PC security

Discussion in 'Computers' started by ekrem, Oct 3, 2010.

  1. ekrem
    Offline

    ekrem VIP Member

    Joined:
    Aug 9, 2005
    Messages:
    7,243
    Thanks Received:
    370
    Trophy Points:
    83
    Ratings:
    +375
    If you also use Linux, you should try "lynis" package.
    After you installed it, open a terminal as root and type:
    lynis -c

    It runs several tests, and benchmarks the security of your system through sub-tests. Each test you have to confirm with Enter key, so you see what is being tested and how you can fix it.
    It makes also suggestions for you when whole tests are run through, but the valuable info is during the tests. It also logs the tests into /var/logs

    If you run Debian as operating system, type into a terminal as root
    debsecan
    It lists all installed packages through which outsiders could gain root access to your system. If you don't need them, uninstall.

    If you type in a terminal
    checksecurity
    it will list you all programs which are bound to specific UDP/TCP ports, practically those programs keep those ports open, with which a hacker can intrude.


    find / -xdev \( -nouser -o -nogroup \) -print
    lists you all files on your system which are not registered to users or usergroups of that system. Very likely that it has been uploaded to your computer from outside.

    awk -F: '($3 == "0") {print}' /etc/passwd
    lists all users registered in the system, which have total control. The output of above command should only be you.

    ss -l
    Which ports are open to my computer.

    ss -lp | grep XXXXX
    Show which service has opened port XXXXX


    All packages which were used above, are only in KB size and are on-demand. They do not run any service in background.
    More complex tools are for example "tripwire", it indexes your filesystem and shows you who and when did modifications to your essential system files.

    The most complex packages are the "harden" series. There are about 20 packages of them with about 30 MB to install.
    It is also referenced in the Debian Online documentation:
    Securing Debian Manual - Automatic hardening of Debian systems
    But, you probably don't need this, if you are not running a Web-Server.
    It's bloated for home-PC use.

    Together with an IPtables firewall and a physical router, where you can physically close ports this should be enough for casual home-PC security.
    More complex it will become, when you want to run a Server.
    But those people anyway need no tips +tricks.

    As a last: In the directory
    /var/log
    you see everything what's going on with your system.

    If anyone also has some tips+tricks, please share.
     
  2. ekrem
    Offline

    ekrem VIP Member

    Joined:
    Aug 9, 2005
    Messages:
    7,243
    Thanks Received:
    370
    Trophy Points:
    83
    Ratings:
    +375
    For passwords this is a good site:
    https://www.grc.com/passwords.htm

    Preferably take the ASCII ones.
    To change the root password of your system, open a terminal and type
    passwd root
     
    Last edited: Oct 3, 2010
  3. ekrem
    Offline

    ekrem VIP Member

    Joined:
    Aug 9, 2005
    Messages:
    7,243
    Thanks Received:
    370
    Trophy Points:
    83
    Ratings:
    +375
    If you do homebanking, install
    VirtualBox
    http://VirtualBox

    There are many guides in the internet how to install it on your specific operateing system. It simply is a tool to launch an operating system within your existing Operating System. For example you can have Windows and Linux operating side-by-side, simultaneous.

    Install your operating system into VirtualBox, and install your Homebanking Software.
    Immediately after this, you make a Snapshot (built-in Backup of VirtualBox) of this newly installed operating System.
    Now you do your normal Homebanking.
    After you're finished with Homebanking, you revert the Snapshot.

    Next time you do your Homebanking, you have a clean and fresh Operating System with no virus and such things.
     
  4. ekrem
    Offline

    ekrem VIP Member

    Joined:
    Aug 9, 2005
    Messages:
    7,243
    Thanks Received:
    370
    Trophy Points:
    83
    Ratings:
    +375
    Speeding up Linux
    (some tips I have collected from Debian and Pardus forums)

    Only do, if you have more then 3 GB RAM

    Open /etc/sysctl.conf
    add (if it doesn't exist) or edit (if it exists) this line.
    What does it do?
    It tells your system, that it should not use SWAP-Space on your hard-drive. Everything is kept within your physical RAM. So no swapping to harddrive, which is slower then your physical RAM. Also unneeded harddrive operations are eliminated.


    Open /etc/fstab
    At the end, add this line.
    Your tmp folder will be mounted into RAM with 128MB. This is the place where your system writes temporary data of your session. When you reboot your system, your Linux always deletes that /tmp folder, no matter if it is mounted as hard-drive point or in your RAM.
    It speeds things up, and unnecessary write and read operations to hard-drive are eliminated.

    If you want, you can also mount your Webbrowser-Cache folder into RAM the same way.

     
  5. iamwhatiseem
    Offline

    iamwhatiseem Gold Member

    Joined:
    Aug 19, 2010
    Messages:
    14,832
    Thanks Received:
    3,114
    Trophy Points:
    280
    Location:
    Virginia
    Ratings:
    +6,127
    Absolutely.
    Not to mention it increases the life of your HD.
     
  6. ekrem
    Offline

    ekrem VIP Member

    Joined:
    Aug 9, 2005
    Messages:
    7,243
    Thanks Received:
    370
    Trophy Points:
    83
    Ratings:
    +375
    I have now mounted Firefox and Chromium into RAM.
    For Chromium just open '/usr/share/applications/chromium-browser.desktop'.
    Locate the line
    make it
    Now all that graphics and other stuff is written to RAM.
    You have to mount /tmp in RAM in fstab like shown in Post#4.
     

Share This Page