Linux Host OS Anti-Forensics Setup

[ethical hacker]

To enhance your OPSec on a Linux host OS, it's imperative to undertake hardening measures and establish anti-forensics configurations. Commencing with the deployment of the most recent Debian distribution, these actions are essential for safeguarding privacy and fortifying the system against potential threats.

1. Type in terminal:

Code: Select all

wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.4.0-amd64-netinst.iso

2. Subsequently, transfer the data onto a USB flash drive:

Code: Select all

lsblk
/*(choose sdb1 here and in the next line type the Mountpoint)*/.
sudo umount /media/user/000E-0C00
lsblk
/*(with sdb1 again)*/.
sudo dd if=debian-12.4.0-amd64-netinst.iso of=/dev/sdb1 bs=8M status=progress
/*(and put your password)*/.

One may utilise tools such as BalenaEtcher to perform a similar operation from alternative OS such as Windows.

3. To proceed, it is necessary to access the BIOS. Subsequently, navigate to the Boot selection menu to designate the USB key as the boot device. Within the BIOS settings, adjust the OS Type to 'Other OS', set Launch CSM to 'Auto', and select the boot device as 'UEFI: Patriot Memory PMAP'. Following this, choose the USB key with the Linux image for booting. Proceed with the graphical installation process, ensuring that the host OS is installed on the preferred encrypted LUKS-enabled hard drive. Once installed, configure a desktop environment such as Cinnamon. Upon completion of the installation, reboot the system without the USB key to initiate a clean boot into the host OS.


4. HOST OS HARDENING. While operating within our host OS, let us undertake a series of fundamental measures to fortify its security:

Code: Select all

su -
apt update ; apt full-upgrade ; apt install --no-install-recommends sudo adduser curl apt-transport-tor tor torsocks
usermod -aG sudo nothing
sudo apt update -y ; sudo apt full-upgrade -y

Subsequently, it's imperative to ensure that unattended upgrades are enabled, facilitating the automatic execution of minor package updates by the system:

Code: Select all

sudo apt install unattended-upgrades apt-listchanges -y
sudo dpkg-reconfigure -plow unattended-upgrades

When prompted "Automatically download and install stable updates?" select "<Yes>".

Subsequently, we shall proceed to eliminate unnecessary components from our Host OS. Primarily, we will focus on removing all system and kernel logs from the system:

Code: Select all

su -
crontab -e # run it as the root user!
chmod +x startup.sh
vim /etc/sysctl.conf
cat /etc/sysctl.conf | grep printk

In this manner, we are ensuring meticulous clearance of log files and kernel output.

[Afly]

Great.