security [debian,raspberrypi]

***i am not a advanced linux user or security expert – maybe this is just stupid!!***

also have a look at:


search engines:

browser addons:

anonym browsing:

secure passwords:

remove personal data from files (for example pdf or ods):
sudo apt install mat #metadata anonymisation toolkit

fix dirty cow on raspberrypi:
sudo apt update && sudo apt install raspberrypi-kernel

some good notes:

einstellungen->privatsphäre->verwendung und chonik->AUS

change ssh port and disable root login:
sudo nano /etc/ssh/sshd_config

Port 1234
PermitRootLogin no

restart ssh:
sudo /etc/init.d/ssh restart

zeigeist installed?:
have a look at the logs:
sudo apt-get install -y zeitgeist-explorer
remove the logs:
rm ~/.local/share/recently-used.xbel
rm -rf ~/.local/share/zeitgeist

disable activity logs:
sudo apt-get install gnome-activity-journal
sudo apt-get install activity-log-manager

delete files the safe way (overwrite them 3 times, then delete them):
shred -n 3 -z -u -v /path/to/file

check the logs:
nano ~/.bash_history
sudo nano /root/.bash_history
nano /var/log/apt/history.log #great history what installed or removed..
sudo nano /var/log/apt/term.log #every output from every installation in terminal
sudo nano /var/log/auth.log #who logged into session /also every sudo is a login..
sudo nano /var/log/kern.log connect to what wlan / connect what usb devices (phone, android)
sudo nano /var/log/user.log #graphic card,programs..

check old log for sudo things:
chmod +x
sudo ./

record every terminal thing:
sudo apt-get install snoopy

watch terminal log from snoopy:
sudo nano /var/log/auth.log #shows all entrys
sudo tail /var/log/auth.log #shows the last 10 entrys

check for rootkits with chkrootkit:
install from the repository:
sudo apt-get install chkrootkit
run it from terminal with:
sudo chkrootkit

or get the latest version:
tar -xzvf chkrootkit.tar.gz
rm chkrootkit.tar.gz
sudo ~/chkrootkit-0.50/chkrootkit

check for rootkits with rkhunter:
sudo apt-get install rkhunter -y
sudo rkhunter -c #check local system, output,log will be in /var/email/ ?!?
sudo rkhunter -c #log in /var/log/rkhunter.log
sudo rkhunter -c --rwo #only warnings
sudo rkhunter --debug --enable apps #no output,log in /tmp/rkhunter-debug

enable security updates once a day in raspbian:
based on:
install unattended-upgrades:
sudo apt-get install unattended-upgrades
change the config file like you want it:
example at:
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
add after // “o=Raspbian,a=stable”;

//      "o=Raspbian,a=stable";
//      "origin=Raspbian,archive=stable,label=Raspbian-Security";
//      "origin=Raspbian,archive=stable,label=Raspbian";
//      "origin=Raspbian,archive=${distro_codename},label=Raspbian-Security";
//normally the line above was the right one i think.
//the line below uses all updates, but i used it for testing.

create 10periodic with content:
sudo nano /etc/apt/apt.conf.d/10periodic

// Do "apt-get update" automatically every n-days (0=disable)
APT::Periodic::Update-Package-Lists "1";

// Do "apt-get upgrade --download-only" every n-days (0=disable)
APT::Periodic::Download-Upgradeable-Packages "1";

// Do "apt-get autoclean" every n-days (0=disable)
APT::Periodic::AutocleanInterval "7";

// Run the "unattended-upgrade" security upgrade script
// every n-days (0=disabled)
// Requires the package "unattended-upgrades" and will write
// a log in /var/log/unattended-upgrades
APT::Periodic::Unattended-Upgrade "1";

test run for security upgrades:
sudo unattended-upgrades --dry-run

it will be run every day at 6:25 you can change the daily cron in:
/etc/crontab if you like to run it at another time

check logs:
tail -n 4 /var/log/unattended-upgrades/unattended-upgrades.log
nano /var/log/unattended-upgrades/unattended-upgrades.log

enable security updates and do a cronjob once a day in ubuntu:
based on:
copy the sourcelist:
sudo cp /etc/apt/sources.list /etc/apt/security.sources.list
edit the security source list:
sudo nano /etc/apt/security.sources.list
and put a # infront of every line that has no security in it
do a testrun:
sudo apt update && sudo apt-get upgrade -o Dir::Etc::SourceList=/etc/apt/security.sources.list

alternative to enable security updates and do a cronjob with update upgrade once a day:
nano /etc/apt/sources.list #uncomment all lines

then run in terminal:
echo "deb jessie/updates main contrib non-free" >> /etc/apt/sources.list
echo "deb-src jessie/updates main contrib non-free" >> /etc/apt/sources.list

add to crontab:
crontab -e

clean all logs:
sudo rm -r /var/log/*

install mutt and read the security mails:
sudo apt-get install mutt # email with gnupg, start it with:mutt

install watchdog: #looks good

install tripwire:

server security:

install cron-apt for automatic updates:
sudo apt-get install cron-apt

install wireshark (check traffic in network):
sudo apt-get install wireshark

to run it:
sudo wireshark

example to check traffic for a special ip in wireshark:
ip.addr ==

install etherape to check pc connections/traffic (like wireshark but lot easier cause more graphical):
sudo apt-get install etherape

install tcpdump (watch tcp “traffic”):
based on:
sudo apt-get install tcpdump

usage tcpdump:
sudo tcpdump -i any

ping a website on another terminal for example.

clean up users:
list all users:
cut -d: -f1 /etc/passwd

rm not used users:
sudo userdel username

get user numbers:
cat /etc/passwd #all users with an id over 1000 were created manually, do not touch users with a number less than 1000

analyse illegal ssh logins:

list open ports:
sudo netstat -lntup #will print the list with open ports
sudo netstat -atp | grep -i "listen" #will give a reverse DNS lookup
netstat -aptn | grep :n #to check what program is using port n

install logwatch:
sudo apt install logwatch
more infos:

install linux socket monitor:
to have a look at the sockets simply type in terminal:
for linux socket monitor:

other hints:

iftop iptraf:
sudo apt-get install iftop iptraf
example usage:
sudo iptraf
sudo iftop -i wlan0

where are my network passwords saved? [debian / ubuntu]
cd /etc/NetworkManager/system-connections && ls

debug your programs: #needs to be compiled opensource /for 32/64bit prgms Evan’s Debugger inspired by ollydbg

pentesting online:

other tools: #advanced intrusions detection enviorment


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s