Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
That would be rather useless since you should not be using the root account for regular tasks in the first place.
Quote:
Originally Posted by SaraiKhan
how safe is TOR?
Define "safe" from your perspective?.. Or at least tell us what doubts you have? What I mean is that if you have concerns like these you should do some research yourself, read about things so you know what you're talking about and *then* ask. That way you can easier spot errors, caveats, omissions, assumptions et cetera. If you don't do any research yourself you'll be relying on the answers to be either correct, correct in some circumstances or in a parallel universe.
Quote:
Originally Posted by SaraiKhan
How do I checksum the entire user profile
Like 'sha1deep -r /pathname' or 'find /pathname -type f|xargs sha1sum 2>/dev/null'.
Define "safe" from your perspective?.. Or at least tell us what doubts you have? What I mean is that if you have concerns like these you should do some research yourself, read about things so you know what you're talking about and *then* ask. That way you can easier spot errors, caveats, omissions, assumptions et cetera. If you don't do any research yourself you'll be relying on the answers to be either correct, correct in some circumstances or in a parallel universe.
Well, what I want to achieve, basicly is minimize the chances of either the ISP or tertiary personas spotting my research data I enter into my machine. I am indeed currently reading and researching this matter, but I have received some replies from some people over the IRC that TOR might really be unsafe. What I basicly want, is to minimize the chances of someone gaining access to my machine, or snooping my network traffic. I am also considering to crypt ALL messages coming and going through my lan. I read about IPSec but I am quite clueless on how to setup it on my linux and windows boxes. I succeeded in encrypting today my entire hdd and successfully used TOR, however sometimes it is kind of slow. Nevertheless, it's not like im downloading movies, so i guess it works ...
Regarding IPSec, I could not find a good info on how to set it up.
Regarding TOR, I am currently reading about onion routing and RFC 793.
I also browsed some CISCO stuff, and I found the info really helpfull. I already got some interesting ideas.
I have received some replies from some people over the IRC that TOR might really be unsafe.
Without providing any details, the same thing could be said about pretty much any software. Besides, last time I looked at the Tor website they seemed to make it pretty clear that you shouldn't rely on Tor if, like, your life depended on it. Having said that, Tor is indeed a dangerous tool when used inappropriately. Perhaps this is what your IRC friends were referring to. Users need to understand that Tor is only designed to provide anonymity (not security). Apparently, there's tons of people who believe that Tor magically provides them with end-to-end encryption when surfing the Web.
Personally, whenever I use Tor with a HTTP (without SSL) connection, I not only make sure I don't transfer any personal information, I also make sure I use a bolted-down NoScript and a disposable user account. I think it's important for all Tor users to assume that their exit nodes *will* inject malicious code whenever possible.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.