Scribd
Upload
124 views

Chmod The Kernel

The document discusses securing Linux/Unix systems by modifying permissions on system binaries like su, sudo, and passwd to prevent unauthorized access. It recommends changing default settings like the computer name, MAC address, and DNS servers to make the system less identifiable. It also advocates using non-standard operating systems like BSD variants or mobile Linux systems instead of Android to avoid tracking and insecure defaults.

Uploaded by

Bret Helgeson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
124 views

Chmod The Kernel

The document discusses securing Linux/Unix systems by modifying permissions on system binaries like su, sudo, and passwd to prevent unauthorized access. It recommends changing default settings like the computer name, MAC address, and DNS servers to make the system less identifiable. It also advocates using non-standard operating systems like BSD variants or mobile Linux systems instead of Android to avoid tracking and insecure defaults.

Uploaded by

Bret Helgeson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Chmod The Kernel

... or else ...


1. If you don’t chmod -R 000
su/sudo/sudoedit/doas/gksudo you
can and will be hacked on
Unix/Linux/FreeBSD/Minix/AIX ...
2. (Experience) (user to blame)
Attacks happening through
phishing, social engineering, the
inside out, because somebody was
to blame for just sheer stupidity
for not leaving their fingers off of
the firewall and configuration
files or forgetting to update the
Kernel to the latest version or just
plain using an unstable non-
patched kernel such as Android,
Mac OS, Windows, Chrome OS .....
sudo -i ; su root ; sudo -i ; su root ; sudo -i ; su root ; sudo -i ; su root ;
chmod -R 000 /bin/su ;
chmod -R 000 /sbin/su ;
chmod -R 000 /usr/bin/su ;
chmod -R 000 /usr/sbin/su ;
chmod -R 000 /bin/sudo ;
chmod -R 000 /sbin/sudo ;
chmod -R 000 /usr/bin/sudo ;
chmod -R 000 /usr/sbin/sudo ;
chmod -R 000 /bin/sudoedit ;
chmod -R 000 /sbin/sudoedit ;
chmod -R 000 /usr/bin/sudoedit ;
chmod -R 000 /usr/sbin/sudoedit ;
chmod -R 000 /bin/gksudo ;
chmod -R 000 /sbin/gksudo ;
chmod -R 000 /usr/bin/gksudo ;
chmod -R 000 /usr/sbin/gksudo ;
chmod -R 000 /bin/doas ;
chmod -R 000 /sbin/doas ;
chmod -R 000 /usr/bin/doas ;
chmod -R 000 /usr/sbin/doas ;
chmod -R 000 /bin/passwd ;
chmod -R 000 /sbin/passwd ;
chmod -R 000 /usr/bin/passwd ;
chmod -R 000 /usr/sbin/passwd ;
chmod -R 000 /bin/bluetooth ;
chmod -R 000 /sbin/bluetooth ;
chmod -R 000 /usr/bin/bluetooth ;
chmod -R 000 /usr/sbin/bluetooth ;
chmod -R 000 /bin/bluetoothd ;
chmod -R 000 /sbin/bluetoothd ;
chmod -R 000 /usr/bin/bluetoothd ;
chmod -R 000 /usr/sbin/bluetoothd ;
chmod -R 000 /bin/cupsd ;
chmod -R 000 /sbin/cupsd ;
chmod -R 000 /usr/bin/cupsd ;
chmod -R 000 /usr/sbin/cupsd ;
chmod -R 000 /bin/ssh-agent ;
chmod -R 000 /sbin/ssh-agent ;
chmod -R 000 /usr/bin/ssh-agent ;
chmod -R 000 /usr/sbin/ssh-agnet ;
chmod -R 000 /etc/avahi ;
chmod -R 000 /etc/avahi-daemon ;
chmod -R 000 /etc/default/avahi ;
chmod -R 000 /etc/default/avahi-daemon ;
There is no Perfect Security Measure and Idiotic Users is Culprit ...
With this Security Audit other measures must be taking place, such
as computer name should not be the default, it should be less usual
such as three letters xyz , and should not be root or boss ...
Mac Address needs to be spoofed : f4:f4:f4:f4:f4:f4 ...
DNS Server Needs to be changed : FreeDNS*Zone / 45.60.1.1 /
OpenDNS ... 8.8.8.8 and 1.1.1.1 are Google and Cloudflare don’t use
A Mac Address such as all 5a’s or 1a’s or f4’s is uniform and less
identifiable ... There is still a way for governments to get Credentials
Firewall should be Incoming Rejected ... Any Tunneling should not
be Tor based, Tor and I2P are compromised Nodes ...
If you’re not on Mips or Arm you are Doing it Wrong ...
VPNS are still possibly breached depending on which VPN you use,
always tunnel through a MIPS or ARM based Device PERIOD ...
SSH Tunneling is still impractical because SHA1 was cracked in the
90’s ... I’m not giving a CIA manual or anything I am just saying all of
these other security approches such as Tor and VPNS which are
much worse than SSH Tunnels are all Impracticle and only provide
a false sense of security, and BTW, Protonmail and Mailfence do not
encrypt any of your emails, Also Public Key Encryption is still a
backdoor so anyone using Zoom or Mumble can easily be tracked no
problem ... Forget Cell Phones, if you are degoogled, you’re still on
Andriod and not on Alpine, Graphene, Subgraph, Purism or any
other Mobile Linux Operating System so therefore the mobile
netwoarks that have your IMEI and other credentials can still
deliver malware to that Andriod, and also you should remove
IPTables and Systemd for Microkernel since Microkernel uses PF
and not Compromised IPTables, FreeBSD comes with PF, however
spoofing Mac Addresses is a little different, you need to compile
those BSDs manually usually and BSD is still in development, whilst
Linux on most distros has Mac Address and Host Spoofing built into
the Network Manager and you can disable root so no Exploits Run
root, However there are Rootkits that work with their own unknown
environment and the Government/Interpol/The Crown programmed
the I/O Drivers to work non-root and even worse Ultrasonic Tracks ..

You might also like