Basic Security askalan's security settings for Ubuntu

[AlanOstaszewski]

Spoiler: My hosts file to block Spotify ads

127.0.0.1 adclick.g.doublecklick.net
127.0.0.1 adeventtracker.spotify.com
127.0.0.1 ads-fa.spotify.com
127.0.0.1 analytics.spotify.com
127.0.0.1 audio2.spotify.com
127.0.0.1 b.scorecardresearch.com
127.0.0.1 bounceexchange.com
127.0.0.1 bs.serving-sys.com
127.0.0.1 content.bitsontherun.com
127.0.0.1 core.insightexpressai.com
127.0.0.1 crashdump.spotify.com
127.0.0.1 d2gi7ultltnc2u.cloudfront.net
127.0.0.1 d3rt1990lpmkn.cloudfront.net
127.0.0.1 desktop.spotify.com
127.0.0.1 doubleclick.net
127.0.0.1 ds.serving-sys.com
127.0.0.1 googleadservices.com
127.0.0.1 googleads.g.doubleclick.net
127.0.0.1 gtssl2-ocsp.geotrust.com
127.0.0.1 js.moatads.com
127.0.0.1 log.spotify.com
127.0.0.1 media-match.com
127.0.0.1 omaze.com
127.0.0.1 open.spotify.com
127.0.0.1 pagead46.l.doubleclick.net
127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 partner.googleadservices.com
127.0.0.1 pubads.g.doubleclick.net
127.0.0.1 redirector.gvt1.com
127.0.0.1 s0.2mdn.net
127.0.0.1 securepubads.g.doubleclick.net
127.0.0.1 spclient.wg.spotify.com
127.0.0.1 tpc.googlesyndication.com
127.0.0.1 v.jwpcdn.com
127.0.0.1 video-ad-stats.googlesyndication.com
127.0.0.1 weblb-wg.gslb.spotify.com
127.0.0.1 www.googleadservices.com
127.0.0.1 www.googletagservices.com

Spoiler: VPN killswitch

#!/bin/bash

# Your VPN name on Network Manager, to list all connections you can use: nmcli con
VPN_NAME="cyberghost-vpn-germany"
# Your network device, usually wlan0 for wifi and eth0 for cable, check with: ifconfig
NW_DEVICE="enp30s0"
# You VPN connection device, change if different
NW_TUN="tun0"

# Set up the firewall and block all connections
sudo ufw --force reset
sudo ufw default deny incoming
sudo ufw default deny outgoing
# Allow the connection only to/from our VPN server
sudo ufw allow out 53/udp
sudo ufw allow out 443/udp
sudo ufw allow out 1194/udp
sudo ufw allow out on $NW_TUN from any to any
sudo ufw allow in on $NW_TUN from any to any
# Enable firewall
sudo ufw enable

# Monitor VPN connection and connect again if dropped
function monitor {
# Connect to VPN
nmcli con up id $VPN_NAME
echo -e '\nMonitoring VPN connection for possible drops. Press Ctrl + Z to stop monitoring\n'
nmcli connection monitor $NW_TUN # Will exit as soon as status changes
echo -e '\n############################\nConnection to VPN dropped - Reconnecting...\n############################\n'
nmcli con down id $VPN_NAME # Just in case connection was in progress
sleep 5 # To allow VPN detect we are not connected anymore
nmcli con up id $VPN_NAME
monitor
}

monitor

(You will need to customize the file if you want to use it. Additionally it is in my startup folder.)

Otherwise I recommend you, if you also want to use CyberGhost: Buy the version in the shop (cd box):
buying one year via cyberghostvpn.com costs 70€, the CD box only 10€
(Example: CyberGhost 2018)

 

[gerinho]

Very good choice, Arch Linux! I use it myself, the Manjaro fork