Welcome to our New Forums!

Our forums have been upgraded and expanded!

Welcome to Our New Forums

  • Our forums have been upgraded! You can read about this HERE

CyberSecurity On Linux – Advanced Information

Joined
Oct 27, 2021
Messages
886
Part of a larger project of mine is finished (hopefully finally). In this post you will find some longer information on how to achieve a certain level of security in the online space. We cannot be completely safe because of enemy-controlled facilities and their parasitism in the online space.

If you follow these, you can achieve an "above average" level of security. Remember there is never 100% security, it would require someone not using the internet, computers etc. I hope I have been able to help you with this.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Cyber Security is important in many ways, especially for an SS. As safe as you are spiritually, you need to be safe online.

I won't go into why Cyber Security is important. Spiritual warfare, browsing forums, and the list goes on. All of these require programs and systems on which you can perform these core tasks, and all with adequate security.

About Linux in brief - Linux is a completely open source operating system, with many default security settings. These settings vary from Linux distribution to Linux distribution, but all systems have "default" security settings.

On Linux (unlike Windows), programs do not run with administrator privileges. On Windows everything runs with this privilege, which is not at all secure from a Cyber Security point of view. Lots of updates, data sending, viruses - all serious problems.

On Linux, if you happen to come across a virus and it downloads in the background, it doesn't run on the system. You have to boot to it, since it don't have administrator privileges, so it doesn't bother you in almost any way. This is not the case on Windows, which is why most viruses are on Windows systems.

Linux has many versions, so anyone who wants to switch has a huge choice.

Linux beginners can start with Ubuntu or even Linux Mint. These systems include word processors by default, just a more secure version of them. LibreOffice, LibreOffice Writer, Draw, etc. There are also numerous security updates, and security improves with each update.

There are also many updates on Linux, but these are mostly Kernel and security updates.

When installing Linux, the first step when you are at the installer is to select "Encrypt entire disk" and "Encrypt my folders". This is the first security step. In the following sections we will talk about the Terminal, so pay close attention to every detail.

Choose a strong password and a security key to access the system. You will need to enter two passwords after each boot - the security key and the user password. Also write down the security key on a piece of paper so that you don't lose it.

Everything will be explained and justified.

The first thing you need to do in your newly installed system is to open Terminal. (this is a panel window where you can type commands. You will do pretty much everything through the Terminal - downloading, installing, unpacking programs, etc).

You need to give yourself root privileges with the following command - "sudo -i". Enter the password of your computer here and you are root.

Type the following command to find the interface name using the following command - "ifconfig". The very first name it gives you is the name you should use. On Kali Linux, the interface name is eth0, but on other systems it's enp0s10, en1ps03, etc. Find this and select it. Next to it will be listed BROADCAST, MULTICAST, so you can easily find it.

I'll use Kali Linux commands in the following sections, but always use your own or it won't work. So always type your own interface name, for example en1p0s3, etc.

The first command is to disconnect from the Internet (only for a while, of course, and only on the computer) - on Kali Linux this is "ifconfig eth0 down". On your system, this should look like this if you're not using Kali - "ifconfig enp1s01 down", "ifconfig en1ps03 down", or whatever the Terminal says on the network.

This will disconnect you from the internet and you can continue. This is necessary so that when you reset the network, it will be with the new settings.

MAC address - A mac address is an abbreviation for the physical location of your computer and makes it easier to determine where you are. If they also know your IP address, that's even worse. This is not good and we will change it. "ifconfig eth0 hw ether de:ed:fe:ef:f0:0e" (Always use your own netname, e.g. enp1s023, etc.) This will change the MAC address.

You can also use the "macchanger" command to change the Mac address, but this must be downloaded. "sudo apt install macchanger -y", or if you are root, "apt-get install macchanger -y". (The "-y" means yes, you need to go further in the installer to download the program.)

When you're done, "macchanger -r eth0" (the "r" is short for Random Mac Address) and it will print out your current MAC address, then the new one. You can also change the MAC Address vendor by typing - macchanger -a eth0 (remember, always replace "eth0" with your own, such as en1ps03, or whatever Terminal says. So, what we have done so far on the completely New, Encrypted system:

sudo -i (for root) - "ifconfig eth0 down", ifconfig eth0 hw ether de:ed:fe:ef:f0:0e / macchanger -r eth0 (both change the MAC address, choose one, but using both together is fine). The next parts will be more complicated commands, but since they are, just copy and paste them into Terminal. These commands all work, regardless of the Linux system.

You can change the 802.11 "nickname" by doing the following. This 802.11 "nickname" means that it sends your Hostname to the AP. So change this so that you don't have a problem with it.

"iwconfig ath0 nickname "It is good"?" is an example, you can type a meaningless "nickname" here.

You can also check what options are available for a particular program, such as macchanger - macchanger -h (the "-h" indicates you're asking for help). Or another - ifconfig -h.

Type the following into Terminal as root - nano /etc/resolv.conf. Then scroll down and change "Nameserver" to the following - nameserver 127.0.0.1.

Next to the commands you will find an explanation of what each command ideally does. These commands are particularly useful in CyberSecurity, so their use is recommended. I should say that these commands (802, SSH, Nickname) come from the Deep Web, but I'll explain why they are useful. If you know anything about IT, you should know what these commands are for, so don't worry. On the other hand, Deep Web users are specifically focused on anonymous Interneting, and often help others to do so.

You should always run these commands in root mode, so "sudo -i" before each command and you're good to go.

Also, change the hostname of your system using "sudo hostnamectl set-hostname linuxconfig", then type "hostname". Here you can see that you have changed it. Also change the short name of your hostname and the "Alias" - hostname -a "Linux", then hostname -s "LX". This changes the "short" name of your Linux system and the "Alias" name.

Ident - in short ident is the TCP identification service. It allows a remote host to determine the local username associated with any TCP connection to that remote host. This is bad in case your computer's username might give away your real name. Be sure to do this with the following.

iptables -A INPUT -p tcp --dport ident -j DROP

That's it, we're ready for the next one.

Next is SSH. This can also be used for fingerprinting. It connects to port 22 of your IP to check if you are using the same machine as another IP you used before, either at your ISP or over a VPN. You need to change this, which you can do with the following commands. There will be 3 commands, all three will prompt you for a name and password, but just press enter. Don't type anything, just type enter. If you do want to do it, type a different username and password for each of the three. But I don't think that's necessary.

ssh-keygen -t rsa -f ssh_host_key.pub

ssh-keygen -t rsa -f ssh_host_rsa_key.pub

ssh-keygen -t dsa -f ssh_host_dsa_key.pub

Now comes the part where you can connect to the internet, "ifconfig eth0 up" (for you, if you're not using Kali Linux, "ifconfig en1ps03 up", or whatever Terminal says.)

Don't forget to use the "macchanger" command, and change the 802.11 "nickname" each time you boot, as it is only valid as long as the computer is on.

So

sudo -i
[Your password]
ifconfig eth0 down (Always replace eth0 with your version, for example en1ps101, or whatever Terminal says).
macchanger -r eth0 / macchanger -a eth0
iwconfig ath0 nickname "Donottrack" (for you an1ps10, or whatever Terminal tells you)
ifconfig eth0 up

Now comes the part where we start to download and configure some stuff. We'll talk about Firefox security settings, Brave security settings, VPNs, I2P (Private, Anonymous Network, Encrypted), Proxychains (It does what the Tor browser does, but differently), and more.

Open Firefox, and the first thing you need to do is go to Settings, and in the bottom left corner, "Add-ons". In the search box, type "ZenMate VPN". This is a VPN add-on. Use it now for all the tasks below. It is needed to do the "basic" configuration over the VPN for security.

Default search engine is DuckDuckGo, delete the rest from there. For camera, microphone, location, turn everything off and disable New Requests. Under Privacy and Security, change it to Strict. At the bottom, tick the "Send Website Do Not Track" checkbox, and then "All sites HTTPS mode" at the bottom. Never record any history. Look through all the sections in Settings and you will find these.

Then scroll to the bottom and select Network Settings. Change the Proxy to Manual and for HTTP Proxy, enter 127.0.0.1, Port: 4444, then select SOCKS5.

Then go to the nextdns page and go to the Browser section. nextdns.io

DNA In short - people access information through domain names. DNS translates domain names into IP addresses. Every device connected to the Internet has a unique IP address that other machines use to find it. Each device connected to the Internet has its own unique IP address. To increase security, it is a good idea to change your DNS address. To do this, I will give you a description of how to change the DNS address in your browser, your Linux system, your router.

You can Download Nextdns to your Linux from Nextdns site. Copy the command line from the Nextdns site and paste in the Terminal and follow the instructions. This is the first step to change your DNS in your System. You can change it your Router, see below, “Tips and Advice”, 14.

In the Firefox section, select the DNS address that NextDNS points to for Firefox and paste it into the Firefox network settings subsection. But before that, change the DNS to Manual and Custom. Then paste the DNS address.

A member wrote a series of CyberSecurity posts, look at that, and what's left out here, and what's in this post, do that, and what's left in there, and what's in this post, do that.

https://ancient-forums.com/viewtopic.php?f=3&t=43871&hilit=Cybersecurity&sid=e583d7ad0891b05d7622f53bfc268e16

https://ancient-forums.com/viewtopic.php?f=3&t=44022&hilit=Cybersecurity&sid=e583d7ad0891b05d7622f53bfc268e16

https://ancient-forums.com/viewtopic.php?f=3&t=44195&hilit=Cybersecurity&sid=e583d7ad0891b05d7622f53bfc268e16

https://ancient-forums.com/viewtopic.php?f=3&t=44341&hilit=Cybersecurity&sid=e583d7ad0891b05d7622f53bfc268e16

https://ancient-forums.com/viewtopic.php?f=3&t=44770&hilit=Cybersecurity&sid=e583d7ad0891b05d7622f53bfc268e16

The add-ons I recommend and use for Firefox for both normal browsing and incognito browsing are NoScript, HTTPS Everywhere, ADBlocker Ultimate, UBlock Origin, Ghostery, ClearURL's, Cookie Auto-Delete, PrivacyBadger, DuckDuckGo (add-on), Disconnect, FoxyProxy Standard, Disable WebRTC. (WebRTC should be disabled because it can leak your real IP address, even if you use a VPN or proxy. This extension prevents this.

Open FoxyProxy Standard and go to the "Add" interface on the left. There, select HTTP Proxy on the right, then enter "127.0.0.1, localhost". Then save it, then in the top right corner where the extensions are listed, click on FoxyProxy, then 127.0.0.1 (it will be highlighted in green).

Once you've done everything, you're ready for the next step. Download the VPN you normally use. I recommend ProtonVPN, MullvadVPN and RiseupVPN. The first and third are free, so you can download them and sign up. Mullvad is also a neat and good VPN, you just have to pay for it. RiseupVPN is just download and use. It provides a bridge, just like Tor, so you can use RiseupVPN without your ISP knowing you're using a VPN. Otherwise, ProtonVPN and RiseupVPN are by far the most secure encrypted VPNs.

You can also use WindScribe VPN. From what I've looked at, you can configure a lot of things in it. By default it seems like a good VPN by itself, blocks WebRTC and a lot of malware and more. However, if you use the free version, you only have 10GB monthly limited. If that expires, you'll have to wait until next month.

However, it can be used on its own as it's in Firefox extensions, so you can use it alongside 1-2 VPNs on your system, just this one within Firefox.

I also recommend WireGuard. Below is a useful page on how to set it up to work properly.

On Linux downloads are done differently, there are instructions on what to do on the ProtonVPN and RiseupVPN pages. Select your system and the instructions will be there. Once installed, type VPN in the Linux menu search and you're done. In the case of Riseup, reboot your system and it will work.

Once you're connected to a VPN, you're ready for the next step. Download I2P. If you downloaded it from the I2P site (geti2p.net), then paste the name of the downloaded file into Terminal. I'll show you how - Once downloaded, Terminal: cd Downloads, ls, and there will be the name. In Terminal, type the filename after "java -jar". This will unpack the file.

This is an encrypted, anonymous network. After you install it, wait a few minutes, then launch it in Terminal. At the end of the installer you will see a message telling you which command to run. A small example - "home/yourusername/i2p/i2prouter start". Another - "i2prouter start". And to stop it - "home/your-username/i2p/i2prouter stop". Another one - "i2prouter stop".

Open your browser (Firefox or Brave), and type the next “command” in the search engine, top – 127.0.0.1:7657. Click next and next, and if you need, configure it. But I think it is good is default settings.

Start I2P on every boot, just in case.

You can use another, slightly different VPN provider, WireGuard. Read on to find out how it works. I've provided a link to help you configure it. WireGuard is a most Secure and Safe VPN, but you need the Terminal if you want to configure it.

WireGuard - https://www.the-digital-life.com/wireguard-installation-and-configuration/

Then install the Tor browser. You can easily download it from the Tor website and choose Linux. I'll give you a little help so you can do it from here. Once downloaded, open Terminal and type the following.

cd Downloads/

ls

tar -xvf tor-browser-linux64-11.0.11_en-US.tar.xz

Then go to Downloads and start it. You can also try that in Terminal:

cd Downloads/

cd tor-browser_en-US

./start-tor-browser.desktop

Then launch it, but before you click "connect", go to "Tor Settings". Then scroll down and set the bridge, in this case obfs4. The bridge does the job of hiding from your ISP that you are using Tor. That way, no one but you knows when you are using it.

Then set it up like Firefox. What I listed above for Firefox, set it up for the Tor browser. Do not add or delete anything except add-ons. The Tor browser defaults to two add-ons, NoScript and HTTPS Everywhere. Don't mess with these, leave them as they are. Set security to the highest, "Safest".

Then exit and download ProxyChains. Proxychains (like Tor) is an encrypted service that encrypts almost all traffic that passes through it. It goes from one IP address to another, similar to Tor. You can do this by doing the following. You can install it with or without the root user, but the following commands are root. As root, all you need to do is type sudo -i in Terminal and then enter your password.

So - apt-get install tor -y / If you're not doing it in root, then - sudo apt install tor -y

Then - apt-get install proxychains -y / If you are not rooting, then - sudo apt install proxychains -y (Sudo for short - superuser)

But do the next part in root - sudo -i and your password, and you’re the root.

Then - nano /etc/proxychains.conf - Here scroll down and take out the "#" in front of Dynamic Chain and scroll down and you will see one that says Strict Chain and put the "#" in front of it. Then scroll down to the bottom and under "socks4" type - socks5 127.0.0.1 9050, then CTRL + S (save, then CTRL + C (exit)).

Then try - "proxychains firefox" and it will start. It is advisable to reboot the system afterwards. Remember to change the Mac address and 802.11 "nickname" on every boot. You can see how it works in the Terminal. The main thing is that if you want to use it with an Application, you need to put "proxychains" in front of the Application. Another example for Brave Browser - proxychains brave-browser.

privacytools.io - On this page you will find countless other useful and helpful applications and programs, browse and select from them.

You can download Brave Browser even if you use multiple browsers. Brave gives detailed instructions on how to do this, so you just need to select and paste the commands into Terminal. Within the Brave - Under Security Settings - Fingerprint - Strict, Block Cookies - All, Block Script - Enabled. On nextdns.io, go to Browsers and look for Brave. What you type there is DNS, type it into your Brave browser. Look under Security Settings. Then select "Custom" DNS and paste what you see on the NextDNS page.

The Add-ons what I recommend to Brave – HTTPS Everywhere, NoScript, FoxyProxy Standard, Ublock Origin, ADBlocker Ultimate, DuckDuckGo (Add-on).

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

You can also use VeraCrypt for additional encryption, it can be useful. Read up on VeraCrypt if you need it. The idea is that you can create a virtual encrypted disk and store data on it.

If you want a bit more security, you can use VirtualBox. VirtualBox is a virtual computer running on a physical machine. You can specify how much storage space it should have, how much RAM it should use, and so on. You can install lots of systems here and try them out. You can also use Tails OS to increase security.

To summarise, once you have started the system

sudo -i
[Your password]
ifconfig eth0 down (Always replace eth0 with your version, for example en1ps101, or whatever Terminal says).
macchanger -r eth0 / macchanger -a eth0
iwconfig ath0 nickname "Donottrack" (for you an1ps10, or whatever Terminal tells you)
ifconfig eth0 up

Then

Start I2P (home/your username/i2p/i2prouter start / i2prouter start)
start RiseupVPN (just look for it in the applications, you don't need to use Terminal to start it)
Then start ProtonVPN (look for ProtonVPN in your applications, you don't need to use Terminal to start it).

This is good because by default you connect from one VPN IP address to another VPN IP address, and this is very good for security. Not incidentally, two VPNs running at the same time = enhanced security.

Another variation

Launch WireGuard (Launch it with the instructions and directions in the attached link).

Start RiseupVPN or ProtonVPN.

Start I2P (home/your username/i2p/i2prouter start / i2prouter start).

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

If you are doing everything through the Tor browser, so you are viewing the forums from there, do these settings I listed above. Even if Tor is secure, if you need more anonymity, do it. If you use Proxychains for browsing, do it. This should have been a Linux Advanced Information post. It's a bit long, but below are some important points to keep in mind for security.

The next part is the CyberSecurity on Android. (?) I may publish a cybersecurity post on Android later today. However - there are a lot of parts to go through and it's still a bit incomplete. The post itself is done, I just feel it's still incomplete.

But remember - the greatest security is always yourself. Never do anything stupid, otherwise the techniques mentioned above will not protect you.

Tips and advice

1. Always use I2P and some kind of VPN (WireGuard) for even the most traditional internet use, and use a secure browser (Firefox or Brave).
2. Choose the right provider for your email account - ProtonMail, MailFence, Tutanota, I2P Email or Riseup Mail. For Tor email - Mail2Tor, TorBox.
3. Use a secure cloud for documents, texts, reading material - Mega, IceDrive or ProtonDrive. For sharing, use Freenet or OnionShare on Tor. For Tor browser storage, use MEGATor.
4. Turn on the Firewall on your Linux system. In the search box, type "firewall", then type the password and turn it on.
5 For a calendar, use an encrypted application - ProtonCalendar, or Tutanota Email provider's Calendar.
6 If you absolutely must create a Facebook account, or any social networking account, do it through Tor, using a Tor email address (Mail2Tor/Torbox.) Never give your real birth year, name, age, identity - anything that is real.
7. Use different email addresses, usernames, passwords, ages everywhere.
8. If using a Laptop, cover the camera with a black/dark material.
9. If you use multiple forums for chatting, use a different text style, speech style, spelling in each forum - So communicate differently everywhere so they don't know who you are.
10. Don't really use profile pictures in other Forums.
11. Download all applications for Linux in English, and don't put the Tor browser on full screen, as this will give away your screen resolution.
12. Change the region and time zone of your Linux system as far away from you as possible. You can do this simply by typing Time into the Linux search engine.
13. Don't tell anyone what you are doing on Linux.
14. On the NextDNS page you will find an interface called "Routers". Here you will see two addresses, and you can paste them into the Advanced Internet Settings menu of your router. Click on the network and you'll see the Settings option. In the Ipv4 interface, enter the address of the NextDNS for the DNS servers, separated by commas, then save it. If your network supports Ipv6, it will there too. You can also do this on your phone - long tap Wifi, then "Advanced Settings", change the IP address to Static, then scroll down and paste the two DNS addresses, then save.
15. If your phone supports Ubuntu Touch, Kali Linux OS for phone, then download it and do the above there too. Ubuntu Touch is basically a Linux system on phone and Kali Linux OS is same. If it doesn't support it, you can try CalyxOS or LineageOS. If they don't either, then try rooting your phone and when done, disable all google/facebook apps and replace all default apps (phone, messages) with other ones. CyberSecurity part 5 (if I remember correctly) has more detailed instructions on this. Use F-Droid to download apps and always have VPN turned on.
16. If you pay by credit card over the internet, look for an app that helps with encryption.
17. Change your wifi password. Make it hard and long, and only you know it. Also change the name of your wifi to something short, like - misbfhs.
18. Always stay logical and never be reckless. Always think rationally and never let anything influence you.

Here is the Offline, PDF File - https://mega.nz/folder/N8dgWLgB#eoF8_ARlenx-upSVrm5abQ

BrightSpace666
 
BrightSpace666 said:
CyberSecurity On Linux – Advanced Information
That's a great post. The only thing I read about before was SSH and using it to block remote access to the root if I remember correctly. Even that was not easy to do. All this work carried out through the terminal is really fussy as something can easily go wrong and one will have no clue on why it doesn't work as instructed as the explanations given by the terminal are most of the time not easy to understand.
 
The Alchemist7 said:
BrightSpace666 said:
CyberSecurity On Linux – Advanced Information
That's a great post. The only thing I read about before was SSH and using it to block remote access to the root if I remember correctly. Even that was not easy to do. All this work carried out through the terminal is really fussy as something can easily go wrong and one will have no clue on why it doesn't work as instructed as the explanations given by the terminal are most of the time not easy to understand.

Yes, but I gave commands that did not write "complicated" or difficult to understand instructions. Merely typing or pasting them into the Terminal will get the result.
 
What I forgot to mention is that these commands are all tested, so using them should not be a problem. If I forgot anything else, I'll mention it in the comments.
 
This is nice, good job. I would just change duckduck go to qwant. I tested search results and duckduck go gives about the same as google so what's the point.
 
Henu the Great said:
This is nice, good job. I would just change duckduck go to qwant. I tested search results and duckduck go gives about the same as google so what's the point.

I heard duckduckgo was compromised as far as privacy
 
BrightSpace666 said:
The Alchemist7 said:
BrightSpace666 said:
CyberSecurity On Linux – Advanced Information
That's a great post. The only thing I read about before was SSH and using it to block remote access to the root if I remember correctly. Even that was not easy to do. All this work carried out through the terminal is really fussy as something can easily go wrong and one will have no clue on why it doesn't work as instructed as the explanations given by the terminal are most of the time not easy to understand.

Yes, but I gave commands that did not write "complicated" or difficult to understand instructions. Merely typing or pasting them into the Terminal will get the result.

Yes you gave straightforward commands. They are easy to follow. I looked everything over, you did a very good job of explaining everything.

It can be harder for people new to the terminal to catch on, but they will learn eventually. For Linux and BSD the terminal is your best friend lol.

I'm sure these can be ran from a tty session as well. I'll attempt all that later, as I usually use startx for starting X instead of a display manager, for my one Devuan Linux machine.

I've been super curious about dragonflyBSD as a secure system, for hardware that supports it. It has alot of freebsd ports in dports. It's not used by many people at all, but it is a really interesting BSD distro in comparison to the others.

As BSD distros have serious potential in my opinion.

I've used both OpenBSD and FreeBSD set up with a desktop environment in virtual machines, and they are great for many use cases.
 
BrightSpace666 said:
Part of a larger project of mine is finished (hopefully finally). In this post you will find some longer information on how to achieve a certain level of security in the online space. We cannot be completely safe because of enemy-controlled facilities and their parasitism in the online space.

If you follow these, you can achieve an "above average" level of security. Remember there is never 100% security, it would require someone not using the internet, computers etc. I hope I have been able to help you with this.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Cyber Security is important in many ways, especially for an SS. As safe as you are spiritually, you need to be safe online.

I won't go into why Cyber Security is important. Spiritual warfare, browsing forums, and the list goes on. All of these require programs and systems on which you can perform these core tasks, and all with adequate security.

About Linux in brief - Linux is a completely open source operating system, with many default security settings. These settings vary from Linux distribution to Linux distribution, but all systems have "default" security settings.

On Linux (unlike Windows), programs do not run with administrator privileges. On Windows everything runs with this privilege, which is not at all secure from a Cyber Security point of view. Lots of updates, data sending, viruses - all serious problems.

On Linux, if you happen to come across a virus and it downloads in the background, it doesn't run on the system. You have to boot to it, since it don't have administrator privileges, so it doesn't bother you in almost any way. This is not the case on Windows, which is why most viruses are on Windows systems.

Linux has many versions, so anyone who wants to switch has a huge choice.

Linux beginners can start with Ubuntu or even Linux Mint. These systems include word processors by default, just a more secure version of them. LibreOffice, LibreOffice Writer, Draw, etc. There are also numerous security updates, and security improves with each update.

There are also many updates on Linux, but these are mostly Kernel and security updates.

When installing Linux, the first step when you are at the installer is to select "Encrypt entire disk" and "Encrypt my folders". This is the first security step. In the following sections we will talk about the Terminal, so pay close attention to every detail.

Choose a strong password and a security key to access the system. You will need to enter two passwords after each boot - the security key and the user password. Also write down the security key on a piece of paper so that you don't lose it.

Everything will be explained and justified.

The first thing you need to do in your newly installed system is to open Terminal. (this is a panel window where you can type commands. You will do pretty much everything through the Terminal - downloading, installing, unpacking programs, etc).

You need to give yourself root privileges with the following command - "sudo -i". Enter the password of your computer here and you are root.

Type the following command to find the interface name using the following command - "ifconfig". The very first name it gives you is the name you should use. On Kali Linux, the interface name is eth0, but on other systems it's enp0s10, en1ps03, etc. Find this and select it. Next to it will be listed BROADCAST, MULTICAST, so you can easily find it.

I'll use Kali Linux commands in the following sections, but always use your own or it won't work. So always type your own interface name, for example en1p0s3, etc.

The first command is to disconnect from the Internet (only for a while, of course, and only on the computer) - on Kali Linux this is "ifconfig eth0 down". On your system, this should look like this if you're not using Kali - "ifconfig enp1s01 down", "ifconfig en1ps03 down", or whatever the Terminal says on the network.

This will disconnect you from the internet and you can continue. This is necessary so that when you reset the network, it will be with the new settings.

MAC address - A mac address is an abbreviation for the physical location of your computer and makes it easier to determine where you are. If they also know your IP address, that's even worse. This is not good and we will change it. "ifconfig eth0 hw ether de:ed:fe:ef:f0:0e" (Always use your own netname, e.g. enp1s023, etc.) This will change the MAC address.

You can also use the "macchanger" command to change the Mac address, but this must be downloaded. "sudo apt install macchanger -y", or if you are root, "apt-get install macchanger -y". (The "-y" means yes, you need to go further in the installer to download the program.)

When you're done, "macchanger -r eth0" (the "r" is short for Random Mac Address) and it will print out your current MAC address, then the new one. You can also change the MAC Address vendor by typing - macchanger -a eth0 (remember, always replace "eth0" with your own, such as en1ps03, or whatever Terminal says. So, what we have done so far on the completely New, Encrypted system:

sudo -i (for root) - "ifconfig eth0 down", ifconfig eth0 hw ether de:ed:fe:ef:f0:0e / macchanger -r eth0 (both change the MAC address, choose one, but using both together is fine). The next parts will be more complicated commands, but since they are, just copy and paste them into Terminal. These commands all work, regardless of the Linux system.

You can change the 802.11 "nickname" by doing the following. This 802.11 "nickname" means that it sends your Hostname to the AP. So change this so that you don't have a problem with it.

"iwconfig ath0 nickname "It is good"?" is an example, you can type a meaningless "nickname" here.

You can also check what options are available for a particular program, such as macchanger - macchanger -h (the "-h" indicates you're asking for help). Or another - ifconfig -h.

Type the following into Terminal as root - nano /etc/resolv.conf. Then scroll down and change "Nameserver" to the following - nameserver 127.0.0.1.

Next to the commands you will find an explanation of what each command ideally does. These commands are particularly useful in CyberSecurity, so their use is recommended. I should say that these commands (802, SSH, Nickname) come from the Deep Web, but I'll explain why they are useful. If you know anything about IT, you should know what these commands are for, so don't worry. On the other hand, Deep Web users are specifically focused on anonymous Interneting, and often help others to do so.

You should always run these commands in root mode, so "sudo -i" before each command and you're good to go.

Also, change the hostname of your system using "sudo hostnamectl set-hostname linuxconfig", then type "hostname". Here you can see that you have changed it. Also change the short name of your hostname and the "Alias" - hostname -a "Linux", then hostname -s "LX". This changes the "short" name of your Linux system and the "Alias" name.

Ident - in short ident is the TCP identification service. It allows a remote host to determine the local username associated with any TCP connection to that remote host. This is bad in case your computer's username might give away your real name. Be sure to do this with the following.

iptables -A INPUT -p tcp --dport ident -j DROP

That's it, we're ready for the next one.

Next is SSH. This can also be used for fingerprinting. It connects to port 22 of your IP to check if you are using the same machine as another IP you used before, either at your ISP or over a VPN. You need to change this, which you can do with the following commands. There will be 3 commands, all three will prompt you for a name and password, but just press enter. Don't type anything, just type enter. If you do want to do it, type a different username and password for each of the three. But I don't think that's necessary.

ssh-keygen -t rsa -f ssh_host_key.pub

ssh-keygen -t rsa -f ssh_host_rsa_key.pub

ssh-keygen -t dsa -f ssh_host_dsa_key.pub

Now comes the part where you can connect to the internet, "ifconfig eth0 up" (for you, if you're not using Kali Linux, "ifconfig en1ps03 up", or whatever Terminal says.)

Don't forget to use the "macchanger" command, and change the 802.11 "nickname" each time you boot, as it is only valid as long as the computer is on.

So

sudo -i
[Your password]
ifconfig eth0 down (Always replace eth0 with your version, for example en1ps101, or whatever Terminal says).
macchanger -r eth0 / macchanger -a eth0
iwconfig ath0 nickname "Donottrack" (for you an1ps10, or whatever Terminal tells you)
ifconfig eth0 up

Now comes the part where we start to download and configure some stuff. We'll talk about Firefox security settings, Brave security settings, VPNs, I2P (Private, Anonymous Network, Encrypted), Proxychains (It does what the Tor browser does, but differently), and more.

Open Firefox, and the first thing you need to do is go to Settings, and in the bottom left corner, "Add-ons". In the search box, type "ZenMate VPN". This is a VPN add-on. Use it now for all the tasks below. It is needed to do the "basic" configuration over the VPN for security.

Default search engine is DuckDuckGo, delete the rest from there. For camera, microphone, location, turn everything off and disable New Requests. Under Privacy and Security, change it to Strict. At the bottom, tick the "Send Website Do Not Track" checkbox, and then "All sites HTTPS mode" at the bottom. Never record any history. Look through all the sections in Settings and you will find these.

Then scroll to the bottom and select Network Settings. Change the Proxy to Manual and for HTTP Proxy, enter 127.0.0.1, Port: 4444, then select SOCKS5.

Then go to the nextdns page and go to the Browser section. nextdns.io

DNA In short - people access information through domain names. DNS translates domain names into IP addresses. Every device connected to the Internet has a unique IP address that other machines use to find it. Each device connected to the Internet has its own unique IP address. To increase security, it is a good idea to change your DNS address. To do this, I will give you a description of how to change the DNS address in your browser, your Linux system, your router.

You can Download Nextdns to your Linux from Nextdns site. Copy the command line from the Nextdns site and paste in the Terminal and follow the instructions. This is the first step to change your DNS in your System. You can change it your Router, see below, “Tips and Advice”, 14.

In the Firefox section, select the DNS address that NextDNS points to for Firefox and paste it into the Firefox network settings subsection. But before that, change the DNS to Manual and Custom. Then paste the DNS address.

A member wrote a series of CyberSecurity posts, look at that, and what's left out here, and what's in this post, do that, and what's left in there, and what's in this post, do that.

https://ancient-forums.com/viewtopic.php?f=3&t=43871&hilit=Cybersecurity&sid=e583d7ad0891b05d7622f53bfc268e16

https://ancient-forums.com/viewtopic.php?f=3&t=44022&hilit=Cybersecurity&sid=e583d7ad0891b05d7622f53bfc268e16

https://ancient-forums.com/viewtopic.php?f=3&t=44195&hilit=Cybersecurity&sid=e583d7ad0891b05d7622f53bfc268e16

https://ancient-forums.com/viewtopic.php?f=3&t=44341&hilit=Cybersecurity&sid=e583d7ad0891b05d7622f53bfc268e16

https://ancient-forums.com/viewtopic.php?f=3&t=44770&hilit=Cybersecurity&sid=e583d7ad0891b05d7622f53bfc268e16

The add-ons I recommend and use for Firefox for both normal browsing and incognito browsing are NoScript, HTTPS Everywhere, ADBlocker Ultimate, UBlock Origin, Ghostery, ClearURL's, Cookie Auto-Delete, PrivacyBadger, DuckDuckGo (add-on), Disconnect, FoxyProxy Standard, Disable WebRTC. (WebRTC should be disabled because it can leak your real IP address, even if you use a VPN or proxy. This extension prevents this.

Open FoxyProxy Standard and go to the "Add" interface on the left. There, select HTTP Proxy on the right, then enter "127.0.0.1, localhost". Then save it, then in the top right corner where the extensions are listed, click on FoxyProxy, then 127.0.0.1 (it will be highlighted in green).

Once you've done everything, you're ready for the next step. Download the VPN you normally use. I recommend ProtonVPN, MullvadVPN and RiseupVPN. The first and third are free, so you can download them and sign up. Mullvad is also a neat and good VPN, you just have to pay for it. RiseupVPN is just download and use. It provides a bridge, just like Tor, so you can use RiseupVPN without your ISP knowing you're using a VPN. Otherwise, ProtonVPN and RiseupVPN are by far the most secure encrypted VPNs.

You can also use WindScribe VPN. From what I've looked at, you can configure a lot of things in it. By default it seems like a good VPN by itself, blocks WebRTC and a lot of malware and more. However, if you use the free version, you only have 10GB monthly limited. If that expires, you'll have to wait until next month.

However, it can be used on its own as it's in Firefox extensions, so you can use it alongside 1-2 VPNs on your system, just this one within Firefox.

I also recommend WireGuard. Below is a useful page on how to set it up to work properly.

On Linux downloads are done differently, there are instructions on what to do on the ProtonVPN and RiseupVPN pages. Select your system and the instructions will be there. Once installed, type VPN in the Linux menu search and you're done. In the case of Riseup, reboot your system and it will work.

Once you're connected to a VPN, you're ready for the next step. Download I2P. If you downloaded it from the I2P site (geti2p.net), then paste the name of the downloaded file into Terminal. I'll show you how - Once downloaded, Terminal: cd Downloads, ls, and there will be the name. In Terminal, type the filename after "java -jar". This will unpack the file.

This is an encrypted, anonymous network. After you install it, wait a few minutes, then launch it in Terminal. At the end of the installer you will see a message telling you which command to run. A small example - "home/yourusername/i2p/i2prouter start". Another - "i2prouter start". And to stop it - "home/your-username/i2p/i2prouter stop". Another one - "i2prouter stop".

Open your browser (Firefox or Brave), and type the next “command” in the search engine, top – 127.0.0.1:7657. Click next and next, and if you need, configure it. But I think it is good is default settings.

Start I2P on every boot, just in case.

You can use another, slightly different VPN provider, WireGuard. Read on to find out how it works. I've provided a link to help you configure it. WireGuard is a most Secure and Safe VPN, but you need the Terminal if you want to configure it.

WireGuard - https://www.the-digital-life.com/wireguard-installation-and-configuration/

Then install the Tor browser. You can easily download it from the Tor website and choose Linux. I'll give you a little help so you can do it from here. Once downloaded, open Terminal and type the following.

cd Downloads/

ls

tar -xvf tor-browser-linux64-11.0.11_en-US.tar.xz

Then go to Downloads and start it. You can also try that in Terminal:

cd Downloads/

cd tor-browser_en-US

./start-tor-browser.desktop

Then launch it, but before you click "connect", go to "Tor Settings". Then scroll down and set the bridge, in this case obfs4. The bridge does the job of hiding from your ISP that you are using Tor. That way, no one but you knows when you are using it.

Then set it up like Firefox. What I listed above for Firefox, set it up for the Tor browser. Do not add or delete anything except add-ons. The Tor browser defaults to two add-ons, NoScript and HTTPS Everywhere. Don't mess with these, leave them as they are. Set security to the highest, "Safest".

Then exit and download ProxyChains. Proxychains (like Tor) is an encrypted service that encrypts almost all traffic that passes through it. It goes from one IP address to another, similar to Tor. You can do this by doing the following. You can install it with or without the root user, but the following commands are root. As root, all you need to do is type sudo -i in Terminal and then enter your password.

So - apt-get install tor -y / If you're not doing it in root, then - sudo apt install tor -y

Then - apt-get install proxychains -y / If you are not rooting, then - sudo apt install proxychains -y (Sudo for short - superuser)

But do the next part in root - sudo -i and your password, and you’re the root.

Then - nano /etc/proxychains.conf - Here scroll down and take out the "#" in front of Dynamic Chain and scroll down and you will see one that says Strict Chain and put the "#" in front of it. Then scroll down to the bottom and under "socks4" type - socks5 127.0.0.1 9050, then CTRL + S (save, then CTRL + C (exit)).

Then try - "proxychains firefox" and it will start. It is advisable to reboot the system afterwards. Remember to change the Mac address and 802.11 "nickname" on every boot. You can see how it works in the Terminal. The main thing is that if you want to use it with an Application, you need to put "proxychains" in front of the Application. Another example for Brave Browser - proxychains brave-browser.

privacytools.io - On this page you will find countless other useful and helpful applications and programs, browse and select from them.

You can download Brave Browser even if you use multiple browsers. Brave gives detailed instructions on how to do this, so you just need to select and paste the commands into Terminal. Within the Brave - Under Security Settings - Fingerprint - Strict, Block Cookies - All, Block Script - Enabled. On nextdns.io, go to Browsers and look for Brave. What you type there is DNS, type it into your Brave browser. Look under Security Settings. Then select "Custom" DNS and paste what you see on the NextDNS page.

The Add-ons what I recommend to Brave – HTTPS Everywhere, NoScript, FoxyProxy Standard, Ublock Origin, ADBlocker Ultimate, DuckDuckGo (Add-on).

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

You can also use VeraCrypt for additional encryption, it can be useful. Read up on VeraCrypt if you need it. The idea is that you can create a virtual encrypted disk and store data on it.

If you want a bit more security, you can use VirtualBox. VirtualBox is a virtual computer running on a physical machine. You can specify how much storage space it should have, how much RAM it should use, and so on. You can install lots of systems here and try them out. You can also use Tails OS to increase security.

To summarise, once you have started the system

sudo -i
[Your password]
ifconfig eth0 down (Always replace eth0 with your version, for example en1ps101, or whatever Terminal says).
macchanger -r eth0 / macchanger -a eth0
iwconfig ath0 nickname "Donottrack" (for you an1ps10, or whatever Terminal tells you)
ifconfig eth0 up

Then

Start I2P (home/your username/i2p/i2prouter start / i2prouter start)
start RiseupVPN (just look for it in the applications, you don't need to use Terminal to start it)
Then start ProtonVPN (look for ProtonVPN in your applications, you don't need to use Terminal to start it).

This is good because by default you connect from one VPN IP address to another VPN IP address, and this is very good for security. Not incidentally, two VPNs running at the same time = enhanced security.

Another variation

Launch WireGuard (Launch it with the instructions and directions in the attached link).

Start RiseupVPN or ProtonVPN.

Start I2P (home/your username/i2p/i2prouter start / i2prouter start).

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

If you are doing everything through the Tor browser, so you are viewing the forums from there, do these settings I listed above. Even if Tor is secure, if you need more anonymity, do it. If you use Proxychains for browsing, do it. This should have been a Linux Advanced Information post. It's a bit long, but below are some important points to keep in mind for security.

The next part is the CyberSecurity on Android. (?) I may publish a cybersecurity post on Android later today. However - there are a lot of parts to go through and it's still a bit incomplete. The post itself is done, I just feel it's still incomplete.

But remember - the greatest security is always yourself. Never do anything stupid, otherwise the techniques mentioned above will not protect you.

Tips and advice

1. Always use I2P and some kind of VPN (WireGuard) for even the most traditional internet use, and use a secure browser (Firefox or Brave).
2. Choose the right provider for your email account - ProtonMail, MailFence, Tutanota, I2P Email or Riseup Mail. For Tor email - Mail2Tor, TorBox.
3. Use a secure cloud for documents, texts, reading material - Mega, IceDrive or ProtonDrive. For sharing, use Freenet or OnionShare on Tor. For Tor browser storage, use MEGATor.
4. Turn on the Firewall on your Linux system. In the search box, type "firewall", then type the password and turn it on.
5 For a calendar, use an encrypted application - ProtonCalendar, or Tutanota Email provider's Calendar.
6 If you absolutely must create a Facebook account, or any social networking account, do it through Tor, using a Tor email address (Mail2Tor/Torbox.) Never give your real birth year, name, age, identity - anything that is real.
7. Use different email addresses, usernames, passwords, ages everywhere.
8. If using a Laptop, cover the camera with a black/dark material.
9. If you use multiple forums for chatting, use a different text style, speech style, spelling in each forum - So communicate differently everywhere so they don't know who you are.
10. Don't really use profile pictures in other Forums.
11. Download all applications for Linux in English, and don't put the Tor browser on full screen, as this will give away your screen resolution.
12. Change the region and time zone of your Linux system as far away from you as possible. You can do this simply by typing Time into the Linux search engine.
13. Don't tell anyone what you are doing on Linux.
14. On the NextDNS page you will find an interface called "Routers". Here you will see two addresses, and you can paste them into the Advanced Internet Settings menu of your router. Click on the network and you'll see the Settings option. In the Ipv4 interface, enter the address of the NextDNS for the DNS servers, separated by commas, then save it. If your network supports Ipv6, it will there too. You can also do this on your phone - long tap Wifi, then "Advanced Settings", change the IP address to Static, then scroll down and paste the two DNS addresses, then save.
15. If your phone supports Ubuntu Touch, Kali Linux OS for phone, then download it and do the above there too. Ubuntu Touch is basically a Linux system on phone and Kali Linux OS is same. If it doesn't support it, you can try CalyxOS or LineageOS. If they don't either, then try rooting your phone and when done, disable all google/facebook apps and replace all default apps (phone, messages) with other ones. CyberSecurity part 5 (if I remember correctly) has more detailed instructions on this. Use F-Droid to download apps and always have VPN turned on.
16. If you pay by credit card over the internet, look for an app that helps with encryption.
17. Change your wifi password. Make it hard and long, and only you know it. Also change the name of your wifi to something short, like - misbfhs.
18. Always stay logical and never be reckless. Always think rationally and never let anything influence you.

Here is the Offline, PDF File - https://mega.nz/folder/N8dgWLgB#eoF8_ARlenx-upSVrm5abQ

BrightSpace666

Open FoxyProxy Standard and go to the "Add" interface on the left. There, select HTTP Proxy on the right, then enter "127.0.0.1, localhost". Then save it, then in the top right corner where the extensions are listed, click on FoxyProxy, then 127.0.0.1 (it will be highlighted in green).

Somehow I forgot the part where 127.0.0.1 is added to the proxy, and below it the port - 4444. So, Proxy IP - 127.0.0.1, localhost. Below the Port: 4444. That's it. If something is still incomplete, I will correct it.
 
Henu the Great said:
This is nice, good job. I would just change duckduck go to qwant. I tested search results and duckduck go gives about the same as google so what's the point.

Thanks for the advice, I will look into this search engine.
 
Shadowcat said:
Henu the Great said:
This is nice, good job. I would just change duckduck go to qwant. I tested search results and duckduck go gives about the same as google so what's the point.

I heard duckduckgo was compromised as far as privacy

I've encountered similar problems, but DuckDuckGo is also available in the Tor browser, and so far I've had no problems. If any improvements are made, or it is found to be unsafe, I will mention it in the post below and we can replace it with another search engine.
 
Change

The DuckDuckGo search engine can be replaced by the Mojeek or MetaGer search engine. Both seem to be safe search engines.

https://www.mojeek.com/

https://metager.org/
 
I found a solution to hide the IP address without using a VPN. For this you need a program called - Privoxy. In the configuration file you can configure how you want to use the program itself. In this short section, I'll show you how to do this, and I'll also show you another encrypted and anonymous network that you can use to hide your IP address and browse the Internet safely.

Select your system and download - https://www.privoxy.org/sf-download-mirror/

You can also download it from terminal - sudo apt install privoxy -y, or if you are root, apt-get install privoxy -y. As you need the Tor network for this, you don't need to download Tor as if you've done the steps in this post it's already on your system, but if not, download the Tor browser from the Tor website, unzip it and type - sudo apt install tor -y in Terminal, or if you're root - apt-get install tor -y.

After downloading Privoxy as root (sudo -i, then password), open the Privoxy configuration file - nano /etc/privoxy/config. Scroll to the bottom and add the following - "forward-socks5t / 127.0.0.1:9050 ."Just copy and paste it, but without the quotes. You have done the first step. Check in Terminal to see if they are running. "service tor status", if it is active, you did it right. Then "systemctl service privoxy", if active, you did it right.

Then go to Firefox settings, "General", scroll to the very end, "Network Settings", then HTTP Proxy, HTTPS Proxy and SOCKS Host, type - 127.0.0.1 (same for all three).

Then next to each one, type "Port" - 8118. Then save and look up your IP address. If Tor and Privoxy are active on your system, you've done well.
 
Lokinet is an anonymous network through which browsing, identity, IP address and location are hidden. Your browsing is secret, secure and private.

On Linux you can download it from https://lokinet.org (GUI) and install it. Go to the GUI section and copy and paste the commands it shows into Terminal one by one. Once downloaded, type Terminal - lokinet-gui and the interface will appear for you. In the "Exit Nodes" section type - "exit.loki", without quotes. Then turn it on underneath, and if "exit.loki" turns into a long string of numbers and letters, you've done well.

In the Terminal, you can check if the network is running - "systemctl status lokinet", if it is active, you did it right. In addition to the above, if you want to stop Privoxy, type - "systemctl stop privoxy", and Tor - "service tor stop". Lokinet - "systemctl stop lokinet, or if you want to start it, "systemctl start lokinet", if you want to start Privoxy, "systemctl start privoxy, or if you want to start Tor, "service tor start".

I hope it was helpful. If you set these up, then connect to a VPN (or two, as I mentioned) and use a browser with the right settings to increase security, you're on the right track.
 
Master.mind said:
BrightSpace666 said:

Unlike Tor which uses fixed packet sizes, VPNs/Proxies do not employ packet padding which makes them easy targets for correlation.

In fact, I wrote this because there is such a solution. There are several ways to hide the IP address, and this is one of them.
 
VeraCrypt

If you want additional encryption for your files under your already encrypted Linux system, you can use VeraCrypt. In it you can encrypt partitions or even files. You can choose multiple encryption types for a file, and you can perform two Encryptions within a virtual storage. The essence in a nutshell - you create an encrypted virtual space for yourself and encrypt it with a password, then PIM and log in. You store files there, but in this encrypted space there is also a hidden encrypted space where you store more important files.

When you unlock the first encrypted space, the second one doesn't show up, you have to unlock it manually, then once unlocked, you enter the password and PIM if you chose that too, and log in. This is your file encrypted in several ways, if you chose this at the beginning it is also hidden, plus you have to enter two passwords (I recommend you choose the PIM too, it's like a PIN, it's made up of numbers).

You can also generate a "key file" yourself, this is an even bigger security detail, because without these you cannot enter your files. You can store anything here, be it Project works, or passwords, or text documents, anything, and it's your own encrypted part under an encrypted Linux system.

The Tutorial video - https://incogtube.com/watch?v=4SBWc_cQm-Y

https://veracrypt.fr/en/Home.html

Proxy

As I mentioned before, you can configure the Tor network on the system yourself. You need to enable torservice to do this. If you have done the Tor, Proxychains part of the post, you have this already on your system. "service tor status", if active, you're good. You'll also need a program called "Privoxy" (sudo apt install privoxy -y, or if you're root, apt install privoxy -y, then nano /etc/privoxy/config, and scroll to the bottom, add "forward-socks5t / 127.0.0.1:9050 ."

The proxy part of the browser is the same as the one I added above, but you can set it up for the internet if you want. Go to your system's Internet settings, then go to the Proxy section. HTTP, HTTPS Proxy, FTP and Socks Host - 127.0.0.1 for each. The port for each is 8118, or if you want to set it to I2P, the port for each is 4444.

IncogTube

This is an alternative to jewtube, where you can watch the same videos as on jewtube, but securely. It is also available on I2P, and I prefer to use it under the I2P network, although you can also use it on Clearnet.

A safe Android alternative is NewPipe or LibreTube.

https://incogtube.com/

On I2P - tube.i2p/ (For this you need to I2P installed on your system, and you should to configure your Web Browser Proxy settings.)

Whonix

Whonix is a secure system that runs over the Tor network and runs over VirtualBox. You can simply download it from the Whonix site and install it in VirtualBox. There are two systems running between it, Whonix Gateway and Whonix Workstation. The browser on the system is the Tor browser, and the whole system runs under the Tor network. Whonix is a very secure choice, and if you turn on a VPN or two on your system, do the things in the post, start I2P, and then start the Whonix system through VirtualBox, your anonymity is increased monumentally.

https://www.whonix.org/
 
BrightSpace666 said:
VeraCrypt

If you want additional encryption for your files under your already encrypted Linux system, you can use VeraCrypt. In it you can encrypt partitions or even files. You can choose multiple encryption types for a file, and you can perform two Encryptions within a virtual storage. The essence in a nutshell - you create an encrypted virtual space for yourself and encrypt it with a password, then PIM and log in. You store files there, but in this encrypted space there is also a hidden encrypted space where you store more important files.

When you unlock the first encrypted space, the second one doesn't show up, you have to unlock it manually, then once unlocked, you enter the password and PIM if you chose that too, and log in. This is your file encrypted in several ways, if you chose this at the beginning it is also hidden, plus you have to enter two passwords (I recommend you choose the PIM too, it's like a PIN, it's made up of numbers).

You can also generate a "key file" yourself, this is an even bigger security detail, because without these you cannot enter your files. You can store anything here, be it Project works, or passwords, or text documents, anything, and it's your own encrypted part under an encrypted Linux system.

The Tutorial video - https://incogtube.com/watch?v=4SBWc_cQm-Y

https://veracrypt.fr/en/Home.html

Proxy

As I mentioned before, you can configure the Tor network on the system yourself. You need to enable torservice to do this. If you have done the Tor, Proxychains part of the post, you have this already on your system. "service tor status", if active, you're good. You'll also need a program called "Privoxy" (sudo apt install privoxy -y, or if you're root, apt install privoxy -y, then nano /etc/privoxy/config, and scroll to the bottom, add "forward-socks5t / 127.0.0.1:9050 ."

The proxy part of the browser is the same as the one I added above, but you can set it up for the internet if you want. Go to your system's Internet settings, then go to the Proxy section. HTTP, HTTPS Proxy, FTP and Socks Host - 127.0.0.1 for each. The port for each is 8118, or if you want to set it to I2P, the port for each is 4444.

IncogTube

This is an alternative to jewtube, where you can watch the same videos as on jewtube, but securely. It is also available on I2P, and I prefer to use it under the I2P network, although you can also use it on Clearnet.

A safe Android alternative is NewPipe or LibreTube.

https://incogtube.com/

On I2P - tube.i2p/ (For this you need to I2P installed on your system, and you should to configure your Web Browser Proxy settings.)

Whonix

Whonix is a secure system that runs over the Tor network and runs over VirtualBox. You can simply download it from the Whonix site and install it in VirtualBox. There are two systems running between it, Whonix Gateway and Whonix Workstation. The browser on the system is the Tor browser, and the whole system runs under the Tor network. Whonix is a very secure choice, and if you turn on a VPN or two on your system, do the things in the post, start I2P, and then start the Whonix system through VirtualBox, your anonymity is increased monumentally.

https://www.whonix.org/

VeraCrypt has strong security and encryption. You don't have to worry about someone cracking it, but if you lose one of your passwords, you won't be able to access it.
 
uMatrix

Here is a very useful add-on. Similar to NoScript, but it does more. You can use it to disable Scripts, Cookies, CSS, Frame, Media, XHR (XmlHTTPRequest) and many other things on your pages. It is very important on the web and it is recommended to include it with other add-ons.

It can be complicated at first and you will have to learn how to use it, but once you do, it will help you feel safer.

https://addons.mozilla.org/en-US/firefox/addon/umatrix/
 
Reading it back now, it sounds like some kind of crazy advertisement. I do all this to draw the attention of SS to such programmes. We have a right to anonymity on the internet and it must be done.

I hope writing this does not bother anyone.
 
The post CyberSecurity On Linux - Part 2 coming soon. The content will be slightly different from this post as it will focus more on security providers (Email, VPN, etc.). In this post we started with systems, system encryption and security steps, the next one will be more of a continuation of that, internet security.

I have chaotic feelings about its appearance as I may add more useful information. The post itself is ready, but I don't feel ready yet myself.
 
Thank you BrightSpace666 for collecting and writing all these information.
It's very important to protect personal information, especially for us, who work for Satan and the Gods.

Cyber Security is not an easy field. Good job!
 
bro this is stuff I can find in google but good collection.

im in netsec / anonsurfing for 15 yrs. its a good start.

dont be cocky with this..
 
siatris666 said:
bro this is stuff I can find in google but good collection.

im in netsec / anonsurfing for 15 yrs. its a good start.

dont be cocky with this..

In the post I include a relevant piece of information where I indicate exactly where it comes from. If you can help your peers in the online space, that is a relevant phenomenon. Can you find it online? People say that too much chocolate is unhealthy, while it's on the internet.

So why not write a post if you claim to know so much?
 
siatris666 said:
bro this is stuff I can find in google but good collection.

im in netsec / anonsurfing for 15 yrs. its a good start.

dont be cocky with this..

You shouldn't be cocky siatris666.
Plus, the credibility of you being in security field for 15 years drops to zero when you are able just to write a reply like this, without any structured suggestion or useful critic.

There are a lot of people that are not able to collect these information, so be respectful for BrightSpace666's work and effort in writing this post.
 
BrightSpace666 said:
iptables -A INPUT -p tcp --dport ident -j DROP

BrightSpace666

The command worked for me for a while. Then, after some time I had to do some reconfigurations and now it doesn’t work.

It doesnt recognizes the “—dport” part. What should be the correct configurations?
 
AlexElPM said:
BrightSpace666 said:
iptables -A INPUT -p tcp --dport ident -j DROP

BrightSpace666

The command worked for me for a while. Then, after some time I had to do some reconfigurations and now it doesn’t work.

It doesnt recognizes the “—dport” part. What should be the correct configurations?

I will try to help, but please note that I am not a cybersecurity expert. I have given these commands here as I have been using them for a long time and know their purpose, but I did not expect that there might be a mistake. I've entered this command several times on several systems, several times, changing things along the way, but no problems.

What you can try is to add "-m tcp" to the command line.

Then the command looks like this - iptables -A INPUT -p tcp -m tcp --dport ident -j DROP

Replacing the "tcp" with"udp", like this - iptables -A INPUT -p udp --dport ident -j DROP

Or, if there are IP addresses that you specifically want to block so they don't bother you, you can use this:

iptables -A INPUT -p tcp -m tcp -s 8.8.8.8 -j DROP (The 8.8.8.8 is the DNS server of jewgle)

You can also replace 8.8.8.8. with the IP addresses you want to block. These can be Google IP addresses, jewgram and the like. I don't know what you have reconfigured, but if these don't work either, you may want to undo the settings when you reconfigured and start again, paying attention to detail, or type "iptables" before and not type it more than once.
 
Setting your browser correctly is essential for internet security. If you are using Firefox as the default browser on Linux systems, you will need to configure it correctly. The advice highlighted in this post and written by one of the members is sufficient, but there are other settings that can further enhance security.

Here is the post - https://ancient-forums.com/viewtopic.php?f=3&t=44341&sid=404289395898bca65dc1ad87464ce0e1

https://gist.github.com/0XDE57/fbd302cef7693e62c769

Here you'll find a number of about:config settings that have monumental security benefits. If you've done all of these, which can be found in the two posts and this link, you've done very well. The use of VPNs, for example, is also relevant:

First you connect to ProtonVPN with TCP, then to Lokinet with the appropriate Node, then to RiseupVPN or whichever VPN you use. This triples the security and anonymity, coupled with the right browser configured with the right security.

You can also add Kali Linux Whoami. This program is multitasking and fantastic. It includes:

Anti mitm - Automatically bans the attacker when you come under a Man In The Middle attack
Log killer -Destroys the log files in system with the overwrite method
IP changer - Hides your real ip address by redirecting all network traffic to tor transparent proxy
Dns change - Replaces the default dns servers provided by your isp with privacy based servers
Mac changer - Replaces each network interface in the system with a fake mac address
Anti cold boot - Avoids ram dump by deleting traces in the system
Timezone changer - Sets the time in utc to avoid location leaks from the system clock
Hostname changer - Replaces the host name with a random name to hide it
Browser anonymization - Configures the browser to be privacy focused

How to install it:

Open your Terminal, and paste it - sudo apt update && sudo apt install tar tor curl python3 python3-scapy network-manager

Then paste the link to Terminal - git clone https://github.com/omer-dogan/kali-whoami (It displays the page, but you have to insert it into the Terminal.)

cd kali-whoami

Finally - sudo make install

To use it, just type "sudo kali-whoami --start" and it will mark the items mentioned above (MAC Change, Ip Change, etc.) with numbers. Whichever one you need, type the number in the box and hit enter. If you want to use all of them, type in each one individually - 1,2,3,4,5,6,7,8,9 then Enter.

These are really great safety tips, hopefully you use them. Be smart and safe on the internet too, don't be like most of society on the internet - ignorant.
 

Al Jilwah: Chapter IV

"It is my desire that all my followers unite in a bond of unity, lest those who are without prevail against them." - Satan

Back
Top