Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
BTW: Does anyone know if chkrootkit or rkhunter or debcheckroot or ... can detect any of the popular ransomeware (probably never been on linux but these are likely to run on OSx)?
And since ransomware is almost certainly user-space, what about configuring tripwire to check userspace?
It seems like a good idea to think about this since the latest ransomware sits around for 2-3 days before it starts encrypting user files. Maybe its really vulnerable at that point?
Last edited by linuxStudent11; 03-08-2016 at 10:49 PM.
One of the reasons why I use OS/X as a host is ... Time Machine. Which comes free with OS/X.
(Some versions of Windows have a comparable utility, but it's really not "comparable" at all ..)[/i]
Working quietly in the background, every hour or more-often, TM backs up everything, including e-mails.
I'd be very interested in recommendations for a Linux based backup daemon that can do equivalent things. I'd happily dedicate a second external hard-drive to backing up several Linux VM's.
dd ?
(i guess rsync is usually recommended for incremental backups but i never had the need and therefore no experience with it).
Wrt defense please note the infection vectors mentioned are just that: exploit any flaw, elevate privileges, do stuff. And the fact that linux.encoder.1 currently is easily defeated also is no reason to postpone getting that security posture up to spec. As far as I'm concerned all common security best practices (install and expose only what is required, proper hardening and auditing, regular updates and backups etc, etc) still apply. Do note unattended, automated backups without restore testing or content checking may prove to be interesting because for the backup software itself there's no valid reason not to back up an already ransomware-encrypted file system ;-p
This, ladies and germs, is BS. MS Windows cannot be secured, too many security holes. When you buy a Windows penetration kit from bad guys it comes with 6 months warranty. In unlikely case MS closes the security hole your kit is exploiting they switch you over to next vulnerability for free. Unthinkable with any POSIX compliant system.
Out of the box, that may be true, but with the right packages added to a Windows system, it can be secured to a fair reasonable level.
- Finely tuned permission levels for software and hardware can limit exposure to malware. Example: Limiting USB drive access, or access to optical or flash drives in the system.
- Properly updated systems reduce security holes as do tested antimalware tools. Example: Using MalwareBytes Pro in conjunction with Sophos Internet Security.
- Blocking bad IP addresses in the HOSTS can reduce instances of exposure. Example: Running Spybot Search and Destroy's Immunization tool can tune up security and create a huge block list in HOSTS.
- Using well tuned and properly configured Stareful Packet Filtering Firewalls in both hardware and software can reduce threats as well as using software to warn of attacks on the system and network.
GNU/Linux equally has to be properly secured by the system administrator as well. No operating system is going to be 100% fail safe. Apple claimed this with OSX/Darwin, and it got very devastating malware. Now OSX has several malware detection and elimination tools to keep the system safe. Linux systems can get malware, but because no two distributions are exactly alike, attacking every system equally is impossible.
I do find it interesting that the ransomware almost-certainly must have been signed by a developer key. It suggests an inside job.
Another possibility is what happened to Ian Murdock. When he was "clubbed to death", the PD got control of his laptop. The FBI showed up later on ulterior motives.
Sorry for the conspiracy theories here, but does the SFPD now have his keys? Does this imply the FBI has his keys?
And by the same argument, did someone else get Apple keys from a traffic stop, drug deal, vindictive girl friend, etc. etc.? And if you're talking about transmission bittorent developers, same logic.
Old adage: No man is an island.
Last edited by linuxStudent11; 03-10-2016 at 01:07 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.