This is really helpful! I'll go check these! Thanks a lot!

On 07/24/2015 04:30 PM, [email protected] wrote:
> +1 to grsecurity patch,  this website has good tips
> http://hardenubuntu.com/
>
> Trisquel also comes with lots of default apparmor profiles you can
> enforce.
>
> use a file integrity program like tripwire or AIDE,  to check when
> files have been changed.  Use a program like logwatch to check some
> important logs.  Set up mail to email all these reports to root.    I
> use Dragonfly mail agent so nothing listens on ports.    
> https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps
>
> disable services especially those you don't need.   Disable all
> services listening on ports especially.  as root type lsof -i.   
> disable them all.  use a static connection not dhcp.
>
> Use some tools to monitor your network in real time.  I like etherape
> cause its graphical.  there is also iftop,  iptraf-ng,  nethogs,
> ntop.  Netatop is actually great plugin for atop, because it will even
> show shortlived processes,  but you need to compile kernel for it.
>
> But I hate to break it to you,  Real security experts will tell you
> its not about stopping them from getting in anymore,  Its about how
> fast you can detect the intrusion and minimize the damage.  Even the
> head of IAD for he NSA will tell you the same thing.  Assume you are
> already hacked.   The main thing is checking your logs, and trying to
> figure out what and when.   Because if you are very active on your
> pc,  it really doesn't matter who you are you can't stop it.  But what
> you can do is limit it.
>
>

Reply via email to