Securing Linux

last edited Wed, 13 Mar 2024 21:21:35 GMT
backlinks: void linux Linux System Administration


It's always beneficial to consider your threat model.

Root direct link to this section

  1. Limit execution of the su command to members of group wheel.
  2. Prevent direct root login, either on directly connected terminals or remotely over SSH.
  3. Disable password authentication over SSH, require cryptographic authentication.

SSH direct link to this section

Intrusion Detection direct link to this section

snort direct link to this section

sudo apt install snort

run as a daemon:

sort -D

read the logs /var/log/snort/alert

Secure File deletion direct link to this section

Use secure remove sudo apt install secure-delete

Over write data with zeroes:

# dd if=/dev/zero of=/dev/sdX

or:

$ sudo dd if=/dev/zero of=/dev/sdX

Overwriting with random data:

# dd if=/dev/urandom of=/dev/sdX

or:

$ sudo dd if=/dev/urandom of=/dev/sdX