Logo
latest

Accounts and authentication

  • Introduction
  • Disable and enable user accounts
    • Shadow file modification
    • nologin User Shell
  • Make that secure passwords
  • Use a password manager
    • Managers
    • It does not protect from keyloggers
  • Password protect sleep and screen saver mode
  • Use multi-factor authentication (MFA)
  • Protect SSH access with MFA
  • Design principles and sudo killers
    • Installation
    • Command usage
    • CVEs check
    • Disclaimer

Services and applications

  • Introduction
  • Service management
    • Getting a list of services
    • Status of a service
    • Managing services
  • Application armour (AppArmor)
  • Restrict access to at and cron
  • Disable startup applications
    • Gnome
    • Mate
  • Choose a secure browser that protects your privacy
  • Use a secure messaging service
  • Use secure email services
    • Articles
  • Use SSH tunnels
    • Tunnelling with local port forwarding
    • Reverse tunnelling with remote port forwarding
    • Dynamic port forwarding
  • Use a VPN service
    • No logs policy
    • Logs timestamps and bandwidth
  • Use a firewall as a VPN fail-safe mechanism
    • Kill switch using ufw
    • Kill switch using iptables
  • Use alternative DNS servers
    • Alternative DNS servers
    • Use wireshark to check for leaks
  • Use a Tor proxy
    • Tor proxy
    • Shell
    • Enable Tor control port
    • Use in app, for example Firefox
    • Notes
  • Anonymise SSH sessions with Tor
    • Configuration SSH
      • Set up OpenSSH to use Tor for a specific connection
      • Set up OpenSSH to use Tor for a bunch of connections
  • Change MAC address
  • Renew IP lease
  • Edit hosts file

Data

  • Introduction
  • Use removable storage media
  • Archiving and compressing
    • tar
    • gzip
    • bzip2
    • lzop
  • Shift back and forth in time from past to present
    • Rsync
      • Installing rsync
      • General usage
      • Synchronize files from local to remote
      • Copy a remote directory to a local machine
      • Rsync over ssh
      • Do not overwrite modified files at the destination
    • Timeshift
  • Disk encryption
    • Installing cryptsetup
    • Find drive
    • Wipe drive
    • Create encrypted volume
    • Mount drive
    • Own it
    • Unmount drive
    • Using drive
  • File encryption
    • EncFS
    • eCryptfs
    • VeraCrypt
  • Shredding files and deleting data
    • Shredding files
    • Permanently delete files (including data in RAM or swap)
    • Making deleted data hard to recover
    • Use bleachbit to delete files

Privacy

  • Introduction
  • Turning devices on and off
    • Examples
      • Turn on/off camera/webcam
      • Turn on/off microphone
      • Blacklist firewire and thunderbolt
  • Remove metadata from files
    • Techniques for metadata removal
  • Edit exif metadata in images
    • ExifTool
    • imagemagick
    • exiv2
  • Removing metadata with hex editors
    • Usage in general
      • Native
    • Using software
  • Scrub machine with BleachBit
  • Use Metadata Anonymisation Toolkit 2 (MAT2)
  • Distros specialised in privacy

Malware

  • Introduction
  • Malware detection and removal
    • Automagically
      • ClamAV
      • ClamTK
    • Manually
      • Basic checks
      • Check for keylogger
      • Remove
      • Fail
    • Related
  • Analysing trojans
    • Related

Operations security

  • Introduction
    • Fail
  • Use email securely
  • Detecting fake emails and phishing
    • Fake emails
    • Phishing
    • Related
  • Browse more safely
  • Check integrity of downloads
    • Verifying downloaded software
    • Troubleshooting unauthenticated packages
  • ‘;–have i been pwned?

Guards! Guards!

  • Introduction
    • Choosing a firewall for a GNU/Linux
    • Choosing a HIDS for a GNU/Linux
  • Alphabet soup
    • Firewall
    • IDS
    • IPS
  • Netfilter and iptables
    • Installing persistence
    • Rules
      • Status command
      • Deleting a rule
      • Inserting a rule
      • Saving the rules
      • Stop/Restart
    • Configuring iptables
    • Configuring ip6tables
    • Usage examples
      • ICMP
  • NFTables
    • Basic idea
  • Gufw and ufw
    • Installation
    • Enabling
    • Checking status
    • Usage examples
      • ICMP
      • SSH
  • Linux intrusion detection systems
    • Host intrusion detection systems
    • Network intrusion detection systems
  • Aide
    • Installation
    • Initialisation
    • Configuration
    • Usage
  • OSSEC
  • Tripwire
    • Problems
    • Installation
    • Configuration
    • Initialisation
    • Cleaning up
    • Usage
Hardening GNU/Linux
  • Hardening GNU/Linux
  • Blue Team
  • Improbability Blog
  • About the UU
  • Register

Introduction

  • Use email securely

  • Detecting fake emails and phishing

  • Browse more safely

  • Check integrity of downloads

  • ‘;–have i been pwned?

Fail

Can happen of course. Clean machine.

Previous Next
Unseen University, 2023, with a forest garden fostered by /ut7.
Read the Docs v: latest
Versions
latest
Downloads
On Read the Docs
Project Home
Builds