Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i setup a http/ftp server on a busybox based embedded system last night at home, it was tested out ok.
however today, when i accessed my test webpage on my http server, browser prompted me to open an 'Photo.scr' file. i didn't understand what it is until i checked the http server, it seems a new file 'Photo.scr' was created in the local directory and my 'index.html' has been modified as well.
when i checked other directories on the embedded system, there's a copy of 'photo.scr' in many other directories. i have setup my home router to forward the httpd/ftpd/telnet port so i could access the ftp/http sever away from home. it worries me that someone has gained access to the ftp server or maybe my router.
anyway to improve the security to fend off malicious 3rd party?
i disabled ftp and telnet remote access on the router for embedded device and only allowed http port forwarding to the device. would that make the system secure?
on this particular device, only busybox (i.e. ftpd, telnetd, httpd) is installed, no SFTP and SSH running.
You should be running OpenVPN as the only publicly-available service, and use tls-auth (as I have described in other threads in this section) to further make the presence of the OpenVPN server invisible. You should use digital certificates, password-protecting (encrypting) the ones that you take with you.
All other services should "listen" only to the OpenVPN's secure subnet, and be prohibited (and, blocked by firewall rules) from listening directly to the outside world.
Within, you should be running services like sshd, which are only listening to the OpenVPN tunnel, and (as also described elsewhere in this section) these should use only digital certificates, not passwords.
Now, you can enter the machine, and everything that you send to it or receive from it is securely encrypted. But, to anyone else, it is a featureless box with no open ports. Although you can easily access the machine, and even do so without apparent challenge or impediment, everyone else finds a featureless smooth wall with nothing whatsoever to climb. There is literally nothing there for them to attack.
You can enter because you possess the necessary, one-of-a-kind, digital certificates (and, if you wish, the passwords needed to decrypt them). Certificates can be individually issued and revoked.
Last edited by sundialsvcs; 09-02-2016 at 08:00 AM.
i disabled ftp and telnet remote access on the router for embedded device and only allowed http port forwarding to the device. would that make the system secure?
on this particular device, only busybox (i.e. ftpd, telnetd, httpd) is installed, no SFTP and SSH running.
Any machine that has had ftpd and telnetd running needs to be wiped and reinstalled. Since you must reinstall, you might as well do it safely and leave out the unsecureable daemons. sundialsvcs' suggestion about OpenVPN could help you, or you could stay with SSH which has stronger ciphers. Either way, you'll want to rebuild your busybox so that there is no ftpd or telnetd and that sshd is there instead. If OpenSSH is too big, then you might look at Dropbear, an OpenSSH derivative.
Also, change any passwords you may have typed in during any telnet or ftp session (including initial log in). Telnet and ftp send this in clear text, so any packet sniffers along the way can gather the password data.
/etc/ssh/sshd_config
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
...
RSAAuthentication yes
PubkeyAuthentication yes
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.