linux is known to be more secure then windows. this is true, mostly because of the user hierarchy and it being open source, which makes it easier to find and patch security vulnerabilities. viruses, rootkits and exploits for linux exist. this is a guide on how to keep your system secure and under control.

i recommend this for your main host and whonix to card with. follow this tutorial if you are interested wiki/index.php/setting_up_whonix

keep your system updated daily. with every update comes security improvements. in arch you type "pacman -syu", ubuntu, *buntu, debian you type "apt-get update && upgrade", gentoo with emerge "emerge --update --deep --with-bdeps=y --newuse world" or with yum "yum update"


encrypt your entire system with luks and your /home folder, this is done during installation of the os, you can use truecrypt 7.1a for everything else.


encrypt swap if it isn't already.

code: select all
apt-get install ecryptfs-utils cryptsetup

then

code: select all
ecryptfs-setup-swap

check if it's working with blkid

code: select all
blkid | grep 'swap'


wipe files with bleachbit, forensics cannot recover these files.

code: select all
apt-get install bleachbit


use command "who" or "w" to check who is logged in.


look for open ports with "netstat -punta" if you find anything suspicious you can kill that process or close the port.


never use telnet or sftp, always use encrypted connections like sftp and ssh with ssh-keys.


if you run a server or website, run it in jail, which means it can't read files that it doesn't use. you should use "chattr", then no one can modify the files because they are locked. this is good to put on index files so you won't get defaced. useful for log files and you can even lock folders. after everything is setup you can test if it works with

code: select all
echo "killua" >> /var/www/index.html

if you get permission denied even as root, then it's working correctly.


if your server is going to be open to the internet, create a syslog-server. this logs the activity on the server, especially useful if a hacker is erasing evidence after a successful hack. syslog also gives you more information about your server, which always comes in handy.


if your web server gets hacked then it's very important to know which files are suid/sgid. these files can be run like another users rights, root, etc.

code: select all
find / -xdev \( -perm -4000 -o -perm -2000 \) -type f -print

you can remove the suid-flag from suspicious files with chmod -s <file name>


(you can use ufw if you want, then skip this) download ipkungfu firewall

code: select all
apt-get install ipkungfu

and write which hosts your system should permit.

code: select all
nano /etc/ipkungfu/accept_hosts.conf

if you are using a vpn you should allow them here with the following syntax (host[ortrotocol]) if your vpn is using static ip's then for example

code: select all
255.255.xx.x/24:22:tcp


edit /etc/ipkungfu/ipkungfu.conf

code: select all
block_pings=1
suspect="drop
known_bad="drop"
port_scan="drop"

and run "ipkungfu" check status, if it's running as it should "ipkungfu -c"


if you decided to use ufw (gufw with gui) remember that firewalls are only useful if you block open ports that you are not going to use

for web servers, allow port 80/443 and port 22 for ssh. blocking ping's and scans (from nmap for example) is important because it makes it harder for a hacker to see which versions your services are using and ports that are available.


download fail2ban to prevent bruteforce attacks:

code: select all
apt-get install fail2ban

then

code: select all
nano /etc/fail2ban/jail.conf

to modify settings (how many tries to allow, where to save logs, and what services to protect) run fail2ban

code: select all
/etc/init.d/fail2ban start


download chkrootkit

code: select all
apt-get install chkrootkit

rkhunter

code: select all
apt-get install rkhunter & rkhunter --update & rkhunter -c

lynis

code: select all
apt-get install lynis & lynis -c

and tiger if you deem it necessary

code: select all
apt-get install tiger

these are (intrusion detection systems) ids, remember to run them.


download iptraf to get data and statistics of your network

code: select all
apt-get install iptraf


use ulimit if you want to limit your system's resources. this can protect you against different type of bombs.

code: select all
ulimit -a or like ulimit -u 10 puts max processes to 10


isowall is a firewall that isolates the computer in the network, which should protect your network from lan spread worms.