Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm not really a Linux noob (I know how to recompile the kernel and other stuff) but I don't really know a *whole* lot about security as I only use it as a desktop system (unless I'm using one of my old PCs as a game server - but they're not important and I don't really care if THEY get compromised - and I haven't run a game server in a while anyways).
I recently learned about Linux rootkits and I was wondering if I need to worry about them - I'm not running a server or anything, and my router has firewall capabilities built in. Do I still need to worry about them anyways? Are there any protocols I should disable just in case?
Also, I'm using Slackware 10.2 - is there any tool already packaged with Slack to scan for rootkits?
You don't have to worry about rootkits in particular anymore than you'd worry about any other aspect of security. A rootkit is something that's installed after someone hacks into your box (its not something that spreads around the net infecting machines like a virus). It is a good idea to have a rootkit scanner run every night as it can often pickup the tell-tale signs of a rootkit, even though for one to be installed your machine would already have to have been compromised in some way. chkrootkit is a good one and I'm sure slackware has packages for it.
Quote:
I'm not running a server or anything, and my router has firewall capabilities built in. Do I still need to worry about them anyways?
And if you keep up with updates and stick to open-source software or slackware packages then you should be fine.
And if you keep up with updates
Make that "If you have a hardened box and if you keep up with updates".
and stick to open-source software or slackware packages then you should be fine.
Closed source, OSS and even Slackware packages can be compromised: always check GPG keys.
Give this one a spin.
Both Chkrootkit and Rootkit Hunter are good tools. Only thing is they need to be used in combination with a file integrity checker and both tools should be installed before the box is allowed on the 'net. Chkrootkit and Rootkit Hunter will only check for default strings and search in default locations for default files. Place files in another location and they won't be found. Chkrootkit still tries stubbornly to rely on the ancient ifpromisc instead of the better capabilities of /sbin/ip. Other accompanying binaries can also be circumvented. Take for instance Adore-NG. Change 1 digit in the source code, and Chkrootkit's chkproc will not be able to find it. A file integrity checker like Aide or Samhain can be configured to scan a whole system for changes, which gives you a clearer picture of changes on the system. Some distro's have package managers that also will check checksums, but these won't pick up changes like introducing new files.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.