I've been using linux (endeavouros) as my daily driver for the past few months and I love it so far, but recently I've read a few articles detailing the behavior of linux bootkits, as a linux noob I'd like to know if those articles are mostly scarebait or if that's genuinely a realistic threat right now. I followed basic opsec guides when getting eos set up, using bubblejail for sandboxing and I've tinkered with clamav too. And if you guys have extra advice on linux hardening I'm all ears.
Comments
z3d wrote
In short, unless the attacker has physical access to your box, you don't have much to worry about.
More info:
- https://eclypsium.com/blog/bootkitty-linux-bootkit/
- https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/
For some hints on hardening Linux, try installing lynis and following the advice.
baby_bat OP wrote
This is super cool, thanks for the link!! I'll def look into this
baby_bat OP wrote
Thanks for the reassurance, I always make sure nobody has physical access to any of my devices unless I'm there with them. I'll look into the linux hardening tips as well
sovereign wrote (edited )
I'm involved in a project with the goal of improving security of Linux systems. The project is called: The Sovereign Project (http://sovereign.i2p)
The project's scope is to secure digital and physical resources accessible from Linux based computers. It uses elliptic curve digital signatures (Monero protocol) for authentication and supports Monero Proof-of-Payment in authentication policies. The Monero Proof-of-Payment provides for securing resources with the electrical power (watts) consumed by Monero miners globally (estimated at about 80 megawatt hours).
The project recently developed a Linux Pluggable Authentication Module that authenticates using monero digital signatures and optionally authenticates via Monero Proof-of-Payment to secure Linux systems. There is a bounty (currently 17 XMR) for anyone able to compromise a Linux system via SSH (Attack Bounty #1). The secured system for the bounty is addressable only from an I2P destination:
e5xemz5wfdbq4ujm6vvlvhtpjn3hp55a6pk5noo4jouigkd7de4q.b32.i2p
The Sovereign protocol is a message passing protocol (JSON messages) over the I2P network or SSH Tunnels on private networks and I2P and SSH Tunnel connections are interoperable.
The project was started in 2024 and its still in its early days and is targeted for highly secure systems.
Sovereign Project - Approach to effective cyber security: http://sovereign.i2p/steps-to-effective-cyber-security.html
The project is for those serious about security with technical competencies. It may or may not be suited to your needs.
Browse the eepsite to investigate: http://sovereign.i2p