Secure Linux

Secure Linux

This article covers basic security and settings I do with every Linux installation.

Check for Drovorub Malware

touch testfile
echo “ASDFZXCV:hf:testfile” > /dev/zero

If the testfile disappears… you are infected

Check for unsigned kernel modules

for mod in $(lsmod | tail -n +2 | cut -d' ' -f1); do modinfo ${mod} | grep -q "signature" || echo "no signature for module: ${mod}" ; done

If you see vbox or nvidia modules, these are for VirtualBox and NVidia Drivers respectively

Secure Boot

Secure Boot forces checks for kernel module signatures and is good not only for blocking Drovorub-style malware, but also prevents Evil Maid attacks as well. However, it can be complex and also make using bootable USB drives difficult. Note: UEFI Boot Required… No Legacy/CSM.

Easy Way to Install

sudo mokutil --enable-validation # Remember the password!
sudo mokutil --sb-state # Checks if Secure Boot is enabled

*Note: I used the enable validation on Debian based systems and it worked right out of the box

Hard Way to Install

Hard way involves signing packages that aren’t stock which you might need on your system or if you dual boot. Check out the following guide from the ArchWiki: https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface/Secure_Boot

Security Settings for All Linux Installs

I created a github script to make this easier but I wanted to break down what this script does. Secure-Linux Project https://github.com/ChrisTitusTech/secure-linux/blob/master/secure.sh

Before running this script install ufw and fail2ban packages

This script is broken into 3 parts: ufw, sysctl.conf modifications, and fail2ban. Ufw stands for Uncomplicated Firewall and is fantastic for adding to every install. This script opens http and https, while limiting SSH to only a couple connections per second. The sysctl modifications helps harden your system by preventing spoofing and man in the middle attacks. Fail2ban is the final piece and possibly my favorite. This package see any traffic that is failing authentication attempts repeatedly or is malicious in nature (DDoS) and records the IP then blocks it for a period of time.

Other things I’d recommend not mentioned… SELinux! Look it up because it is amazing. You can also use this on debian if you’d like, but a smaller package called AppArmor is generally used on those types of distributions.

Conclusion

This is not a all inclusive guide on securing your Linux system, but it is a good starting point that I do on pretty much every computer. I highly recommend you take these instructions and expand them to suit your needs.