Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm currently using rkhunter and chkrootkit to scan my Debian Etch box for rootkits.
Can anyone please recommend another Debian command line security application that you use?
Thank you for any and all replies.
I'm currently using rkhunter and chkrootkit to scan my Debian Etch box for rootkits.
Can anyone please recommend another Debian command line security application that you use?
Thank you for any and all replies.
harden - Makes your system hardened
harden-clients - Avoid clients that are known to be insecure
harden-development - Development tools for creating more secure programs
harden-doc - Useful documentation to secure a Debian system
harden-environment - Hardened system environment
harden-nids - Harden a system by using a network intrusion detection system
harden-remoteaudit - Audit your remote systems from this host
harden-servers - Avoid servers that are known to be insecure
harden-surveillance - Check services and/or servers automatically
harden-tools - Tools to enhance or analyze the security of the local system
Near the bottom of the screenshot it shows that lo is not promiscuous, but it also says something about a PACKET SNIFFER.
What do you think? I'm a bit confused by the scan result.
Thank you for any and all replies:-)
Near the bottom of the screenshot it shows that lo is not promiscuous, but it also says something about a PACKET SNIFFER. If your nic was in promiscuous mode it might mean that a sniffer is present. It's not.
What do you think? I'm a bit confused by the scan result.
Thank you for any and all replies:-)
If your nic was in promiscuous mode it might mean that a sniffer is present. It's not. http://en.wikipedia.org/wiki/Promiscuous_mode
The dhcp client often gives a false positive. Nothing to worry about that either. If you want, you can check the md5sum of its binary. If this is a home desktop behind a router you might as well setup a static IP for it and disable dhcp. This would speed up your boot time as well. Something like :
Code:
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
# The loopback interface
# automatically added when upgrading
auto lo
iface lo inet loopback
#iface eth0 inet dhcp
auto eth0
iface eth0 inet static
address 192.168.1.3
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
If your nic was in promiscuous mode it might mean that a sniffer is present. It's not. http://en.wikipedia.org/wiki/Promiscuous_mode
The dhcp client often gives a false positive. Nothing to worry about that either. If you want, you can check the md5sum of its binary. If this is a home desktop behind a router you might as well setup a static IP for it and disable dhcp. This would speed up your boot time as well. Something like :
Code:
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
# The loopback interface
# automatically added when upgrading
auto lo
iface lo inet loopback
#iface eth0 inet dhcp
auto eth0
iface eth0 inet static
address 192.168.1.3
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
Thank you makuyl, I appreciate the reply! I was getting ready to format this puppy and put Lenny on it:-) I'm very happy with Etch. This unit is sitting behind a router so I think it is relatively secure.
Your explanation makes sense to me as it does say that the NIC is not in promiscuous mode. Good to know I haven't been hacked.
Thanks, again:-)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.