18.04 was breached. Needing advice on hardening

[jim.bo]

Hello forum.

Bionic minimal install with LAMP server. UFW enabled with needed open ports.

My laptop was targeted by a skilled hacker. She was able to enter through a hotspot and enable the privacy settings for remote desktop, allowing her to view my activities.
Aside from that, I'm not sure what else was compromised.

Since then, I performed secure erase of the entire drive via hdparm and reinstalled Bionic minimal desktop. I can only guess that this person will strike again.

This is the question for the forum. "Is there a way to force a password for ANY system changes while logged in as administrator?" or to "secure the HOME folder? while logged in to thwart any such future attempts?
Thanks in advance.

[CharlesA]

You'll have to be more specific. I didn't think Ubuntu had any remote ports open by default and installing the LAMP stack shouldn't have triggered that.

Did you enable remote desktop previously? How were you connected to the internet?

[Frogs Hair]

She was able to enter through a hotspot and enable the privacy settings for remote desktop, allowing her to view my activities.
Aside from that, I'm not sure what else was compromised.

How do you know the gender of the alleged hacker ? I would search for options to encrypt the home folder.

[TheFu]

Don't setup a hotspot and definitely don't setup a remote desktop if you can't properly secure it. Getting it to work is not properly securing any service.
There are always ways to "escalate privilege" on all OSes. Sometimes it is harder than others, but there are always methods once someone gets shell access.

System changes require use of sudo. You can make a password be required for every use of sudo.
If you want to block other users from accessing your HOME, just set the permissions to 700, or better, don't don't let them onto the system.

But really, I'm suspect that the real method of access isn't correctly understood. Enabling a firewall doesn't do any magic, unless it blocks most of the world from all access. Any client that doesn't need access to the system shouldn't get the chance to connect with it at all. The network should be blocking them.

And whenever I run LAMP, I expect to be hacked. I'm not skilled enough to prevent bad php code from being attacked. I do have a few php-based webapps running here, but they are not open to the internet. Access is only allowed on the LAN or through either an encrypted SOCKS proxy or full VPN.

If you want to get better at computer security, the best way I know is to learn to hack your own systems. Get into the cracker frame of mind and attack yourself. Then make it so those attacks don't work (mitigate) and find a new attack that works. Rinse, repeat. There are probably 50+ attacks against any server. If you run VNC and DNS, that's 100 possible attacks to be locked down.

[wyliecoyoteuk]

Code:

sudo apt install lynis 
sudo lynis audit system

Should give you some ideas.

Fairly good guide below:

www.cyberciti.biz/tips/linux-security.html

There are quite a few hardening tools out there, but why are you using a desktop on a server?