security [debian,raspberrypi]

***i am not a advanced linux user or security expert – maybe this is just stupid!!***

also have a look at:
https://fredfire1.wordpress.com/2014/01/17/security-windows/

shopping:
http://wiki.piratenpartei.de/HowTo_Anonym_Real_Life

search engines:
http://wiki.piratenpartei.de/wiki/index.php?title=HowTo_Anonym_Suchen

browser addons:
http://wiki.piratenpartei.de/HowTo_Anonym_Browser_Tools

anonym browsing:
http://wiki.piratenpartei.de/HowTo_Anonym_Browsen

secure passwords:
http://random-ize.com/how-long-to-hack-pass/

remove personal data from files (for example pdf or ods):
sudo apt install mat #metadata anonymisation toolkit

fix dirty cow on raspberrypi:
sudo apt update && sudo apt install raspberrypi-kernel

some good notes:
http://debiananwenderhandbuch.de/sicherheit.html

einstellungen->privatsphäre->verwendung und chonik->AUS

change ssh port and disable root login:
sudo nano /etc/ssh/sshd_config

Port 1234
PermitRootLogin no

restart ssh:
sudo /etc/init.d/ssh restart

zeigeist installed?:
have a look at the logs:
sudo apt-get install -y zeitgeist-explorer
remove the logs:
rm ~/.local/share/recently-used.xbel
rm -rf ~/.local/share/zeitgeist

disable activity logs:
sudo apt-get install gnome-activity-journal
sudo apt-get install activity-log-manager

delete files the safe way (overwrite them 3 times, then delete them):
shred -n 3 -z -u -v /path/to/file

check the logs:
nano ~/.bash_history
sudo nano /root/.bash_history
nano /var/log/apt/history.log #great history what installed or removed..
sudo nano /var/log/apt/term.log #every output from every installation in terminal
sudo nano /var/log/auth.log #who logged into session /also every sudo is a login..
sudo nano /var/log/kern.log #devices..eg: connect to what wlan / connect what usb devices (phone, android)
sudo nano /var/log/user.log #graphic card,programs..

check old log for sudo things:
wget https://gist.github.com/cballou/8008588/raw/0b201193d4f0e1ea8c58103f75431cde65d83acb/medusa.sh
chmod +x medusa.sh
sudo ./medusa.sh

record every terminal thing:
sudo apt-get install snoopy

watch terminal log from snoopy:
sudo nano /var/log/auth.log #shows all entrys
sudo tail /var/log/auth.log #shows the last 10 entrys

check for rootkits with chkrootkit:
install from the repository:
sudo apt-get install chkrootkit
run it from terminal with:
sudo chkrootkit

or get the latest version:
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar -xzvf chkrootkit.tar.gz
rm chkrootkit.tar.gz
sudo ~/chkrootkit-0.50/chkrootkit

check for rootkits with rkhunter:
sudo apt-get install rkhunter -y
sudo rkhunter -c #check local system, output,log will be in /var/email/ ?!?
sudo rkhunter -c #log in /var/log/rkhunter.log
sudo rkhunter -c --rwo #only warnings
sudo rkhunter --debug --enable apps #no output,log in /tmp/rkhunter-debug

http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/README

enable security updates once a day in raspbian:
based on:
http://blog.wenzlaff.de/?p=2135
install unattended-upgrades:
sudo apt-get install unattended-upgrades
change the config file like you want it:
example at:
https://github.com/mvo5/unattended-upgrades/blob/master/data/50unattended-upgrades.Raspbian
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
add after // “o=Raspbian,a=stable”;

//      "o=Raspbian,a=stable";
//      "origin=Raspbian,archive=stable,label=Raspbian-Security";
//      "origin=Raspbian,archive=stable,label=Raspbian";
//      "origin=Raspbian,archive=${distro_codename},label=Raspbian-Security";
//normally the line above was the right one i think.
//the line below uses all updates, but i used it for testing.
      "origin=Raspbian,archive=${distro_codename},label=Raspbian";

create 10periodic with content:
sudo nano /etc/apt/apt.conf.d/10periodic

// Do "apt-get update" automatically every n-days (0=disable)
APT::Periodic::Update-Package-Lists "1";

// Do "apt-get upgrade --download-only" every n-days (0=disable)
APT::Periodic::Download-Upgradeable-Packages "1";

// Do "apt-get autoclean" every n-days (0=disable)
APT::Periodic::AutocleanInterval "7";

// Run the "unattended-upgrade" security upgrade script
// every n-days (0=disabled)
// Requires the package "unattended-upgrades" and will write
// a log in /var/log/unattended-upgrades
APT::Periodic::Unattended-Upgrade "1";

test run for security upgrades:
sudo unattended-upgrades --dry-run

it will be run every day at 6:25 you can change the daily cron in:
/etc/crontab if you like to run it at another time

check logs:
tail -n 4 /var/log/unattended-upgrades/unattended-upgrades.log
or:
nano /var/log/unattended-upgrades/unattended-upgrades.log

enable security updates and do a cronjob once a day in ubuntu:
based on:
https://freedompenguin.com/articles/quick-tips/ubuntu-server-security-updates/
copy the sourcelist:
sudo cp /etc/apt/sources.list /etc/apt/security.sources.list
edit the security source list:
sudo nano /etc/apt/security.sources.list
and put a # infront of every line that has no security in it
do a testrun:
sudo apt update && sudo apt-get upgrade -o Dir::Etc::SourceList=/etc/apt/security.sources.list

alternative to enable security updates and do a cronjob with update upgrade once a day:
su
nano /etc/apt/sources.list #uncomment all lines

then run in terminal:
su
echo "deb http://security.debian.org/ jessie/updates main contrib non-free" >> /etc/apt/sources.list
echo "deb-src http://security.debian.org/ jessie/updates main contrib non-free" >> /etc/apt/sources.list

add to crontab:
crontab -e
..

clean all logs:
sudo rm -r /var/log/*

install mutt and read the security mails:
sudo apt-get install mutt # email with gnupg, start it with:mutt

install watchdog: #looks good
https://github.com/gorakhargosh/watchdog
http://blog.philippklaus.de/2011/08/use-the-python-module-watchdog-to-monitor-directories-for-changes

install tripwire:
https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps

server security:
http://www.luis.uni-hannover.de/its_serv.html

install cron-apt for automatic updates:
sudo apt-get install cron-apt

install wireshark (check traffic in network):
sudo apt-get install wireshark

to run it:
sudo wireshark

example to check traffic for a special ip in wireshark:
ip.addr == 192.168.1.100

install etherape to check pc connections/traffic (like wireshark but lot easier cause more graphical):
sudo apt-get install etherape

install tcpdump (watch tcp “traffic”):
based on:
http://blog.philippklaus.de/2010/06/how-to-use-tcpdump/
sudo apt-get install tcpdump

usage tcpdump:
sudo tcpdump -i any

ping a website on another terminal for example.

clean up users:
list all users:
cut -d: -f1 /etc/passwd

rm not used users:
sudo userdel username

get user numbers:
cat /etc/passwd #all users with an id over 1000 were created manually, do not touch users with a number less than 1000

analyse illegal ssh logins:
http://blog.philippklaus.de/2010/02/analyse-illegal-ssh-login-attempts/

list open ports:
sudo netstat -lntup #will print the list with open ports
sudo netstat -atp | grep -i "listen" #will give a reverse DNS lookup
netstat -aptn | grep :n #to check what program is using port n

install logwatch:
sudo apt install logwatch
more infos:
https://www.digitalocean.com/community/tutorials/how-to-install-and-use-logwatch-log-analyzer-and-reporter-on-a-vps

install linux socket monitor:
to have a look at the sockets simply type in terminal:
ss
for linux socket monitor:
https://www.digitalocean.com/community/tutorials/how-to-install-linux-socket-monitor-lsm-on-centos-6-4

other hints:
https://wiki.archlinux.de/title/Sicherheit
http://www.linuxveda.com/2015/06/03/secure-linux-server/
https://www.freebsd.org/de/ports/security.html
http://resources.infosecinstitute.com/pentesting-distributions-and-installer-kits-for-your-raspberry-pi/
http://www.serverhardening.com/

iftop iptraf:
sudo apt-get install iftop iptraf
example usage:
sudo iptraf
sudo iftop -i wlan0

where are my network passwords saved? [debian / ubuntu]
cd /etc/NetworkManager/system-connections && ls

debug your programs:
https://github.com/eteran/edb-debugger #needs to be compiled opensource /for 32/64bit prgms Evan’s Debugger inspired by ollydbg

pentesting online:
https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap#ports_range

other tools:
https://n0where.net/reverse-engineering/
https://n0where.net/best-digital-forensics-tools/

https://linuxundich.de/gnu-linux/uebersichten-ueber-linux-performance-tools/
http://aide.sourceforge.net/ #advanced intrusions detection enviorment

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s