Linux for paranoid
Дата публикации: 2018-08-05
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 | Linux for paranoid Hello! Do you think so that someone are keeping tabs on you? I'll try to help you with this little inconvenience. 1.Encrypting files Vim: Yep, there are encryption support in vim out of the box, you don't have to install any side plugins. There are three available encryption algorithms: zip (default), blowfish and blowfish2. You can select which one you gonna use with :setlocal cm=<algorithm_name> You can encrypt file with :x command: vim will ask you for a password. You should enter it when opening protected file later. Now let's lurk more about more interesting paranoid lifehack. Usually vim creates .xxx.swp file to store changes you've made; it's clearly not the desired behaviour when you're trying to not disclose your text in any possible way without encryption. That means your work session with vim should look like this: $vim :set noundofile :noswapfile edit <filename> *typing text* :setlocal cm=blowfish2 :x *typing password* :w <filename> :q Note that if you want to encrypt a existing file, you should save it's content as a new file. GPG: There are easy to use AES-support at gpg. encrypt: $gpg -o nonsense.gpg --cipher-algo AES -a -c nonsense.txt decrypt: $gpg -o nonsense2.txt -d nonsense.gpg if you want to encrypt an archive or image you should run: $tar -cvzf - /home/eax | \ gpg --symmetric --cipher-algo AES256 --digest-algo SHA256 \ --compression-algo Uncompressed > backup.tgz.gpg decrypt: $gpg --decrypt backuo.tgz.gpg | tar -xzvf - Don't worry about someone getting your password just scrolling terminal window, gpg uses it's own X-window for typing password. 2.Making an secure connection Simple chat using nc: on server: $nc -l -p 1300 on client: $nc server_ip 1300 WARNING! It's not an encrypted chat, but you can transfer crypted files like: $cat Vault9.gpg | nc server 1300 Making a protected SSH-proxy. First of all we need to create a SSH keypair: $ssh-keygen This command will ask you for the passphrase; it's optional password that will be used for the key encryption so that key cannot be used even if somebody steals it from you. SSH supports several algorithms:rsa, dsa, ecdsa, ed. Preferred algorithm can be selected using option -i; key size can be set with -b argument. By default keys will go to ~/.ssh directory: id_<type> is private and id_<type>.pub is public key. You should upload your public key onto a server. Then you can login to a server right now, but its not our way. $ssh -i <key> lol@server Now check that your user have sudo priveleges (do not work as root)! Now we can setup the ssh-tunnel: $ssh -D 8183 -f -c -q -N lol@server -D port -f fork to background -c compress traffic -q use quiet mode -N tells ssh that no command will be send Verify that the tunnel is up: $ps aux | grep ssh CHECK THAT SSH IS RUNNING! Now we should configure your browser or router to use it. Example configuration for Firefox: Preferences -> Advanced -> Network -> Settings -> Manual proxy configuration -> SOCKS Host-> port -> OK Now Firefox will connect to network via this tunnel. It should not be vulnerable to most MITM or bruteforce attacks. |