Difference between revisions of "Linux Security"

no edit summary
imported>Tele
imported>Tele
Line 9: Line 9:


A '''superuser''' account is equal problematic if not protected.
A '''superuser''' account is equal problematic if not protected.


== Groups ==
== Groups ==
Line 21: Line 22:


  $ groups
  $ groups


== Passwords ==
== Passwords ==
Line 47: Line 49:


If you make a habit of having different passwords for superuser and root you will just have to switch to the other and the system will comply.
If you make a habit of having different passwords for superuser and root you will just have to switch to the other and the system will comply.


== Forum ==
== Forum ==
Line 53: Line 56:




== Tips ==
== TIPS ==
* You be aware:  
 
=== <p><span style="color: #008000;"><strong>YOU BE AWARE</strong></span></p> ===
:: Everything you have on the devices, maybe one day be on the internet.
:: Everything you have on the devices, maybe one day be on the internet.
:: So, do not put things which you do not want on the internet
:: So, do not put things which you do not want on the internet
=== <p><span style="color: #008000;"><strong>FIREWALL</strong></span></p> ===
* Read about firewalls
* Read about firewalls
* Read about IPv4 and IPv6, how check, how disable
* Read about IPv4 and IPv6, how check which you use, how disable not used
* Read how read firewall logs
* Read how read firewall logs
* Read how find open ports
* Read how find open ports
* Read how find applications that use the internet and how to block
* Read how find applications that use the internet and how to block
* Read how to find listen to the connections / applications.
* Read how to find listen to the connections / applications. Secure passwords should be encrypted  
:: Secure passwords should be encrypted
* Read how block dangerous websites and access to the router, to protect the system and router against attack from web browser.
* Read about sandbox
* Read https://wiki.manjaro.org/index.php?title=Security_%26_Anonymity
 
=== <p><span style="color: #008000;"><strong>WEB BROWSER</strong></span></p> ===
* Read what data is disclosed by the web browser
* Read about plugins: '''uBlock Origin''' , '''NoScript'''
* Read why installing unknown or poor plugins can be dangerous.
 
=== <p><span style="color: #008000;"><strong>E_MAIL</strong></span></p> ===
* Read how to create aliases for your own mail and why can help you protect against spam or inform about a data leak
* Read how how to automatically sort trusted emails
* Read how read source code messages and how to see the headers
* Read about '''phishing''' and '''punycode phishing attack'''
=== <p><span style="color: #008000;"><strong>SYSTEM PROCESSES</strong></span></p> ===
* Read about '''sandbox'''
* Read how prevent a fork bomb by limiting user process
* Read how prevent a fork bomb by limiting user process
=== <p><span style="color: #008000;"><strong>GOOD HABITS</strong></span></p> ===
* Do not use commands if you do not know what they do
* Do not use commands if you do not know what they do
* Do not enter long commands, but '''copy''' and '''paste'''
* Do not enter long commands, but '''copy''' and '''paste'''
* Do not use '''root account''' if you don't need.
* Do not use '''root account''' if you don't need.
* Do not trust anyone. If you can check, verify.
* Read how to build strong passwords
* Read about '''two-factor authentication'''
* Read about '''two-factor authentication'''
* Read about GPG / GnuPG ''( Asymmetric encryption with 2 keys: private and public )''
**  for example https://wiki.manjaro.org/index.php?title=How-to_verify_GPG_key_of_official_.ISO_images
* Read about hash collisions
** https://en.wikipedia.org/wiki/Collision_attack
** http://valerieaurora.org/hash.html
===  <p><span style="color: #008000;"><strong>FILES</strong></span></p> ===
* Read why we use '''sgid''' and why it can be dangerous
* Read why we use '''sgid''' and why it can be dangerous
* Read how find files with incorrect permissions and how find files with sgid
* Read how find files with incorrect permissions and how find files with sgid
* Do not trust anyone
* Read about '''AIDA''' ''( Advanced Intrusion Detection Enviornment )''
* Read about '''AIDA''' ''( Advanced Intrusion Detection Enviornment )''
* Read what it is '''Access Control Lists'''
* Read what it is '''Access Control Lists'''
* Read how to check the changed packages
* Read how to check the changed packages
* Read how to check system logs and how to quickly find faults and how create alerts
* Read how to check system logs and how to quickly find faults and how create alerts
* Update the system systematically if possible,
* Update the system systematically if possible, because a lot of attacks already use detected and repaired vulnerabilities.
:: because a lot of attacks already use detected and repaired vulnerabilities.
* Read why untested packages from outside the repository can be dangerous
* Read why untested packages from outside the repository can be dangerous
* Read why we use programs with a closed source code and why can be dangerous
* Read why we use programs with a closed source code and why can be dangerous
* Read about '''chkrootkit''' and '''rkhunter'''
* Read about '''chkrootkit''' and '''rkhunter'''
* Read https://wiki.manjaro.org/index.php?title=Security_%26_Anonymity
 
* Read what data is disclosed by the web browser
==<p><span style="color: #008000;"><strong>IF YOU ARE A PROGRAMMER</strong></span></p> ===
* Read about GPG / GnuPG ''( Asymmetric encryption with 2 keys: private and public )''
* Read about attacks on environmental variables
: for example https://wiki.manjaro.org/index.php?title=How-to_verify_GPG_key_of_official_.ISO_images
* Read about attack on input files
* Read about hash collisions
* Read about Validating Sanitizing and Escaping User Data
: https://en.wikipedia.org/wiki/Collision_attack
: http://valerieaurora.org/hash.html
* If you're a programmer:
** Read about attacks on environmental variables
** Read about attack on input files
** Read about Validating Sanitizing and Escaping User Data






[[Category:Contents Page]]
[[Category:Contents Page]]
Anonymous user