LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Are 'remote login' or (removable media) 'run software' enabled by default, or do I have a security problem? (Debian 12) (https://www.linuxquestions.org/questions/linux-newbie-8/are-remote-login-or-removable-media-run-software-enabled-by-default-or-do-i-have-a-security-problem-debian-12-a-4175733279/)

handstand 01-28-2024 08:57 AM
Are 'remote login' or (removable media) 'run software' enabled by default, or do I have a security problem? (Debian 12)
 
I'm very inexperienced with linux, so apologies if this is an extra-newbie question.

I recently installed Debian 12, was looking through my settings and under sharing, noticed that 'remote login' was enabled. And in my removable media settings, software was set to 'run software' (ie not 'ask what to do').

It is unfortunately possible that I have had someone I know at least attempt to hack me/get access to my devices, so I am on the lookout for anything out of the ordinary, and from what I can tell from googling/searching this forum, it doesn't seem like these two things are usually enabled by default. So I'm hoping someone might know if there's a normal reason they would be.

E.g. perhaps as a result of some things I've done since installing:
- set up firewall
- installed VPN (required me making some root changes that I don't fully understand)
- installed browser & a few privacy/security extensions
- connected usb pen with some backed up files from my use of this computer pre-Debian
Worth noting that before Debian, I was using Linux Mint (19); I now realise it was a very outdated kernel - and that I wasn't installing security updates (I know...). I did wipe (inc. overwriting) the hard drive before installing Debian.

I also know that malware/hacks on Linux are very rare, but for a few reasons it's not unlikely for me at the moment, and I've made plenty of other security mistakes not included in this post. Even if this is normal, I'm hoping to learn more about Linux security generally and prevent it in the future. Thanks so much for any help.

Some system info:
- Linux 6.1.0-15-amd64 x86_64 (17 is installed but just hangs when I try to boot it)
- Debian GNU/Linux 12 (bookworm), GNOME 43.9, Wayland

michaelk 01-28-2024 03:56 PM
Welcome to LinuxQuestions.

Remote login is ssh and is usually installed by default. ssh logs are located in /var/log/syslog files and you can look at them for ssh traffic. If anyone has been trying to login all attempts are recorded there.

Make sure your router's firewall firmware is the latest if it your own the device otherwise your ISP should push any updates. Make sure you are using a strong wireless password if you have control over your router/gateway device and that you are using at least WPA2 encryption.

I don't know why your USB settings changed from "Ask me what to do" unless you inadvertently changed it.

niceflipper8827 02-03-2024 11:21 PM
You also need to enable WPA2-PSK because if you don't use the most secure protocols as you might accidentally set yourself up for war drivers who are people that drive through neighborhoods looking for peoples WiFi networks that don't use protocols like WPA2+PSK. Every computer network security experts will always recommend using the latest security standards because when you don't it's like leaving your car door open and they car keys on the seat which in essentially common steel my car.


All times are GMT -5. The time now is 01:41 AM.