codes

Here’s a categorized breakdown of the codes you provided:

1. DNS Security & DoH (DNS over HTTPS) Configuration

These commands help verify and enable DNS security and encryption.

  • Verify DoH is working (Windows/Linux):

    • nslookup example.com (Windows/Linux)

    • sudo nano /etc/systemd/resolved.conf (Linux: Modify DNS settings)

    • sudo systemctl restart systemd-resolved (Restart DNS service)

  • Set Up Private DNS Servers:

    • Pi-hole (For home networks, blocks ads and trackers):

      • curl -sSL https://install.pi-hole.net | bash

    • BIND9 (For enterprise DNS management):

      • sudo apt install bind9

      • Edit /etc/bind/named.conf.options

      • sudo systemctl restart bind9

  • Verify Secure DNS:

    • Cloudflare’s DoH Test or Google’s DNS Test

    • nslookup example.com or dig example.com

2. Full-Disk Encryption

Encrypts entire disks to protect data from unauthorized access.

  • Windows: BitLocker

    • manage-bde -status (Check BitLocker status)

  • Linux: LUKS (Linux Unified Key Setup)

    • sudo cryptsetup luksFormat /dev/sdb1 (Encrypt disk)

    • sudo cryptsetup open /dev/sdb1 secure_drive

    • sudo mkfs.ext4 /dev/mapper/secure_drive (Format)

    • sudo mount /dev/mapper/secure_drive /mnt

    • sudo cryptsetup close secure_drive (Unmount)

  • Encrypt Files:

    • OpenSSL:

      • Encrypt: openssl enc -aes-256-cbc -salt -in secret.txt -out secret.txt.enc

      • Decrypt: openssl enc -aes-256-cbc -d -in secret.txt.enc -out secret.txt

    • GPG:

      • Encrypt: gpg -c --cipher-algo AES256 secret.txt

      • Decrypt: gpg --decrypt secret.txt.gpg > secret.txt

  • LUKS for Backups:

    • sudo cryptsetup luksFormat /dev/sdb

    • sudo cryptsetup open /dev/sdb backup_drive

    • sudo mount /dev/mapper/backup_drive /mnt/backup

3. Linux System Hardening & Security

These commands improve system security by enforcing updates, firewall rules, SSH security, and kernel hardening.

  • Automatic Security Updates:

    • Ubuntu/Debian:

      • sudo apt update && sudo apt upgrade -y

      • sudo apt install unattended-upgrades

    • RHEL/CentOS:

      • sudo yum update -y

  • Firewall Configuration (UFW - Uncomplicated Firewall):

    • sudo ufw default deny incoming

    • sudo ufw default allow outgoing

    • sudo ufw allow 22/tcp

    • sudo ufw enable

  • Secure SSH:

    • Edit SSH config: sudo nano /etc/ssh/sshd_config

    • Set: 

      PermitRootLogin no
PasswordAuthentication no
AllowUsers your-username

    • Restart SSH: sudo systemctl restart sshd

  • Fail2Ban (Prevent Brute-Force Attacks):

    • sudo apt install fail2ban -y

    • sudo systemctl enable fail2ban

    • sudo systemctl start fail2ban

  • Kernel Hardening (Sysctl Settings):

    • Edit sysctl.conf: sudo nano /etc/sysctl.conf

    • Add: 

      net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
kernel.randomize_va_space = 2

    • Apply changes: sudo sysctl -p

Summary

  1. DNS Security & DoH Configuration → Encrypt and secure DNS queries

  2. Full-Disk Encryption → Protect data using BitLocker (Windows) or LUKS (Linux)

  3. File Encryption → Secure files using OpenSSL and GPG

  4. Linux Hardening → Strengthen security with firewalls, SSH restrictions, automatic updates, and kernel settings

Let me know if you need further explanation! 🚀