Zig Forums - Tech General

I had decided after talking with some other anons, that this would be of great use. Why is it great? Because Zig Forumsacks need to know how to technologically defends and exercise their free speech, as well as protect themselves. This will be quite a long post, but very important. Every Zig Forums user needs to know how to defend themselves against the internet. Quick tip: If you're using an OS that you just don't feel like switching from, that's fine, changing Operating Systems can be a big thing to do. But, still, make sure you download absolutely no malware and make sure you run no programs, that you don't need.

1. VPNs
There's a lot of things to talk about when it comes to VPNs.
Namely, logging, 14 eyes, security it truly provides.
So let's start on logging. 99% of VPN services are going to be logging. There would be no real reason for them to not log their users. It makes their job easier and safer to provider a VPN service that logs the user data, so they don't have to pay for lawyers and so on.
Now, the 14 eyes. The 14 eyes are 14 different countries that spy on their citizens as well as spy on the other (eye)'s citizens. If you work in one of those countries, you need to tighten up OpSec. List of 14 eyes can be found at privacytools.io along with a few other things related to them. Now the last topic, what security does a VPN truly provide? Not much. Along with 99% of VPN providers logging, they also don't have any proof that the servers they use aren't backdoored / hacked by feds.

So what's the solution if VPN providers aren't useful? Buy a cheap VPS (under 10-15 dollars) at any VPS (virtual private server) outside of the 14 eyes. Then, you can setup openvpn (the software) using an automatic script which can be found at: github.com/Angristan/OpenVPN-install which is my chosen autoinstall script for openvpn. Here's a place to read a bit more indepth upon my VPN subject: gist.github.com/joepie91/5a9909939e6ce7d09e29

2. What's next? Operating systems.
Linux is not as secure as people make it out to be. Use FreeBSD!
FreeBSD has no systemd, the kernel is built upon security, and has a long track record of being secure. Systemd is funded by the NSA, the code has never been audited, and is built by a proprietary group (Redhat), and very likely contains backdoors and 0day exploits. The major Linux distros (Fedora, Arch, Debian, Ubuntu) all use systemd, which makes them exploitable and insecure. FreeBSD tops all of that, and is very well documented so you can learn your way around while being what's considered a noob. Also, don't use Windows for anything serious, you already know why. FreeBSD protects your privacy and freedoms to the extent you want and need, so use it. Upcoming, links and docs.

FreeBSD Handbook Guide (very very detailed): freebsd.org/doc/en_US.ISO8859-1/books/handbook/

Installing a Desktop Environment (interface with icons and all): freebsd.org/doc/en_US.ISO8859-1/books/handbook/x-config.html

Make sure to install a DE (Desktop Environment), and I'd go with xfce4 so install it once you get the OS set up with "pkg install xfce4" and go through the package process. The reason I choose xfce4 all the time is because it's the 'minimalist' DE and quite quick when compared to other bloated DE's.There are plenty of tutorials on installing a desktop environment, make sure to get one that suites you. You'll also learn here how a base unix/linux system functions when you have to set all of this up on your own. Very good learning experience.

Attached: 8c4.png (1042x663, 526.87K)

Other urls found in this thread:

github.com/pyllyukko/user.js/
github.com/pyllyukko/user.js/#installation
mailinabox.email/
github.com/mail-in-a-box/mailinabox/blob/master/security.md
sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/
help.ubuntu.com/community/SSH/OpenSSH/Keys
support.rackspace.com/how-to/linux-server-security-best-practices/
github.com/telemetryapp/logwatchd
puschitz.com/SecuringLinux.shtml
computerworld.com/article/3144985/linux/linux-hardening-a-15-step-checklist-for-a-secure-linux-server
pcauthority.com.au/feature/10-ways-to-harden-the-security
blog.torproject.org/mission-impossible-hardening-android-security-and-privacy-on-your-android-phone-447215
youtube.com/watch?v=9XaYdCdwiWU
en.wikipedia.org/wiki/FreeBSD#Security
archive.fo/287GG
freebsd.org/internal/code-of-conduct.html
reddit.com/r/freebsd/comments/7xapx2/freebsds_new_geek_feminismbased_code_of_conduct/
voat.co/v/technology/160580
thatoneprivacysite.net/vpn-comparison-chart/
wiki.gentoo.org/wiki/Sakaki's_EFI_Install_Guide/Disabling_the_Intel_Management_Engine
vikingvpn.com/cybersecurity-wiki/browser-security/guide-hardening-mozilla-firefox-for-privacy-and-security
wiki.gentoo.org/wiki/Hardened_Gentoo
twitter.com/SFWRedditGifs

3. Browser hardening, this one is somewhat quick and easy to do.
What's the point of it? It will harden you against many exploits and will prevent a lot of tracking from happening.

To start, we will use mainstream firefox (any firefox will do I believe?), so go download it from the official website.
A quick search will be sufficient to find it.
Once you have firefox installed, close it and open up your previous browser.
In your previous browser, go to : github.com/pyllyukko/user.js/
And copy the user.js file's contents to a file on your desktop, and name that file "prefs.js"
Once you have transferred user.js' contents to prefs.js on your Desktop, read this…
github.com/pyllyukko/user.js/#installation
That will tell you where to put your new prefs.js file for your Firefox browser to be hardened.
After you have implemented this new file, open up Firefox and it should be loaded, provided you closed it before-hand so you could replace it's prefs.js file.
Now, you will need to install NoScript and HTTPs Everywhere. A quick google should turn up good results easily.
NoScript is needed to block JavaScript, HTTPs Everywhere will force websites that have ssl/tls certs available to let you use them so all of your connections are encrypted.

4. Making an email server, important to not be spied on via E-Mail.
Running your own Email / Chat servers.

Note: When questioning what operating system to host on, use FreeBSD

You'll be signing up for services, which usually require an email.
I highly suggest making your own email server. For that, you can use these…
Mail-In-A-Box: mailinabox.email/
That will help you set up a mail server without much knowledge, read all of the documentation on it.
Recommended security practices for mail server: github.com/mail-in-a-box/mailinabox/blob/master/security.md
How to NSA-proof your mail server: sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/
Tip : Make sure to follow my server-hardening tutorial on your mail server.
It's crucially important that you do because of a few reasons.
Maybe your mail server software doesn't get hacked, but if you get your ssh service hacked or
something along the lines of it, then you're in no good condition.
Another tip : Use http basic authentication (easily found and set up in web servers like nginx and apache2, I recommend nginx compiled from source to be hardened.)
Use http basic authentication to hide the mail server's web interface, that way only you have access to the mail server.

5. Last topic, hardening a server (VPS)

Hardening a server white-paper.

1) SSH
2) User accounts
3) Firewall
4) Logs
5) Hardening directories
1 - SSH
In SSH you will want to use key authentication, not password.
Passwords can be cracked via bruteforce or dictionary attacks.
Documentation on key authentication: help.ubuntu.com/community/SSH/OpenSSH/Keys
As well, make sure to change the SSH service daemon port.
You do not want people scanning your port 22 SSH server.
Just as well, make sure to configure sshd_config and disable root login.
Also, install something like fail2ban for good measures.
2 - User Accounts
Simple enough.
Have random usernames, nothing related to you.
Have long passwords which are stored in a password manager for safe keeping.
Make sure users can only work in their home directory, make sure they do not have access to certain binaries.
Make sure to change passwords frequently.
Tips - support.rackspace.com/how-to/linux-server-security-best-practices/
3 - Firewall
Pretty straightforward.
You can either use UFW (uncomplicated firewall) or you can go with the latter choice, iptables.
I recommend iptables because it allows you to do anything you want, it's entirely flexible.
Plus, tons of documentation on it.
Make sure to only allow your IP or VPN IP to login using this tool, iptables.
4 - Logs
Install a log watch tool, there are plenty of them.
Use them to watch the logs, and block IPs that try to attack or scan you.
You will want to keep a watch on your logs and blokc attackers, and federal servers (you can find a list online to block.)
Logwatchd - github.com/telemetryapp/logwatchd
5 - Hardening Directories
You will want to edit your fstab file, and block /tmp from being executable, and only allow certain programs
to access /tmp/ and not all users able to access it. Make sure to really go through each system directory and you should be good to go on that.
puschitz.com/SecuringLinux.shtml
computerworld.com/article/3144985/linux/linux-hardening-a-15-step-checklist-for-a-secure-linux-server

Last thing before I go, where a Zig Forumsack should communicate and how to safely communicate.
Avoid anything owned by Google, Yahoo, major corps, you get the idea.
You will want something like Matrix.org with the riot.im client, which I personally use (Contact my riot username "@suicide:matrix.org")
Look for decentralized technology, use Tor to proxy through if possible, etc. Fairly quick, I believe most people know to avoid Discord, Skype, etc for sensitive topics.

bump because important

You're taking this the wrong way
Make sure they can't execute any binaries except the ones they need.

That's my point, make sure they don't get stuff they don't need, only the ones they are supposed to have, e.g compilers, bash, etc.

Bump because everyone needs to see this

Take it to Zig Forums faggot.

Kike, fuck off.
This is important, every Zig Forumsack should be able to defend his internet activity.