OSINT : User Privacy in Linux

 Linux telemetry involves gathering and sending data from a Linux-based system to an external server or service. The purpose of this process is often to monitor system performance, provide diagnostics, enable analytics, or improve system functionality. The collected data may encompass system performance indicators, usage patterns, hardware specifications, error logs, and other relevant information. In this article, we are going to discuss why telemetry can be seen as a potential threat to privacy, even when used for legitimate purposes. Also, we will discuss the methods to make the system more secure than before.

Table of Contents

·      Secure OS Installation

·      Removing the packages

·      Settings in ubuntu

·      Disable diagnostics reporting

·      Disable lock screen notifications

·      Disable tracking of recent files

·      Turning off the problem reporting

·      Turning off the screen blank

·      Disable automatic screen locking

·      Permanently delete option

·      Show hidden files

·      BleachBit

·      KeePassXC

·      Virus Scanner

·      Metadata removal

·      Firefox profilemaker

·      Flatpak

·      LibreWolf VeraCrypt

·      Tor Browser

·      Proton VPN

·      NextDNS

·      Conclusion

 

 

Secure OS Installation

Ideally we should consider the POP!_OS by System76 for installation, it is based on Ubuntu but redesigned for privacy and security. However, here we are considering the Ubuntu 22.04.4 version. We are considering this version of Ubuntu because the versions which begin with an odd number or end with the 0.10 are interim releases with a short support cycle and we will be needing a version which has the Long Term Support (LTS). Hence only versions which begin with an even number and end with 0.04 should be considered. We will discuss the steps to make it secure from the installation itself.

Step 1: Download the ubuntu-22.04.4-desktop-amd64.iso image from the following URL: https://old-releases.ubuntu.com/releases/22.04/



Step 2: Create a new virtual machine in VMware workstation PRO.



Step 3: Select the path of the installer disc.



 

 

Step 4: Enter the Full name, User name, Password and Confirm.



Step 5: Select the Normal installation and select both options in the Other      options.



Step 6: Select Erase disk and install Ubuntu, click on Advanced features.

 





Step 7: Inside Advanced features, use the following options: Use LVM with the new Ubuntu installation and Encrypt the new Ubuntu installation for Security.

Step 8: Enter the Security key and click on Install now.



Step 9: Select Continue for the Write the changes to disks? Option.



Step 10: Enter the details in the Who are you? Installation option.



Once the installation is complete, you will see an ubuntu login screen like the one shown below.



Removing the packages

After login into the ubuntu machine, we can remove all those packages, which some how transfer the user/system information to an outside source either for improvement, feedback, or diagnostic purpose.

Starting with the whoopsie package, it is a crash reporting daemon designed to capture application crashes and send anonymized reports to the Ubuntu servers.

The command to remove its entire content is:

sudo apt purge apport apport-symptoms popularity-contest ubuntu-report whoopsie



We will also remove the motd-news package, it is responsible for delivering dynamic news messages as part of the Message of the Day (MOTD) system.

The command to remove its entire content is:

sudo rm /etc/update-motd.d/50-motd-news



Settings in ubuntu

After removing the packages, we can now proceed with the essential settings in ubuntu, which can help us to be more secure. Here we are going to show it using the terminal and how the same can be done on the GUI.

Disable diagnostics reporting

Apport is a crash reporting tool found in Ubuntu and other Linux-based operating systems. Its primary function is to identify when programs crash, gather detailed information about the error, and create reports that assist in diagnosing and troubleshooting the problem.

Setting the app crash report to false does not gives the apport crash pop-up notifications.

gsettings set com.ubuntu.update-notifier show-apport-crashes false



Disable lock screen notifications

Lock screen notifications can disclose various things which might be private to the user. So, we need to disable the lock screen notifications.

gsettings set org.gnome.desktop.notifications show-in-lock-screen false



Disable tracking of recent files

To disable the tracking of recently opened files in the ubuntu machine, we can set the remember-recent-files to false.

gsettings set org.gnome.desktop.privacy remember-recent-files false



Turning off the problem reporting

Open the Privacy setting in the GUI and inside Diagnostics set the Send error reports to Canonical to Never. By doing this no error reports will be shared to the Canonical and a privacy can be maintained.



Turning off the screen blank

To disable the automatic screen blanking or locking due to inactivity, we can set the Screen Blank option to Never and Automatic Suspend to Off inside the Power options. Due to this option, the display will remain indefinitely on as the inactivity action would never be triggered.

gsettings set org.gnome.desktop.session idle-delay 0



Disable automatic screen locking

To disable the automatic lock when the system remains idle, click the Privacy option, then click Screen and disable all options.

gsettings set org.gnome.desktop.screensaver lock-enabled false

settings set org.gnome.desktop.screensaver ubuntu-lock-on-suspend false



Permanently delete option

If we want to permanently delete an object without moving it to the trash, we can run the following command to get a permanently delete option for every file.

gsettings set org.gnome.nautilus.preferences show-delete-permanently true



After running the above command, we can now see that we have Delete permanently option available for all the files.



Show hidden files

To permanently enable the view hidden files option, we can run the following command:

gsettings set org.gnome.nautilus.preferences show-hidden-files true



BleachBit

BleachBit is an open-source application that functions as a system cleaner and privacy tool. It aims to optimize disk space and safeguard user privacy by eliminating unwanted files and data from your computer.

Installation of BleachBit can be performed using the following command:

sudo apt install BeachBit



KeePassXC

KeePassXC is an open-source tool, which is used for password management. It helps users to securely store and manage their passwords and sensitive information.

Installation of KeePassXC can be performed using the following command:

sudo apt install keepassxc



Virus Scanner

Here we will be installing the ClamAV, it is an open-source antivirus which is used for scanning the malware and malicious files. The GUI of the ClamAV is call as the ClamTK and to fetch the latest malware detection updates, we need to enable the freshclam.

apt install clamav clamav-daemon

apt install clamtk

sudo systemctl stop clamav-freshclam

sudo systemctl enable clamav-freshclam --now



Metadata removal

There are cases while transferring the files sometimes metadata containing private information is also transferred along with the file. To remove the metadata from the file we are going to use the MAT2 tool (Metadata Anonymisation Toolkit 2).

To install the MAT2 tool, we can use the following commands:

sudo apt install mat2 -y



Firefox profilemaker

To download a customized browser setup as per the requirement, we can use the firefox profilemaker. It provides us a variety of configurations, which we can set and then download the profile file or preference file which can be imported into the browser. This helps in ensuring the full customization as per the user’s need.

The profile setup can be performed using the following URL:

https://ffprofile.com/



Flatpak

Flatpak is a tool which is used to install and run the applications within a sandboxed environment. Applications installed via Flatpak are sandboxed, meaning they run in an isolated environment. This prevents apps from interfering with the system or accessing unauthorized resources, increasing security.

Following are the commands to install the flatpak:

sudo apt install flatpak

sudo apt install gnome-software-plugin-flatpak

flatpack remote-add --if-not-exists flathub https://dl.flathub.org/report/flathub.flatpakrepo



LibreWolf

LibreWolf is a web browser focused on privacy, it comes with improved security settings by default. It eliminates telemetry, data collection, and tracking features found in standard Firefox, offering a more private browsing experience.

To run the lLibreWolf using the flatpack we can use the following command:

flatpack run io.gitlab.librewolf-community





VeraCrypt

To create a virtual encrypted disk or encrypt the entire partition or storage devices, we can use VeraCrypt. To perform its installation, we need to add the unit193/encryption repository in the PPA (Personal Package Archive) and then update the system and install VeraCrypt.

sudo add-apt-repository ppa:unit193/encryption -y

sudo apt update

sudo apt  install veracrypt



After installation we can launch the VeraCrypt.



Tor Browser

To maintain complete anonymity, Tor browser is an amazing browser to search for things. It directs the traffic through the Tor network making it difficult to track.

It can be downloaded from the following webite:

https://www.torproject.org/download/



After downloading, the file can be extracted, and the browser can be started. By using --register-app flag, the Tor browser can be launched from the applications menu.

./start-tor-browser.desktop --register-app

 


After successful installation, the browser can be launched from the applications menu.



Proton VPN

Proton VPN is a widely used VPN which gives 3 locations as a free service. It helps to remain anonymous and perform the tasks. It can be downloaded from the following link: https://protonvpn.com/support/official-linux-vpn-debian/ 

Following are the steps to install the Proton VPN:

sudo wget https://repo.protonvpn.com/debian/dists/stable/main/binary-all/protonvpn-stable-release_1.0.4_all.deb



sudo dpkg -i ./protonvpn-stable-release_1.0.4_all.deb && sudo apt update



echo "62a9d849835de8a5664cf95329458bf1966780b15cec420bf707b5f7278b9027  protonvpn-stable-release_1.0.4_all.deb" | sha256sum --check -

sudo apt update && sudo apt upgrade

sudo apt install proton-vpn-gnome-desktop




After the installation is complete, we can launch the Proton VPN.


After connecting with the Netherlands location, we can check the public IP.

NextDNS

NextDNS is a cloud-based DNS solution which helps to perform content filtering and many more things. It serves as an alternative to the DNS provided by the ISP. There are times when we want to block access to certain websites in our system and want to check what were the websites visited by the user.

The profile can be setup using the DNS address given at the following link:

https://my.nextdns.io/2f7664/setup


After copying the systemd-resolved addresses, we can add this in the /etc/systemd/resolved.conf file.

sudo nano /etc/systemd/resolved.conf

cat /etc/systemd/resolved.conf

After the addresses are added in the configuration file. Inside the browser, navigate to the Settings and select the option to choose the DNS over HTTPS and it should be set to Max Protection. Inside Max Protection select the custom DNS and enter the NextDNS URL shown in the DNS over HTTPS.

After the configuration is complete, the NextDNS setup will show a All good! status.

We can also restrict websites from visiting by adding them in the Parental Control list.



The user is no longer able to visit the website.




There is also a feature to check the logs, which can help in tracking the websites visited before in the Logs option.



Conclusion

As we become aware of the effects of telemetry, we can make choices that lead to a safer and more private computing environment. By using the above methods and tools, we can safeguard user 's privacy and can significantly reduce our exposure to unwanted data collection.

 

 

 

 

 





A Detailed Guide on Feroxbuster

 Feroxbuster is a robust tool designed to identify directories and files on web servers using brute-force techniques. It is frequently utilized in penetration testing and security evaluations to detect concealed paths and resources. Here we are going to discuss about various tasks which we can perform using Feroxbuster.

Table of contents

·      Lab setup

·      Installation

·      Default mode

·      Redirects

·      Extensions

·      Result output

·      User agent

·      Filter status code

·      Quiet mode

·      Controlling threads

·      Custom wordlist

·      Disable recursion

·      Limit recursion depth

·      Force Recursion

·      Filter by character size

·      Filter by number of words

·      Filter by number of lines

·      Filter by status code using deny list

·      Filter by status code using allow list

·      Generating random User-Agent

·      HTTP methods

·      Custom headers

·      Cookies

·      Adding slash

·      Capturing requests in Burp

·      Read target from list

·      Resume from last state

·      Follow redirect

·      Timeout

·      Comparasion between Feroxbuster and other tools

·      Conclusion

Lab setup

Target Machine: 192.168.1.4

Attacker Machine: 192.168.1.31 (Kali Linux)

After setting up a web server in the target machine, we can proceed with the enumeration in the kali linux after installing Feroxbuster.

Installation

To install the Feroxbuster in kali linux, we can use the following command:

apt install feroxbuster



Default mode

Once we are done with the installation, we can proceed with the enumeration part. To perform a default directory brute force, we can use the following the command:

feroxbuster -u http://192.168.1.4



It can be seen from above that the wordlist used in default mode is the raft-medium-directories.txt.

To get a less verbose output, we can use the --silent flag to hide the non-essential data.

feroxbuster -u http://192.168.1.4 --silent



Redirects

In order to allow the Feroxbuster to continue the directory brute forcing on the redirected URL, we can use the -r or --redirect flag. For example if http://192.168.1.4 redirects to http://192.168.1.4/newpath, Feroxbuster will follow this redirection and continue to scan http://192.168.1.4/newpath for directories and files.

feroxbuster -u http://192.168.1.4 -r



Extensions

To perform brute-force for a particular type of file extension, the -x or --extensions flag can be used.

feroxbuster -u http://192.168.1.4 -x php,txt --silent



Result output

If we want to log the output, we use the --output flag and then mentioning the file name.

feroxbuster -u http://192.168.1.4 --output results.txt



User agent

To set up a custom user agent to send request at the server, we can use the -a or --user-agent flag. By default, the user agent used by Feroxbuster is feroxbuster/<version>.

feroxbuster -u http://192.168.1.4 -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"



Filter status code

There are times when we need to skip certain status codes responses, so we can use the -C or --filter-status, to skip the results of the mentioned codes. If we want to include a particular status code in output, we can use the -s or --status-codes flag.

feroxbuster -u http://192.168.1.4 -C 403,404



Quiet mode

To present the output without showing the progress bar or banner, we can use the quite mode by giving the -q or --quiet flag.

feroxbuster -u http://192.168.1.4 -q



Controlling threads

To control the number of concurrent threads depending on the environment type, we can use the --threads or -t flag. The default threads value is 50.

feroxbuster -u http://192.168.1.4 -t 20



Custom wordlist

To use a custom wordlist, we can use the -w or --wordlist flag and then give the wordlist path. Here we are giving the common.txt file path.

feroxbuster -u http://192.168.1.4 -w /usr/share/wordlists/dirb/common.txt



Disable recursion

To allow the scanning of only top level directories, we can set the -n or --no-recursion flag to disable the recursive scanning.

feroxbuster -u http://192.168.1.4 -n



Limit recursion depth

To set a limit on the depth of recursion, we can use the -L or --scan-limit.

feroxbuster -u http://192.168.1.4 -L 4



Force Recursion

To ensure that the recursion is used, we can use the --force-recursion flag.

feroxbuster -u http://192.168.1.4 --force-recursion



Filter by character size

To filter out the messages of a particular length, we can use the -S or --filter-size flag. This will filter based on character size.

feroxbuster -u http://192.168.1.4 -q

feroxbuster -u http://192.168.1.4 -q -S 285,286,283,289



Filter by number of words

To filter out the results using number of words filter, we can use the -w or --filter-words flag.

feroxbuster -u http://192.168.1.4 -q

feroxbuster -u http://192.168.1.4 -q -W 33



Filter by number of lines

To filter out the results using number of words filter, we can use the -N or --filter-lines flag.

feroxbuster -u http://192.168.1.4 -q

feroxbuster -u http://192.168.1.4 -q -N 9



Filter by status code using deny list

To filter the results using status codes (deny list), we can use the --filter-status flag.

feroxbuster -u http://192.168.1.4 -q

feroxbuster -u http://192.168.1.4 -q --filter-status 404



Filter by status code using allow list

To filter the results using status codes (allow list), we can use the --status-codes flag.

feroxbuster -u http://192.168.1.4 -q

feroxbuster -u http://192.168.1.4 -q --status-codes 200,301



Generating random User-Agent

To use a random user agent for every request, we can use the -A flag. Here we have used the --burp flag simultaneously to show how the user agent looks in the requests.

feroxbuster -u http://192.168.1.4 -A --burp



HTTP methods

To explicitly define the HTTP methods to be used, we can use the -m flag and then state the method to be used like POST. The default method is GET while running the Feroxbuster.

feroxbuster -u http://192.168.1.4 -m POST



Custom headers

To explicitly define the request header to be used, we can use the -H flag and then state the header alongwith the value to be used like 'Content-Type: application/x-www-form-urlencoded'. Here we have used the --burp flag simultaneously to show how the user agent looks in the requests.

feroxbuster -u http://192.168.1.4 -H 'Content-Type: application/x-www-form-urlencoded' --burp -q



Cookies

To use a specific cookie value in all the requests, we can mention the cookies header alongwith the value. The flag which can be used here is --cookies or -b. Here we have used the --burp flag simultaneously to show how the cookie looks in the requests.

feroxbuster -u http://192.168.1.4 --cookies PHPSESSID=t54ij15l5d51i2tc7j1k1tu4p4 --burp -q



Adding slash

To add a slash (/) after every request, we can use the -f or --add-slash flag.

feroxbuster -u http://192.168.1.4 -f



Capturing requests in Burp

To capture a request in Burp Suite, we can use the --burp flag while running the scan.

feroxbuster -u http://192.168.1.4 --burp

 


 

Read target from list

To perform the scanning on the targets provided in the list, we can use the following command:

cat target.txt

cat target.txt| feroxbuster --stdin -q


 

 

Resume from last state

If we wish to resume the scan from the last state, we can use the --resume-from flag and provide the .state file. There are times when we need to terminate the scan in between, so Feroxbuster will save the results in the file.

feroxbuster -u http://192.168.1.4 -q

feroxbuster --resume-from ferox-http_192_168_1_4-1723370176.state -q



Follow redirect

While scanning if there are requests which result in the redirection, so we can control that by allowing the clients to follow the redirects using -r flag.

feroxbuster -u http://192.168.1.4  -r



Timeout

To setup a timeout limit, we can use the -T flag. This determines the amount of time the Feroxbuster wil wait for the server response before terminating the scan. By default, this value is set to 7 seconds, however we can modify it by using the flag.

feroxbuster -u http://192.168.1.4



The above image shows the default timeout limit used and now we are going to modify it to 5 seconds.

feroxbuster -u http://192.168.1.4 -T 5

 



Comparasion between Feroxbuster and other tools

·      Feroxbuster stands out for its comprehensive set of features, including extensive response filtering, Burp Suite integration, and customization options. It provides a balance between advanced functionality and user control, making it a powerful choice for detailed and nuanced directory and file brute-forcing.

·      DirBuster is user-friendly with its GUI but may not be as fast or flexible as command-line tools like Feroxbuster.

·      Gobuster offer speed and efficiency but with fewer advanced features and less flexibility compared to Feroxbuster.

·      ffuf provides high performance and extensive filtering but can be complex to configure and use.

Conclusion

In conclusion, we can say that Feroxbuster is an excellent choice for those requiring precise control over their scanning processes, advanced filtering capabilities, and the ability to integrate with other tools.