Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I suggest you read up on things before posting such "advice". TCP/80 needs to be open to serve web content and the port being open itself isn't the biggest threat.
I'm sorry if I wasn't clear enough: I only meant that the unnecessary ports should be closed.
Thanks for taking the time to reply. Now you're kind of new to LQ and therefore you may not have much experience reading posts and interacting with the folks in the Linux security forum. Members who seem to live here, members with a good grasp of Linux Security, and especially those with practical incident handling or forensics experience know there's a certain order, a structured approach to "solving" these types of problems. Because time is of the essence and risks should be mitigated as soon as possible the order of stages I try to promote is: information gathering, mitigation, analysis, aftercare. Understanding what actions to perform at which stage ensures both the incident handler and the "victim" have a clear view on what to do. This should keep the "victim" from getting distracted by conflicting "advice", nitpicking or whatever else.
More fundamentally solving any problem requires one to be methodical about things. IMHO that starts with proper diagnosis: reviewing the nfo at hand while not assuming anything and asking questions. If on doesn't do that then one might miss a clue and any advice one gives may range from just inefficient to the completely unsuitable in certain situations.
Quote:
Originally Posted by Nbiser
I'm sorry if I wasn't clear enough: I only meant that the unnecessary ports should be closed.
And likewise I'm sorry if what I wrote above wasn't clear enough: in a priority-ordered list of actions to perform this isn't number 0, 1 or 2 until you have gotten the information to base such advice on.
Thanks for taking the time to reply. Now you're kind of new to LQ and therefore you may not have much experience reading posts and interacting with the folks in the Linux security forum. Members who seem to live here, members with a good grasp of Linux Security, and especially those with practical incident handling or forensics experience know there's a certain order, a structured approach to "solving" these types of problems. Because time is of the essence and risks should be mitigated as soon as possible the order of stages I try to promote is: information gathering, mitigation, analysis, aftercare. Understanding what actions to perform at which stage ensures both the incident handler and the "victim" have a clear view on what to do. This should keep the "victim" from getting distracted by conflicting "advice", nitpicking or whatever else.
I'll admit, I'm no security expert. What I know I've learned from my father, a certified ethical hacker and a certified forensics investigator. As for myself I'm more of a hardware and operating system guy.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.