Difference between revisions of "Linux Security"
no edit summary
imported>Tele |
imported>Tele |
||
| Line 9: | Line 9: | ||
A '''superuser''' account is equal problematic if not protected. | A '''superuser''' account is equal problematic if not protected. | ||
== Groups == | == Groups == | ||
| Line 21: | Line 22: | ||
$ groups | $ groups | ||
== Passwords == | == Passwords == | ||
| Line 47: | Line 49: | ||
If you make a habit of having different passwords for superuser and root you will just have to switch to the other and the system will comply. | If you make a habit of having different passwords for superuser and root you will just have to switch to the other and the system will comply. | ||
== Forum == | == Forum == | ||
| Line 53: | Line 56: | ||
== | == TIPS == | ||
=== <p><span style="color: #008000;"><strong>YOU BE AWARE</strong></span></p> === | |||
:: Everything you have on the devices, maybe one day be on the internet. | :: Everything you have on the devices, maybe one day be on the internet. | ||
:: So, do not put things which you do not want on the internet | :: So, do not put things which you do not want on the internet | ||
=== <p><span style="color: #008000;"><strong>FIREWALL</strong></span></p> === | |||
* Read about firewalls | * Read about firewalls | ||
* Read about IPv4 and IPv6, how check, how disable | * Read about IPv4 and IPv6, how check which you use, how disable not used | ||
* Read how read firewall logs | * Read how read firewall logs | ||
* Read how find open ports | * Read how find open ports | ||
* Read how find applications that use the internet and how to block | * Read how find applications that use the internet and how to block | ||
* Read how to find listen to the connections / applications. | * Read how to find listen to the connections / applications. Secure passwords should be encrypted | ||
* Read how block dangerous websites and access to the router, to protect the system and router against attack from web browser. | |||
* Read about sandbox | * Read https://wiki.manjaro.org/index.php?title=Security_%26_Anonymity | ||
=== <p><span style="color: #008000;"><strong>WEB BROWSER</strong></span></p> === | |||
* Read what data is disclosed by the web browser | |||
* Read about plugins: '''uBlock Origin''' , '''NoScript''' | |||
* Read why installing unknown or poor plugins can be dangerous. | |||
=== <p><span style="color: #008000;"><strong>E_MAIL</strong></span></p> === | |||
* Read how to create aliases for your own mail and why can help you protect against spam or inform about a data leak | |||
* Read how how to automatically sort trusted emails | |||
* Read how read source code messages and how to see the headers | |||
* Read about '''phishing''' and '''punycode phishing attack''' | |||
=== <p><span style="color: #008000;"><strong>SYSTEM PROCESSES</strong></span></p> === | |||
* Read about '''sandbox''' | |||
* Read how prevent a fork bomb by limiting user process | * Read how prevent a fork bomb by limiting user process | ||
=== <p><span style="color: #008000;"><strong>GOOD HABITS</strong></span></p> === | |||
* Do not use commands if you do not know what they do | * Do not use commands if you do not know what they do | ||
* Do not enter long commands, but '''copy''' and '''paste''' | * Do not enter long commands, but '''copy''' and '''paste''' | ||
* Do not use '''root account''' if you don't need. | * Do not use '''root account''' if you don't need. | ||
* Do not trust anyone. If you can check, verify. | |||
* Read how to build strong passwords | |||
* Read about '''two-factor authentication''' | * Read about '''two-factor authentication''' | ||
* Read about GPG / GnuPG ''( Asymmetric encryption with 2 keys: private and public )'' | |||
** for example https://wiki.manjaro.org/index.php?title=How-to_verify_GPG_key_of_official_.ISO_images | |||
* Read about hash collisions | |||
** https://en.wikipedia.org/wiki/Collision_attack | |||
** http://valerieaurora.org/hash.html | |||
=== <p><span style="color: #008000;"><strong>FILES</strong></span></p> === | |||
* Read why we use '''sgid''' and why it can be dangerous | * Read why we use '''sgid''' and why it can be dangerous | ||
* Read how find files with incorrect permissions and how find files with sgid | * Read how find files with incorrect permissions and how find files with sgid | ||
* Read about '''AIDA''' ''( Advanced Intrusion Detection Enviornment )'' | * Read about '''AIDA''' ''( Advanced Intrusion Detection Enviornment )'' | ||
* Read what it is '''Access Control Lists''' | * Read what it is '''Access Control Lists''' | ||
* Read how to check the changed packages | * Read how to check the changed packages | ||
* Read how to check system logs and how to quickly find faults and how create alerts | * Read how to check system logs and how to quickly find faults and how create alerts | ||
* Update the system systematically if possible, | * Update the system systematically if possible, because a lot of attacks already use detected and repaired vulnerabilities. | ||
* Read why untested packages from outside the repository can be dangerous | * Read why untested packages from outside the repository can be dangerous | ||
* Read why we use programs with a closed source code and why can be dangerous | * Read why we use programs with a closed source code and why can be dangerous | ||
* Read about '''chkrootkit''' and '''rkhunter''' | * Read about '''chkrootkit''' and '''rkhunter''' | ||
=== <p><span style="color: #008000;"><strong>IF YOU ARE A PROGRAMMER</strong></span></p> === | |||
* Read about attacks on environmental variables | |||
* Read about attack on input files | |||
* Read about Validating Sanitizing and Escaping User Data | |||
[[Category:Contents Page]] | [[Category:Contents Page]] | ||