...
- Open the “blacklist.conf” file using your favorite text editor:
#nano /etc/modprobe.d/blacklist.conf - When the file opens, then add the following line at the end of the file (save and close):
blacklist usb_storage - After this, open the rc.local file:
#nano /etc/rc.local - Finally, add the following two lines:
modprobe -r usb_storage
exit 0
SERVER
1. System update
The first thing to do after the first boot is to update the system; this should be an easy step. Generally, you open your terminal window and execute the appropriate commands.
...
Enable randomized Virtual Memory Region Placement by:
- Adding kernel.randomize_va_space = 2 to the “/etc/sysctl.conf” file
10. Security monitoring
An malware scanner or Intrusion detection system (IDS) like Wazuh, Ossec, rkhunter can be installed to monitor if there is any unusual behaviors happen.
More info TBD