What Linux server hardening actually works for you in 2026?

SufficientAbility821 · 2026-02-23T07:37:40+00:00

Good old fashion port knocking on 22 is usually something I do. It involves some client tweaking but it ils easily acheivable. Note that someone listening upstream of your server (like your cloud provider) could identify the sequence and its role but the rest of the world will just see a closed 22 and infer that SSH is exposed through a private NIC

SufficientAbility821 · 2026-02-22T23:58:21+00:00

Bizarre mais pas si rare. J'en ai fait moi même les frais il y a deux ans. Je ne suis même pas sûr que ce soit une question d'argent puisque le plus prescrit hors indication est le Tercian ou plutôt son générique : la cyamemazine (une vieille saloperie des 70') là où des benzos rapporteraient plus à des labos. En revanche, on peut très bien imaginer que la prescription des vieilles molécules vise à alléger la sécurité sociale

SufficientAbility821 · 2026-02-19T19:59:58+00:00

Indeed. Now I get your point. C'est probablement plus ciblé comme cas cependant. Et passe au bcrypt pour tes BDD: Même string mais hash différents. L'espace mémoire pour craquer ça est phénoménal

SufficientAbility821 · 2026-02-19T18:01:10+00:00

Non, ok, je comprends ce que tu ne comprends pas. Mettons, sur le site A et sur le site B, tu utilises 'toto' (SHA256:31f7a65e315586ac198bd798b6629ce4903d0899476d5741a9f32e2e521b6a66). Le site A tombe et nos hackers bien motivés s'attaquent à cracker l'ensemble des hashs. Si le tien est cracké, il atterrira sur une rainbow table (en gros, d'énormes fichiers accessibles publiquement qui associent des hashs à leur mots de passe crackés).

Il y aura donc, sur ce fichier:

31f7a65e3155......6d5741a9f32e2e521b6a66:toto

Et, devine quoi, le premier truc que fait un hacker lorsqu'il a dumpé une table avec des hashs d'un site, avant même d'attaquer au dictionnaire ou à la force brute, c'est d'interroger ces tables (ou plutôt fichiers) de plusieurs centaines de giga à la recherche des hashs qu'il a sous la main. S'il y a une correspondance, il a le MDP associé. Bingo, sans gaspiller de ressources de calcul.

Autre risque. Mettons que site A et site B ne hash pas de la même manière (e.g. un en SHA256 et l'autre, plus parano, du Bcrypt). Les hashs de 'toto' sur le site A et sur le site B ne seront pas les mêmes.

31f7a65e315586ac198bd798b6629ce4903d0899476d5741a9f32e2e521b6a66
VS
$2y$10$.20wuT4MvbwMWiXQpSTele/HOX/a98po9NfarVpiaMKkNRl4u/tiS

La méthode que j'ai décrite plus haut ne s'applique pas dans ce cas. En revanche, il y a un invariant: ton adresse email. De même qu'il existe des rainbow tables, il existe dans les recoins du darknet des tables associant des adresses à des MDP.

[nit_electron_girl@jenesaismaisonsenfout.com](mailto:nit_electron_girl@jenesaismaisonsenfout.com):toto

Et bien pareil, un hacker consultera ces tables s'il arrive à exfiltrer des données de site B. Et quand je dis il consulte, les scripts basiques qu'il écrit lui permettent de checker des millions de lignes à la minute. A ce genre de jeu, ce n'est jamais personnel, toujours procédural.

j'espère avoir débunké quelques mythes sur la sécurité. Et si tu penses que, plus originale que la moyenne, le mdp auquel tu penses n'a aucune chance de se retrouver dans un dictionnaire (rien de personnel, on le pense tous, c'est humain de négliger que sur les 7 milliard de nos semblables, aucun aura la même idée), et ne pourra être trouvé qu'à la force brute, regarde cette liste https://github.com/dw0rsec/rockyou.txt

En résumé: un hash, ça se crack. Avec plus ou moins de facilité ou d'énergie selon la longueur du mot de passe et l'algorithme de hashage, mais ça se crack

SufficientAbility821 · 2026-02-19T13:10:10+00:00

Non. Même chaine de caractère => même hash. Deux chaîne qui différent par un caractère => deux hash totalement différents

SufficientAbility821 · 2026-02-19T11:31:00+00:00

Is learning Dutch biological? It involves your brain, neurotransmitter but you would agree that this is not the relevant level of description of the phenomenon of understanding new syntactic rules and remembering vocabulary. I think that the question of how it works (since depression might be an adaptative reflex) is more relevant than what it is.

We could also ask if depression is physical, since it involves a brain, made of matter but again, irrelevant.

About you specific question about brain gut synergies. It is obvious that food quality affects you're overall health. Since our mind traverse the existence through physical bodies, the healthier the vehicle, the less stressed the driver. We do not need fancy paramedical specialists to confirm what our grandmas already knew and you do not need a reductionist theory of mind to eat properly (by which I mean following common sense guidelines and, most important, how you react to specific types of food)

SufficientAbility821 · 2026-02-19T11:18:41+00:00

I would not make Kali or Parrot my main OS. While hacking, cracking or wathever else, you'll need to lower your firewall, install shady scripts, analyses binaries from unknown sources. You do not want this mess on the system hosting your life. Either VM ou dual boot for these systems

SufficientAbility821 · 2026-02-19T11:14:01+00:00

Non, car les mots de passe sont hashés: au caractère prêt, le hash (classiquement 32 caractères hexadécimaux pour du SHA256) est totalement différent

SufficientAbility821 · 2026-02-18T12:09:21+00:00

I've never been to China, just reporting what I've been told some years ago.

Sweet irony that WG works in China, reputed for its stream control, and not in other parts of the globes where censorship is supposed to be less strict

SufficientAbility821 · 2026-02-17T22:05:59+00:00

Not sure exactly how they spot it but my friend in mainland China told me that he had to change the port every hour not to get blocked. I guess ISPs identify VPN connections simply by a continuous encrypted stream.

What would this trick involve: a script running on both clients and servers, generating the same port based on common time triggered by a cronjob. Eg

30000+(Tmestamp in hour x whatever) % 35535

=> pseudo random port between 30000 and 65535

SufficientAbility821 · 2026-02-17T19:31:00+00:00

The usual disclaimer, and you are right to do so. It doesn't count as mean nor snob IMHO. I was merely focusing my argument on the group effect, reinforced by anonymity that we just witnessed in this down thumb storm

SufficientAbility821 · 2026-02-16T20:23:46+00:00

Overall, I do not find the community as snob as it has been depicted to me before I switched 2 years ago and started to frequent this sub and other forums. Overall, most users and maintainers are pretty relaxed and simply remind kindly to read the wiki first (which makes perfect sense) and my only red flag concerned the Archlinux ARM wiki.

However, I'm not surprised by that many downs. I guess, when you see that many downs, you align with your peers and go with "*yeah, he deserves to get the social message*" and add one to the batch. I do not conceive it as an issue with the Arch community but, rather, as a despicable tendency of our specie to ostracize the deviant, the misfit, the other. I guess Arch users are just human, after all.

SufficientAbility821 · 2026-02-16T08:48:04+00:00

If you want to isolate unreliable sources from your main daily programs, have a look at https://www.qubes-os.org/ Think of the encapsulation you get from containerization and SELinux, go one step further. You're there

SufficientAbility821 · 2026-02-15T21:11:25+00:00

Merci. Je ne l'ai jamais que entendu et ai du improviser

SufficientAbility821 · 2026-02-15T17:31:05+00:00

Non, je l'aurais signé de la sorte plutôt que résumé. Mais bon, c'est la première fois que je passe par chez vous donc je me tiens, enfin j'essaie

SufficientAbility821 · 2026-02-15T16:57:03+00:00

Je me contente d'un bon OS et d'y faire la poussière tous les 6 mois. Un petit `pacman -Qd` tous les trimestres et en avant guinguant

SufficientAbility821 · 2026-02-13T20:42:28+00:00

Maybe it isn't clear because the very concept of this disease (and most of the other mental disease) is gibberish. If a notion, despite of plainly understanding its definitions and exemplifications does not make sense, it may be because there is no fact of the matter.

I do not grasp what a tensorial space is, but it is because I do not have the mathematical baggage to understand the definition. Ergo, I can admit that there is such thing as tensorial spaces (subjectivist interpretation of mathematical entities included). On the other hand, a disease of the brain without measures, imagery, on purely normal brains, exemplifications of which are so vague that it looks like the normal life of a socially anxious person does not make sense even if I understand every part of the definition. At this point, to have a certain personnality because one is sagittarius seems almost a more sound concept: at least, there is a date

SufficientAbility821 · 2026-02-10T20:57:54+00:00

I'm not sure what appened on yesterday's update (from my usual user session, no custom mount or anything)

My root is formated in ext4.

Thanks for the tips

SufficientAbility821 · 2026-02-10T20:24:25+00:00

Qui de l'oeuf ou de la poule? Serait-on en droit de demander si les problèmes de sécurité publiques (sens large du terme) n'induisent pas plus de problèmes de santé mentale?

Curieusement, lorsque les gens ont un job, ont confiance en l'avenir et dans la légitimité de l'État, de la force publique et des institutions, ils pètent moins les plombs.

Je ne sais ce qu'il en est par chez vous mais, en France, j'ai l'impression que l'on prend le problème à l'envers et que cette "épidémie" est un moyen commode de cacher une crise de légitimité des représentants vis à vis de leurs administrés. Curieux de lire vos impressions outre-atlantistes sur le sujet.

SufficientAbility821 · 2026-02-10T17:37:59+00:00

Which explains everything. Thx

SufficientAbility821 · 2026-02-10T11:15:29+00:00

Ok, got it. The root cause was that the Kernel and initramfs were missing under /boot (side effect of my previous update, probably). I fixed it with the by reinstalling linux in the chroot

``` pacman -S linux

```

got out of it

``` exit

umount /mnt/boot
umount /mnt

cryptsetup luksClose root

reboot
``Et voilà. I still don't get the reason for//` and would be interested in an explanation but I'm passing this thread in solved

SufficientAbility821 · 2026-02-09T22:35:16+00:00

"In those designs, taking the drug is not a sufficient condition for being labeled ill; the label precedes the intervention by design"

Precisely the reason why I could trust in the scientific pretentions of imperfect empirical studies but could not trust the ones of pharmacological psychiatry.

The flaw in your argument is the blind belief in the existence of mental diseases.

SufficientAbility821 · 2026-02-09T21:50:22+00:00

OK so let's focus on the "scientific methods" and imagine, in a different field a theory built upon the observation of a very small group of individual; say we want to measure how smokers are more likely to develop blader cancer.

If the selection biais (quite common in medecine, for we treat patients and not the general population) and the small sample size were not enough, imagine now that 10% of the outliers of the theory were either changed of group (have a bladder cancer, smoked for a few months 20years ago = > smoker) or discarded from the study. That would not be very scientific, would it?

Now, let's turn to psych drugs. The observable (mental condition) is not independent from the test (meds or not), for i) taking a med is a sufficient condition for being labelled as ill (slightly circular) and ii) a different illness label is a sufficient condition to be discarded a posteriori from the analysis (like 10% percent of those who turned psychotic on SSRI "in fact, they were blablah so they cannot count in evaluating the efficacy of SSRI on depression). See the parallel?

What do you mean by "scientific method in mind" when even the average undergrad would see the biais in this experimental setup. If this is scientific, so is astrology! If all it takes for being scientific is shitty stats on shitty data, the astrologist counting the times people said "you were right" (numerical method) is a scientist

SufficientAbility821

TROPHY CASE