IF an expert hack can get into a Fedora OS over the Internet.. How would you know that someone has tried to get into your hd's OS..?

Are there Linux software packages that can be installed, and a window be placed on the desktop, that shows in real-time, who and what has tried to, or has, or is, infiltrated a Fedora OS..? if a Fedora OS can be compromised thus...

Are there software packages that can show if someone is uploading your private files from a Fedora OS..?

How do you know your OS doesn't have backdoors in it..?

No "conspiracy" here.. just valid security questions that deserve an honest answer...

When you first install the system, you can run some programs that will give you a baseline "fingerprint" that can be compared later to determine if someone has changed something.

If your new hacker pal is sloppy, he may leave clues in your log files (That's why reviewing your logs is so important). If he was smart enough to break in though, he is likely smart enough to cover his tracks.

The best I can tell you is a mix of good practices is the best bet:
Strong passwords
Patch your system so it's up to date
Keep it patched
Don't run unnecessary services
Read and learn as much as you can.

HTH
Dave

If he really is an expert, it needs an expert, too, to notice it, I think.

Every OS can be compromised, there will never be a 100% security.

At first you have to trust your distribution, that it has no backdoors already built in. Then you have to take a fingerprint from your fresh installed system (at best installed without network connection), and you have to compare the fingerprint before you update your system and generate a new one after the system-update. And that every time you update your system.
Or you install from scratch, that means you compile your whole system from source, after you have searched through the whole source for backdoors.

Be aware that any OS is only as secure as the security options the user chooses.

WoW!.. and WoW!..


_____________________


Quoing: "...first install the system, you can run some programs that will give you a baseline "fingerprint" that can be compared later to determine if someone has changed something."


Ok.. So now I'm going to DBAN-Autonuke these 3-hd's, and reinstall F-14 on clean platters...
Is there a best way to install F-14..?
And please detail, for the novice, how to do this "fingerprint" thingy...


____________________


Quoting: "it needs an expert, too, to notice it..."


Then the next obvious question would have to be.. What first thing would the expert look at, to start determining if there has been a compromise..?


____________________


Quoting: "you have to trust your distribution..."


Fedora is at the top of trustworthy...

____________________


Quoting: "And that every time you update your system.
Or you install from scratch, that means you compile your whole system from source, after you have searched through the whole source for backdoors."


Please detail how it's done...

____________________


This is what I've been asking about for ten years on the Net.. but all I ever got from this type of question was flamed, flamed, and more flamed, and banned.. then someone totally trashing the OS within an hour...
Funny.. I'm rushing to make the backup, by habit.. I suppose this is called "shell-shock"...

Was our answers not what you were expecting?

HTH
Dave

umm.. I was expecting to be smoke-screened, insulted, blasted, beatup, flamed, killed, and banned, then killed some more, and my PC's OS to be nuked...
Umm..? it didn't happen..?? I actually got some real answers...


_____________


I figured the best way to start this security check is to run "Chrootkit" to test the old OS before I jumps into fresh stuff the right way...


Is this Chrootkit-log anything bad?..


Checking `syslogd'... not tested

Searching for suspicious files and dirs, it may take a while...
/usr/lib/.libfipscheck.so.1.hmac /usr/lib/.libssl.so.1.0.0c.hmac /usr/lib/.libfipscheck.so.1.1.0.hmac /usr/lib/.libssl.so.10.hmac /usr/lib/firefox-3.6/.autoreg /lib/.libcrypto.so.10.hmac /lib/.libcrypto.so.1.0.0c.hmac /lib/.libgcrypt.so.11.hmac

Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient)

________________

I'm supposing "false positives", but a second opinion would be nice...

________________



This is what I found in Google searches:

http://forum.nginx.org/read.php?30,120185

http://docs.fedoraproject.org/en-US/...-keypairs.html


Yikes! this is a seriously wicked task for someone doing it the first time... Wouldn't it be sweet if it were setup as a system tool...

You can run a HIDS such as AIDE. This will, of course, require that you first read the documentation and familiarize yourself with how AIDE is used. Also, you'll want to install AIDE right after you've installed your OS from trusted media and before you even plug the network cable in. Otherwise, you risk getting a baseline from an already compromised installation, which would defeat the purpose.

I'm trying to find an "Aide rpm".. I found only one for fedora-11...
Do you know of an Aide rpm for Fedora-14..? I'm having a tough time trying to install an src. or a tar..?


http://rpm.pbone.net/index.php3?stat...aide&srodzaj=3

http://www.google.com/search?q=aide+...+14&as_rights=

'aide' is a Fedora package. ( Fedora 12 - 13 - 14 etc.)

# yum install aide


..

got it... now to make it work for me...

You think!?

Fedora is humanity's Hat.. Fedora is humanity's leader in love and respect, even if humanity doesn't know it yet.. Can't you feel it?.. Do you know love..?
You think?..


So what do you do to know what's happnin' in your computer's security..?
What's your big "securits"..?
What's the first thing you do to determine if your OS has been compromised..?

Start with the distribution that you download. Verify its md5sum and gpg signature against those reported and signed by the developer. There may even be a designated signer for the package. At a minimum, make sure that the keys used have been signed by several individuals with known organizational email addresses. Granted, this is not 100%, but it is a strong indication that you are getting a legitimate download. Then, create your CD and re-verify the burned ISO image's sum to verify that you have a solid build. Install it and as part of your base install, implement a host based intrusion detection system that will create fingerprints for your system files and monitor them for changes.

Beyond that, do as the above posts suggest. Don't run unnecessary server packages. Don't open unnecessary ports in your firewall. Don't give users permissions that they don't need, keep your system up to date, watch your logs, don't allow root SSH and preferably use key based authentication, and so forth. Keep reading and learning, but maintain eternal vigilance on the performance of your system without relying on an application to secure your system for you.

1 members found this post helpful.

Are those "signature checks" needed when you download Fedora from the Fedora Project site?..
and when you apply Fedora updater updates..?

Can hacks fake the updater?, like someone nasty did to my PC through Linux OS, not Fedora...

First, when you install Fedora, make your partition encrypted. Here are all the gory details.

http://docs.fedoraproject.org/en-US/...setup-x86.html

Second, disable all remote logins using SE-Linux or other settings. This is especially important for root.

Third, use only reputable repositories that others have used without problems.

"Https://www.Earlspervertedspecialpicssite.net/freak/executablesandbinaries" is NOT a reputable repository.

The actual site is, of course, a joke. It doesn't really exist. I would not provide such a real link even if I was into such things. (I'm not.)

Fourth, use complex passwords with at least 10 characters. Sixteen would be better. Obviously use wildcards, numbers, capitol and lower case letters.

Don't use just dictionary words. Don't post your passwords on the side of your computer monitor. If you must write down your passwords, consider hiding them real well or getting a safe located in another room without a computer.

Lastly, consider upping your meds slightly !!