Encrypted Partitions
wiki.archlinux.org
debian-administration.org
SE Linux
wiki.archlinux.org
wiki.debian.org
Firewall Setup
wiki.archlinux.org
wiki.debian.org
Virus Scanning
wiki.archlinux.org
wiki.debian.org
Rootkit Detection
howtoforge.com
Random Password Generation
commandlinefu.com
Various other security applications
wiki.archlinux.org
What are are you doing to protect yourself, user? Don't get caught with your pantsu down.
Other urls found in this thread:
wiki.gentoo.org
wiki.gentoo.org
grsecurity.net
en.m.wikibooks.org
grsecurity.net
privacytools.io
prism-break.org
addons.mozilla.org
addons.mozilla.org
addons.mozilla.org
addons.mozilla.org
addons.mozilla.org
keepassx.org
addons.mozilla.org
addons.mozilla.org
grsecurity.net
en.m.wikibooks.org
blog.codinghorror.com
twitter.com
Who veracrypt
Now is the time for tinfoil autism. Secure your computers, router, modem, cellphone, videogame console, TV, printer, car, hvac, lights, doorlocks. They will be used against us and you.
bump
/fucko/ in the title please
Anyone else notice a bug in recent cryptsetup that doesn't let you create a detached header file?
Anyone rocking a grsec kernel?
>Anyone else notice a bug in recent cryptsetup that doesn't let you create a detached header file?
I don't have detached headers on my partitions. Do you keep them on USB flash? What version of cryptsetup are you using?
The newest in arch repos. Im trying to setup a blind system that only boots from a USB key, and contains just seemingly random data otherwise, so naturally the luks header has to be detached. I think it's a recent regression. But maybe it's my syntax, I was throwing a few dozen parameters at it
lmao
encrypt this dick
>no grsec section
post it faggot, what are you scared of?
Go away with your shitty links
Here have some real ;
wiki.gentoo.org
wiki.gentoo.org
grsecurity.net
en.m.wikibooks.org
>Linux """"""""""Hardening""""""""""
So a shitty version of OpenBSD?
Quick tip: install firejail, and use it to sandbox your default media programs. PDF readers, image viewers, music and video players especially should all be sandboxed. Usually adding firejail to each program's desktop file under /use/share/applications should do the trick. They should have --seccomp and --net=none to block network access. The more paranoid can have complicated setups where the only thing on the disk they can access is the PDF you just clicked.
On a related note, anyone have a good way of sandboxing the default gnome/Nautilus thumbnailers? I can't even find which binary is producing them. They have known attack vectors and I'd rather patch em.
>OpenBSD
So a shitty version of FreeBSD?
>FreeBSD
>literally OpenBSD with old packages and less security features turned on in the kernel
Openbsd is only """""""""""""""""""""""'secure"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" when you stay in their limited software repo,once you branch out of that, its hands up and the same as any other distro
BSD wannabes GET OUT! REEEEEEEE
the hipsters have arrived
Oh I forgot the actual papers good read if you just starting out ;
Also donate to grsecurity
>limited software repo
It's like you never wrote your own software using OpenBSD's style guide to make sure it's secure.
*cucked*
>donate to grsecurity
>literal autists that rageban people when they point out bugs in their shitty software
put some red boxes in there
i am not reading all of this trash
give me a comprehensive list of os's/distros safer than openbsd
Why not write your own kernel then?
why don't you build your own house or design your own car
Ah, nice fallacy.
+1
>the x86 designers collapsed the read and execute memory flags into one in order to save space. Since a page can either be writable or readable and executable it is not useful to set buffers as non-executable since they would no longer be readable. So on x86 PaX emulates this behavior at a software level, which introduces overhead but is very helpful for system security.
why you do this x86 designers, space is so cheap in 2016
nice argument, nice reply with literally 0 content
what a great platform for discussion Sup Forums is, really attracts the smartest people
>space is so cheap in 2016
>meanwhile Intlel's processors are actually getting slower because they're dedicating more of that precious space to vidya hardware
new thread
>encrypted partition
Enjoy losing all your data from random bit flip
>selinux
Enjoy spending hours creating a profile for graphical applications
>>encrypted partition
>Enjoy losing all your data from random bit flip
That's why you have multiple HDD
This has never happened to me. The only data that would be sensitive to a single bit flip would perhaps be the encrypted master key. But of course, you backed up your encryption headers, right?
You expect a response to your fallacy?
+1
There ya go kiddo.
"i am so correct that i don't even need to argue. i can just say words and win because i am better."
it's a rough life once you're out of high school, kid
+1
+1
...
Hardening doesn't do shit if you're logged in and get a drive by media attack thanks to the absolute shit security of Linux (((desktop))).
Good luck faggots.
>drive by media
Thank you Sup Forums. Fortunately some of us don't install Gstreamer bad plugins or Adobe software.
how do I encrypt and dual boot
This look like a good thread to have around. Contribooting.
Privacy Tools - Encryption against global mass surveillance: privacytools.io
PRISM Break - Opt out of global data surveillance programs like PRISM, XKeyscore, and Tempora: prism-break.org
I suggest to use either Firefox-esr or Icecat, then here are addons and the reasons to use it:
For (Cross-)Site Request, Anti-XSS, Trackers, Referer, User-Agent, Cookies: uMatrix (addons.mozilla.org
Content Delivery Blocker: Decentraleyes (addons.mozilla.org
Security Settings: Privacy Settings (addons.mozilla.org
SSL (strict HTTPS): HTTPS by default (addons.mozilla.org
URL Deobfuscator: Pure URL (addons.mozilla.org
Plugin And Mimetype Enumeration: Currently nothing available.
Passwords: KeePassX "autocomplete" (keepassx.org
Browsing History Cleaner: Bleachbit.
LSO Cookies: BetterPrivacy (addons.mozilla.org
Log in to many websites with another profile: BugMeNot (addons.mozilla.org
grsecurity vs selinux vs apparmor?
If you're running X you mayaswell give up now.
Depends with grsecurity you have strong mprotect & RBAC if your policy is good even root can't do anything on the system.
encrypt with luks, then lvm, then make your regular partitions if you want windows (which of course, defeats the purpose of encryption if you will give your data over network while in ram)
How do I get good with policies? I am new to this.
bump
Thanks.
Apparently grsecurity has much I could use, but some reviews on the internet say is good for beginners.
I wish there where an up to date MAC that uses inodes instead of SELinux labels thou.
>But of course, you backed up your encryption headers, right?
No... How to senpai?
Yea i don't like SELinux because it's way to complicated to setup a full strict policy, most distros have only enforced so only few applications are confined
>car, hvac, lights, doorlocks.
Not securing your pens, pencils, crayons, markers...
