Things you do to help secure your OS?

Things you do to help secure your OS? - Security & Cryptography

Users browsing this thread: 4 Guest(s)

	sagittarius Offline \| 07-02-2016, 06:13 AM \| #8

One tool I use to harden my server and workstations: https://github.com/CISOfy/lynis. This may seems a bit overkill but it gives you a great overview of your host's security.

I'm also using a VPN, but hosted on my personnal server. I use it when I'm not home to access my personnal file and especially encrypt communications. I have a firewall on my laptop because my fellow students can feel like "r34|_ |-|4<|<3Rz" and aim you with silly scripts.

I must say that, even if it is not pure technical security, using a custom minimal window manager is very disruptive for other people. Each time I let people use my computer, I don't have to wait a minute before they need some help. I've seen people trying to open a shell for minutes. Who said security through customization ? That only protects you for few seconds/minutes, but it is an interesting behaviour to observe :) (also applies for different keyboard layouts)

I tend to remove any service I don't need and install only what is necessery. It's easier to install a minimal Linux so you don't have to remove tons of prepackaged crap. I disable ssh root login as well, change the ssh listening port, set up a fail2ban and use public key authentication. I check strange behaviours thanks to logwatch and run rkhunter and clamav regularly.

I use docker when I need to deploy a service (webserver, ftp server or so) on the university network. Not only because it's cool, but also because exposing containers protects my host a bit more than exposing a rotten service (I've seen mates using very weak ftp servers from which you can get root shells in a minute).

Other common security tips are: install security updates and use strong passwords (ideally set an enforced password policy). May seems stupid but you know, humans are lazy.

I used apparmor for a bit. Haven't reinstalled it on my new setup (humans... lazy... you know).

I forgot plenty of things but this is my first shot.

PS: A friend of mine told me he wanted to use this (https://firejail.wordpress.com/) to run google chrome. Haven't tried it yet but it is promising.

Messages In This Thread

Things you do to help secure your OS? - by October - 24-09-2015, 04:21 PM

RE: Things you do to help secure your OS? - by M32 - 24-09-2015, 07:46 PM

RE: Things you do to help secure your OS? - by venam - 25-09-2015, 01:27 AM

RE: Things you do to help secure your OS? - by October - 25-09-2015, 09:44 PM

RE: Things you do to help secure your OS? - by M32 - 25-09-2015, 10:03 PM

RE: Things you do to help secure your OS? - by dtnt - 26-09-2015, 06:30 PM

RE: Things you do to help secure your OS? - by xzyL - 06-02-2016, 07:13 PM

RE: Things you do to help secure your OS? - by sagittarius - 07-02-2016, 06:13 AM

RE: Things you do to help secure your OS? - by Loki123 - 01-03-2016, 04:48 PM

RE: Things you do to help secure your OS? - by xero - 01-03-2016, 05:21 PM

RE: Things you do to help secure your OS? - by rain1 - 19-04-2016, 09:33 AM

View a Printable Version