm -4000 -o -perm -2000 \) -type f -print
You can remove the SUID-flag from suspicious files with chmod -s <file name>
(you can use ufw if you want, then skip this) Download Ipkungfu firewall
Code: Select all
apt-get install ipkungfu
and write which hosts your system should permit.
Code: Select all
nano /etc/ipkungfu/accept_hosts.conf
If you are using a VPN you should allow them here with the following syntax (host[ortrotocol]) if your VPN is using static IP’s then for example
Code: Select all
255.255.xx.x/24:22:tcp
Edit /etc/ipkungfu/ipkungfu.conf
Code: Select all
BLOCK_PINGS=1
SUSPECT=”DROP
KNOWN_BAD=”DROP”
PORT_SCAN=”DROP”
and run “ipkungfu” check status, if it’s running as it should “ipkungfu -c”
If you decided to use ufw (gufw with GUI) remember that firewalls are only useful if you block open ports that you are not going to use
For web servers, allow port 80/443 and port 22 for SSH. Blocking ping’s and scans (from nmap for example) is important because it makes it harder for a hacker to see which versions your services are using and ports that are available.
Download fail2ban to prevent bruteforce attacks:
Code: Select all
apt-get install fail2ban
then
Code: Select all
nano /etc/fail2ban/jail.conf
to modify settings (how many tries to allow, where to save logs, and what services to protect) run fail2ban
Code: Select all
/etc/init.d/fail2ban start
Download chkrootkit
Code: Select all
apt-get install chkrootkit
rkhunter
Code: Select all
apt-get install rkhunter & rkhunter –update & rkhunter -c
lynis
Code: Select all
apt-get install lynis & lynis -c
and tiger if you deem it necessary
Code: Select all
apt-get install tiger
these are (Intrusion Detection Systems) IDS, remember to run them.
Download iptraf to get data and statistics of your network
Code: Select all
apt-get install iptraf
Use ulimit if you want to limit your system’s resources. This can protect you against different type of bombs.
Code: Select all
ulimit -a or like ulimit -u 10 puts max processes to 10
Isowall is a firewall that isolates the computer in the network, which should protect your network from LAN spread worms.
Henceforth, WE WISH TO ANNOUNCE THAT OUR SERVICES ARE NOT AVAILABLE TO PEOPLE FROM NIGERIA AND INDIA. THESE ARE USELESS TIME WASTERS AND THIEVES TRYING TO BEG OR SCAM US OF OUR PRODUCTS. OUR SERVICES ARE NOT FREE AND PAYMENT IS UPFRONT
A LOT OF FOOLS FROM NIGERIA AND INDIA. on the off chance that YOU DON’T TRUST TO USE OUR SERVICES, DON’T CONTACT US AS WE HAVE NO FREE SERVICE
WE DO NOT RESPOND TO TIME WASTERS, COME READY TO BUY. KINDLY CONTACT US VIA THE LINKS BELOW:
EMAIL: [email protected] Click Here
ICQ: @MTH2021 Click HERE
WHATSAPP: +19789070788 Click HERE
TELEGRAM: @MTH2021 Click HERE