This is really helpful! I'll go check these! Thanks a lot!
On 07/24/2015 04:30 PM, [email protected] wrote:
> +1 to grsecurity patch, this website has good tips
> http://hardenubuntu.com/
>
> Trisquel also comes with lots of default apparmor profiles you can
> enforce.
>
> use a file integrity program like tripwire or AIDE, to check when
> files have been changed. Use a program like logwatch to check some
> important logs. Set up mail to email all these reports to root. I
> use Dragonfly mail agent so nothing listens on ports.
> https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps
>
> disable services especially those you don't need. Disable all
> services listening on ports especially. as root type lsof -i.
> disable them all. use a static connection not dhcp.
>
> Use some tools to monitor your network in real time. I like etherape
> cause its graphical. there is also iftop, iptraf-ng, nethogs,
> ntop. Netatop is actually great plugin for atop, because it will even
> show shortlived processes, but you need to compile kernel for it.
>
> But I hate to break it to you, Real security experts will tell you
> its not about stopping them from getting in anymore, Its about how
> fast you can detect the intrusion and minimize the damage. Even the
> head of IAD for he NSA will tell you the same thing. Assume you are
> already hacked. The main thing is checking your logs, and trying to
> figure out what and when. Because if you are very active on your
> pc, it really doesn't matter who you are you can't stop it. But what
> you can do is limit it.
>
>