Best secrity tools to defend my Trisquel system against douchebags?
- Inicie sesión o regístrese para enviar comentarios
Hi! :)
Sun Tzu said to know your enemy. How smart are they? Their level of intelligence and resourcefulness dictates what you need to do.
Nihaoma! :)
+1 to grsecurity patch.
also sudo apt-get install ufw. ufw enable. here is a good tutorial. http://ubuntuforums.org/showthread.php?t=1893751 Skip his part 1 and instead type ufw default deny outgoing. Follow the advice the rest of the steps.
this website also has good tips http://hardenubuntu.com/
Trisquel also comes with lots of default apparmor profiles you can enforce. Even for abrowser. sudo apt-get install apparmor apparmor-utils apparmor-profiles Then to go /etc/apparmor.d to list the files. and as root type aa-enforce [filename] for the processses you use. apparmor_status shows status.
use a file integrity program like tripwire or AIDE, to check when files have been changed. Use a program like logwatch to check some important logs. Set up mail to email all these reports to root. I use Dragonfly mail agent so nothing listens on ports. https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps
disable services especially those you don't need. Disable all services listening on ports especially. as root type lsof -i. disable them all. use a static connection not dhcp.
Use some tools to monitor your network in real time and look for weird traffic. I like etherape cause its graphical. there is also iftop, iptraf-ng, nethogs, ntop. Tcpdump and wireshark for closer inspection. Netatop is actually great plugin for atop, because it will even show shortlived processes, but you need to compile kernel for it.
Real security experts will tell you its not about stopping them from getting in anymore, Its about how fast you can detect the intrusion and minimize the damage. Even the head of IAD for he NSA will tell you the same thing. Assume you are already hacked. The main thing is checking your logs, and trying to figure out what and when. Because if you are very active on your pc, it really doesn't matter who you are you can't stop it. But what you can do is try to limit it.
This is really helpful! I'll go check these! Thanks a lot!
On 07/24/2015 04:30 PM, name at domain wrote:
> +1 to grsecurity patch, this website has good tips
> http://hardenubuntu.com/
>
> Trisquel also comes with lots of default apparmor profiles you can
> enforce.
>
> use a file integrity program like tripwire or AIDE, to check when
> files have been changed. Use a program like logwatch to check some
> important logs. Set up mail to email all these reports to root. I
> use Dragonfly mail agent so nothing listens on ports.
> https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps
>
> disable services especially those you don't need. Disable all
> services listening on ports especially. as root type lsof -i.
> disable them all. use a static connection not dhcp.
>
> Use some tools to monitor your network in real time. I like etherape
> cause its graphical. there is also iftop, iptraf-ng, nethogs,
> ntop. Netatop is actually great plugin for atop, because it will even
> show shortlived processes, but you need to compile kernel for it.
>
> But I hate to break it to you, Real security experts will tell you
> its not about stopping them from getting in anymore, Its about how
> fast you can detect the intrusion and minimize the damage. Even the
> head of IAD for he NSA will tell you the same thing. Assume you are
> already hacked. The main thing is checking your logs, and trying to
> figure out what and when. Because if you are very active on your
> pc, it really doesn't matter who you are you can't stop it. But what
> you can do is limit it.
>
>
also install and routinely use rkhunter, rkhunter will also notify you about some changes tripwire sees. and clamav. ALthough I'm told the sophos virus scanner is better for linux then clamav, but clamav seems to always be updated.
I can't edit my previous post for some strange reason, but just to add when you deny outgoing with ufw. You have allow ports you need. So the basic ones are:
ufw allow out proto tcp from [yourip] to any port 80,443 (http/https)
ufw allow out proto udp from [yourip] to any port 53,123 (dns/ntp)
ufw allow out proto udp from [yourip] to any port 6697 (freenode)
ufw reload
you can install a gui for ufw called gufw to make life easier. Always make sure the block rules are above the allow rules. it goes in order top to bottom. with cli you can cut and paste within /lib/ufw/user.rules to change order if you need.
I installed clamav already. Does it run after installation or do I call
it? My terminal says 'no such clamav found' or something like that when
I try to call clamav via 'clamav'.
On 07/24/2015 04:41 PM, name at domain wrote:
> also install and routinely use rkhunter, and clamav.
it only updates everyday after install, you would have to call it to scan.
clamscan is the command, you can check manpage for all the options. I make an alias for it. https://askubuntu.com/questions/250290/how-do-i-scan-for-viruses-with-clamav
Also most stuff gets in through the browser so here is good tutorial to tweak browser. https://trisquel.info/en/wiki/tweak-your-browser-enhance-security-and-privacy
and if you are real sadistic like me, I use a program called peerguardian which blacklists many ip ranges. you an turn all the default ones on, or use extra lists from iblocklist.com. So when you go to a webpage, you will also have to right click the ip being blocked to either temporarily allow or permanently allow. (I never perma allow anything except ip's needed for updates and port 123)
sudo add-apt-repository ppa:jre-phoenix/ppa
sudo apt-get update
sudo apt-get install pgld pglcmd pglgui
sudo pglgui
add notification area applet to panel to see the icon for it.
Many so called experts say blacklists are useless nowadays, but when you are blocking more then half the web its helping. The people who spread these rumours are network admins who don't want you slowing down their network, especially torrent admins, and the gov't and recording industry agencies who don't want you blocking their ip's for obvious reasons.
Ah thanks a lot man!
On 07/24/2015 05:36 PM, name at domain wrote:
> it only updates everyday after install, you would have to call it to
> scan.
>
> clamscan is the command, you can check manpage for all the options.
> I make an alias for it.
> https://askubuntu.com/questions/250290/how-do-i-scan-for-viruses-with-clamav
>
>
Update the database of viruses:
$ sudo freshclam
Scan the whole system:
$ sudo clamscan -r /
Each command takes tens of minutes if not hours. And the searched virus almost all are Windows viruses.
https://www.youtube.com/watch?v=y_lhqg_p21k&feature=player_embedded
people criticize this video because is showing .exe files, but if you look closer, one of them is actually a directory name, with an unknown file extenstion in it. But the point is, it was breaking his program.
whats most funny to me about this video though is the guys google phone listening to him in his room haha.
Thanks so much for this! Really helpful!
On 07/24/2015 05:42 PM, name at domain wrote:
> Update the database of viruses:
>
> $ sudo freshclam
>
> Scan the whole system:
>
> $ sudo clamscan -r /
>
> Each command takes tens of minutes if not hours. And the searched
> virus almost all are Windows viruses.
I am a translator!
sudo ufw enable
sudo netstat -tulpn and see what is listening to the internetz. Remove everything you don't use/need.
Relax. If your suntzunnoy enemy is not the NSA, you are perfectly fine.
P.S - if your suntzunnaaeey enemy IS the NSA you can grsecurity, selinuxity, apparmorius and harden ass whatever you want, they WILL get in. So, no need to spend too much time and effort on grsec etc..
suntzunnoy? You mean Sun Tzu? lol
On 07/24/2015 10:27 PM, name at domain wrote:
> sudo ufw enable
>
> sudo netstat -tulpn and see what is listening to the internetz.
> Remove everything you don't use/need.
>
> Relax. If your suntzunnoy enemy is not the NSA, you are perfectly fine.
abosolutey wrong, the NSA is the least likely people to be targeting you. But you definitely have to worry about everyone else, especially if you are active on the pc.
In fact the only technical abilities the NSA have over some 17 yr old computer nerd down the block, is prism.
on a funny sidenote, freenode irc was featured in the latest episode of Mr. Robot, when one of the malicious hackers tries to recruit some chinese hacking crew to help her crew hack some company and gets banned from the room...lol
Yeah that high-blooded Darlene haha! Show's legit though, I think. Probably the best one of it's kind.
I am a translator!
abosolutey wrong, the NSA is the least likely people to be targeting you. But you definitely have to worry about everyone else
paranoid much, ha?
Who do I have to worry about? The occasional script kiddo cracking my setup? Yeah, right..
GNU is very secure by default. Just chill and relax.
I reckon the greatest threat on GNU is the stupid user. If you install a malicious deb, you are screwed. That is why I compile everything outside the repo. That and keeping your distro updated will do the job of keeping your very boring and non-interesting ass safe.
So you live in a glass house?
I guess we all can't be as boring and uninteresting as you. And we all can't live in the middle of nowhere either...
You are like the guy who tells me to lower my logging level, instead of figuring out why my computer is doing something under the hood. People like that might as well use windows or mac osx.
Stupid users aren't the only ones who get their box compromised. Someone was telling me earlier, the creator of arch got his box compromised 3 times in one day lol.
Thats like telling the people who got drive by downloads of viruses from nbc.com a couple years ago, that they were stupid for going to such a shady website. Nowadays you don't have to click anything, you just go to the url, it can be any website, and thats not anybodies fault.
What about the debian users who were downloading spyware with their chromium. Were they being stupid? Are you also one of those guys who think google always listening on your mic without your knowledge is nothing to worry about because you have nothing to hide? Yet you seem to be worried about the NSA, which is pretty ironic and laughable.
- Inicie sesión o regístrese para enviar comentarios