- Joined
- May 8, 2022
this thread is to discuss or educate users on how to harden their security if they are using linux for their desktop or servers
Linux Cybersecurity Thread - Discussing anything cybersecurity related to running desktop or server Linux/GNU
- Thread starter Osama Bin Laden
- Start date
-
🔧 Site instability resolved. You can report double-posts and broken attachments. For bigger issues, use the Technical Grievances thread.
🇵🇦 Nuestro primer dominio localizado está en español en kiwifarms.pa. Our first localized domain is on Spanish on kiwifarms.pa. -
Want to keep track of this thread?
Accounts can bookmark posts, watch threads for updates, and jump back to where you stopped reading.
Create account
Froggy Fresh Sextape
kiwifarms.net
- Joined
- Jun 17, 2025
Create a user that's not part of the wheel group, use that for most everything and log in to your admin account for admin tasks only.
One of the easiest privilege escalations is to toss a special lil' version of sudo in your home directory and addend $PATH in your .bashrc so it's prioritized over system sudo.
Do that and don't download stupid shit off the internet and you'll be fine, unless for some reason you're being targeted by state actors in which case I'd recommend purchasing a rectal dilator.
One of the easiest privilege escalations is to toss a special lil' version of sudo in your home directory and addend $PATH in your .bashrc so it's prioritized over system sudo.
Do that and don't download stupid shit off the internet and you'll be fine, unless for some reason you're being targeted by state actors in which case I'd recommend purchasing a rectal dilator.
- Joined
- Mar 1, 2021
Both servers and workstations/personal devices:
- Don't download and execute random shit
- Set up a user account and do not action everything under the sun via root when running containers or working from your server shell
- Don't get phished like a nigger, initial access is the most commonly exploited attack technique
- Aka trust but verify
- ClaimAV only gets you so far, you can use it but remember AVs are outdated methods of protection which are reactive, and focus on file hashes which can be changed with ease
- Follow the principle of least privilege
- Encrypt your drives
- Set a delay for login failures via etc/pam.d/system-login (for arch (btw) at least) with something like this for a 6 second delay to help mitigate brute force attacks:
-
Code:
auth optional pam_faildelay.so delay=6000000
-
- Use sudo over su
- Study exactly what you want to do before you throw it at the wall and it fails
- Learn about isolating and sandboxing applications for containment and separation from your core OS
- Back your shit up and use ZFS for your server
- Don't set up public Internet facing accounts or services without some form of decent MFA
- Yubikeys first, 6 digit code matching MFA second
- Do not use SMS MFA
- Use a reverse proxy for your public facing services such as nginx, and do it properly
- Use UFW for a basic layer 4 protection, or something like PFSense for layer 4 protection of your homelab
- Don't open ports without knowing what you're doing and why you need to do it
- Look into a tool such as fail2ban for automated malicious IP blocking