Published By
Created On
15 Jan 2021 00:02:59 UTC
Transaction ID
Cost
Safe for Work
Free
Yes
Remove Avahi From Linux For Better Security
Using Mint in this example, since many newer folks are using it.
The avahi service can be a huge vulnerability and attack surface in Linux. Which almost defeats the purpose of privacy on its own. It can reveal your hostname, what OS and version you are running, CPU whether or not ssh is running or open, plus it adds ports and "auto" (aka zero) confs new devices, services and other stuff. I consider it to be part of the iot pandemic, where security is thrown out the door for "things."
Here is how to kill it.
The avahi service can be a huge vulnerability and attack surface in Linux. Which almost defeats the purpose of privacy on its own. It can reveal your hostname, what OS and version you are running, CPU whether or not ssh is running or open, plus it adds ports and "auto" (aka zero) confs new devices, services and other stuff. I consider it to be part of the iot pandemic, where security is thrown out the door for "things."
Here is how to kill it.
Author
Content Type
Unspecified
video/mp4
Language
English
More from the publisher
10,000,000.00 LBC
Controlling
VIDEO
INSTA
leofricxyz-bsdtor
As requested... How to install and set-up Tor on BSD.
Warning: You must learn about security in the BSD's first. Most especially setting up a firewall (pf recommended). I am using FreeBSD in this example, but it should also work the same on OpenBSD or Dragonfly. Not sure about NetBSD.
Take this as a guide, every installation is different. At the end I installed firefox-esr just to show you where the Tor-socks config data would go.
I might do more videos about hardening BSD in the future, dunno...
Transaction
Created
1 month ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
DEBIA
Debian-Minimal-With-i3-Install
This is how to install a minimal Debian 10.7 system with only i3 window manager and a couple of minimal programs. Yes, I put both dmenu and rofi on the install list, but you can pick one or both.
All you have to do is download the latest Debian net install iso from Debian. In this install I am using a VM, but I use this setup on 2 X230's with the latest kernels and some security tweaks. See my other video about Mint and Debian security upgrades.
Transaction
Created
1 month ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
SECUR
leofricxyz-usbsecurity
This will shutoff USB and bluetooth (if you want) to protect you from USB port attacks, payload attacks, fed-jacking etc. Shuting down bluetooth can eliminate exposure to exploits and proximity surveillance.
Using Debian 10.7 but this should work on any derivative.
Pause it on the code part...
Transaction
Created
1 month ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
LYNIS
leofricxyz-lyniscompare1
I compare the lynis hardening index score of 3 major distros (according to distrowatch) after a pentest audit.
The operating systems are MX Linux, Ubuntu and Manjaro. All are default VM installs with updates and firewalls enabled- no special rules.
Lynis version 3.0.3
I use sudo ./lynis --pentest audit system and then ./lynis audit system
There are many other comparisons to do and different ways to use lynis, but this is a really good baseline comparison. I only decided to do this because I notice that MX is always listed on top on distrowatch by a large number. I don't use any of these desktops/derivatives, I guess each has their own appeal.
Transaction
Created
1 month ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
FULLY
Fully-Remove-Firefox-From-Debian-and-Mint
These are the commands to fully remove Firefox and other Mozilla stuff from your system. Some people don't like the polymorphic telemetry.
Your system may or may not have firefox-locale-en, but it is often time installed without your choosing in some Debian derivatives.
Mozilla constantly adds new types of telemetry into Firefox and it is too hard to keep up with. Most users have never opened about:config. But after they do, they realize it is a hodgepodge of intentional confusion designed to keep the average user from having privacy.
As a replacement you can install a GNU Browser, Surf, Brave (its getting worse) or Iceweasel.
I left the .mozilla folder in ~ out of this example because many people have configs with stored passwords etc.
Transaction
Created
1 month ago
Content Type
Language
video/m4v
English
Controlling
HARDC
windowsvmdebloat
No description available
Transaction
Created
1 month ago
Content Type
Language
text/markdown
English
Controlling
VIDEO
INSTA
socialjusticearchlinux
I like Arch. I really can't stand many of the Arch spinoffs. I also really don't like arch variants like "Reborn OS." Whats the point? I don't get it.
Transaction
Created
1 month ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
SECUR
leofricxyz-opensuse
Install OpenSuse Tumbleweed in GuhNohme Boxes. Select the most minimal desktop which is IceWM. Then install lynis i3 and st term.
A good thing is the default install is pretty secure. I run Lynis against the default install with IceWM and get a 92 score, which is pretty good.
Using OpenSuse Net Tumbleweed snapshot.
Transaction
Created
1 month ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
INSTA
leofricxyz-debiandwm
I am using a barebones debian net install with only ufw in place. Check out my other video on minimal debian and i3 for a full install.
To install DWM the suckless.org winder managerial:
Here am are what I showing you:
1. wget the tarred files from suckless
2. tar xf them
2.5 Install debian specific dependenicies
3. make clean installate
4. create .xinitrc and the few lines that need to go into it to start dwm
5. startx
Its fairly simple and quick. Pause or speed up as you need.
Transaction
Created
1 month ago
Content Type
Language
video/mp4
English