i started with slackware ~2003 and moved to gentoo in 2005. it was very transparent to me as a newbie. use flags and compilation from source were way simpler to me than mysterious precompiled binaries. also ndiswrapper worked with my wireless chipset on gentoo. that helped

for my own sanity i will assume the audience of that page you linked is business customers given one of their examples is a .gov. im just residential. getting a static ip out here felt monumental in itself

it was apparently impossible for my isp. i have a very good deal on a static ip so reluctant to rock the boat

even if you get port 25 unblocked your IP won't pass the sniff test. you must have a PTR record on the IP pointing to your domain for the large email hosts to accept mail from you. i use amazon SES to handle outbound because of this hurdle. it sucks

no, if the attacker can change files in your account, they can read every byte you type in and respond with anything, including pretending to be a normal shell. im not sure how to prevent ssh from running commands in your shell

which sudo will check $PATH directories and return the first match, true. however when you type sudo and hit enter your shell will look for aliases and shell functions before searching $PATH.

to see how your shell will execute 'sudo', say type sudo (zsh/bash). to skip aliases/functions/builtins say command sudo

meh nvm none of these work if your shell is compromised. you're sending bytes to the attacker at that point. they can make you believe anything