Secure Linux

In this article guide, I tried to show basic security and settings I do with every Linux installation.

Check for Drovorub Malware

 

Bash

$ touch testfile
$ echo “ASDFZXCV:hf:testfile” > /dev/zero

If the testfile disappears… you are infected

 

Check for unsigned kernel modules

Bash

$ for mod in $(lsmod | tail -n +2 | cut -d' ' -f1); do modinfo ${mod} | grep -q "signature" || echo "no signature for module: ${mod}" ; done

If you see vbox or nvidia modules, these are for VirtualBox and NVidia Drivers respectively

 

Secure Boot

Secure Boot forces checks for kernel module signatures and is good not only for blocking Drovorub-style malware, but also prevents Evil Maid attacks as well. However, it can be complex and also make using bootable USB drives difficult. Note: UEFI Boot Required… No Legacy/CSM.

Way to Install

$ sudo mokutil --enable-validation # Remember the password! $ sudo mokutil --sb-state # Checks if Secure Boot is enabled

Note: I used the enable validation on Debian based systems and it worked right out of the box.


Reference: https://christitus.com/secure-linux/