13reak :fedora:<p>Interesting defense against attacks: </p><p>Move your SSH <code>authorized_keys</code> to a different location and set the rights to <code>0444</code>. Then an attacker needs root rights to place an SSH backdoor.</p><p><a href="https://isc.sans.edu/diary/31986" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">isc.sans.edu/diary/31986</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/knowledgedrop" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>knowledgedrop</span></a> <a href="https://infosec.exchange/tags/hardening" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hardening</span></a></p>