So How often does everyone scan their Linux Computers and what do you use?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
View Poll Results: How often do you scan your Linux Computer(s)?
I am so paranoid I scan it more then once a day...
0
0%
Once a day.
4
13.79%
Once a week.
0
0%
Once a month.
2
6.90%
A few times a year.
11
37.93%
Depends really on what I am doing. Can be often or not.
Given the fact that some OS installations are not that well-protected out of the box (Ubuntu's Remote Desktop comes to mind, see for instance the reports on Ubuntuforums), some users not knowing or caring for any security and the amount of hosts being compromised through the web stack still, I disagree.
Yes, well, I guess on Ubuntu, maybe. I think it would be better for Ubuntu to change, rather than having to do extra to keep it secure.
Reasonable security to me is:
1) Use strong passwords (not anything in a dictionary or a name).
2) Firewall (can be on a router, although usually not as configurable, or regular netfilter/iptables).
3) Disable any service that uses a port that you don't need, especially remote login.
4) Scan with rkhunter, chkrootkit, and maybe clamav.
5) If you use sudo, make sure you configure it in a sane manner, unlike Ubuntu.
6) Checksum packages (probably automatic).
I would think that on a non-Ubuntu desktop, this is reasonable security.
Now, on a server, you can and should do more than this.
P.S. I also know the motto of the Security forum: Too much security is never enough. This is also why I seldom reply to anything here.
Last edited by H_TeXMeX_H; 11-02-2010 at 04:30 AM.
Being a security freak, here is my setup, from power on:
bios password
(bootloader password when i need to edit or change something)
LUKS password
default boots to init 3
log in using standard user, then to root to init 5 if needed (most of the time I do)
log in standard user for gui
as far as scanning my system, I have cron scripts set up for both clamav and rkhunter
for firefox, I have noscript, redirect remover, adblock plus, ghostery, betterprivacy, user agent switcher, plus a few other tools and dev tools I use.
there is a lot more to my system, including my IDS (snort), and real-time alerting on my desktop via conky, as well as system stats through conky. I have screenshots in the "post your desktop" thread. I have a lot going on, and I love it. But once again, I am a security freak.
also to add - i am running a custom kernel, and custom iptables setup which drops everything that I don't initiate.
Last edited by corp769; 11-02-2010 at 04:54 AM.
Reason: added more...
I've been hacked once. It was years ago when the scripts for password guessing were first getting hot on the Internet. I used to have an account on my system called "guest" and the password was "guest" so visitors could get on and use my computer. It was guessed (imagine that?) and the person tried to install a spam relay with a PHP script. The visit was short and he didn't get anywhere. The IP was from Romania.
I was compromised but the damage was minimal because I was generally doing other things that were quite effective. Strong passwords for other accounts, the file system was reasonably locked down, I was running a firewall, services I didn't need were not running, etc. I know more now than I did then. But even in that case I had enough security for my system. Clean up didn't take very long.
So I learned not to keep that guest account anymore. I keep learning. There are even a few ideas I've gleaned from people's responses here. I love Luks to protect my mobile file systems. It's awesome and it works well. IP tables, awesome. I was able to write scripts to minimize and block those repeated attacks from script kiddies.
10 years ago things were not as good as they are now. We have tons of tools and things to help us out and make it easier. In addition, distros are generally doing better default installs than they used to. Nowadays it's easier for users to follow a few good guidelines and have a fairly secure system. It's really hard to exploit a Linux system. And even if that's successful, it's often not very useful to do so. Compare that to Windows. Our lives are way better than the common computer user.
I've been hacked once. It was years ago when the scripts for password guessing were first getting hot on the Internet. I used to have an account on my system called "guest" and the password was "guest" so visitors could get on and use my computer. It was guessed (imagine that?) and the person tried to install a spam relay with a PHP script. The visit was short and he didn't get anywhere. The IP was from Romania.
I was compromised but the damage was minimal because I was generally doing other things that were quite effective. Strong passwords for other accounts, the file system was reasonably locked down, I was running a firewall, services I didn't need were not running, etc. I know more now than I did then. But even in that case I had enough security for my system. Clean up didn't take very long.
So I learned not to keep that guest account anymore. I keep learning. There are even a few ideas I've gleaned from people's responses here. I love Luks to protect my mobile file systems. It's awesome and it works well. IP tables, awesome. I was able to write scripts to minimize and block those repeated attacks from script kiddies.
10 years ago things were not as good as they are now. We have tons of tools and things to help us out and make it easier. In addition, distros are generally doing better default installs than they used to. Nowadays it's easier for users to follow a few good guidelines and have a fairly secure system. It's really hard to exploit a Linux system. And even if that's successful, it's often not very useful to do so. Compare that to Windows. Our lives are way better than the common computer user.
The point of monitoring is to limit damage when prevention fails, and it appears to of saved you once before. There certainly isn't anything wrong with focusing on preventing attacks. However, there is something wrong with completely ignoring detection. Monitoring will always play a role in security, because there will always be residual risk.
As Bruce Schneier said, monitoring is the first thing you should do to determine what attacks you face, so you know what countermeasures to implement. It also lets you trust your computer by verifying your preventative controls are working.
The point of monitoring is to limit damage when prevention fails, and it appears to of saved you once before. There certainly isn't anything wrong with focusing on preventing attacks. However, there is something wrong with completely ignoring detection.
OlRoy, are you aware that I maintain a monitoring and detection package? I hardly consider that ignoring.
I guess I'm sometimes disgusted with people just shooting their mouths off. I quit Slashdot years ago because of this. I mean this in all sincerity, go back there. We simply don't do that to people here.
I agree with the statement that there is something wrong with ignoring detection. I guess that's why I maintain that Samhain build. Did you really mean to direct it towards me? I'm really sorry to pounce on someone if it was simple misspoken language.
OlRoy, are you aware that I maintain a monitoring and detection package? I hardly consider that ignoring.
I guess I'm sometimes disgusted with people just shooting their mouths off. I quit Slashdot years ago because of this. I mean this in all sincerity, go back there. We simply don't do that to people here.
I agree with the statement that there is something wrong with ignoring detection. I guess that's why I maintain that Samhain build. Did you really mean to direct it towards me? I'm really sorry to pounce on someone if it was simple misspoken language.
Yes, it was directed at you. However, I didn't notice you maintained Samhain so I guess I misinterpreted some of what you said. No need to get your panties in a bunch.
The fact so much user data/profiles/browsing history/etc is stored online by various companies and others alone is reason enough. And with Cloud computing it will get much worse (I have never been a fan of Cloud Computing anyways.) Not to mention the lack of concern many have about sharing personal information or clicking anything (flash games, Java Games and so on.) Facebook, MySpace are perfect examples of this. And some companies not caring about user privacy and even selling user information or having it "Accidentally Exposed," somehow.
Privacy is not the same thing as security, so if you're concerned about privacy, may want to start a new thread. For privacy, you mostly have to customize firefox to block all the BS they throw at you. I don't have flash installed, I download the mp4 instead from youtube.
For FF I have the very much needed Adblock, NoScript, Greasemonkey.
I also stay far away from Google and the Cloud (of doom).
Privacy is not the same thing as security, so if you're concerned about privacy, may want to start a new thread. For privacy, you mostly have to customize firefox to block all the BS they throw at you. I don't have flash installed, I download the mp4 instead from youtube.
For FF I have the very much needed Adblock, NoScript, Greasemonkey.
I also stay far away from Google and the Cloud (of doom).
I disagree. Privacy and Security can go hand and hand. For example the information that was stolen from users can help someone get a profile of that person, their habits, where they live, etc. Then it goes from privacy into security. If a person's privacy is at risk or stolen then someone could easily try and hack into that persons computer, which goes back to security. With all the information being stored on users habits and some actually giving it away freely, it has the potential of getting real messy, real fast.
Edit: My FF list is: NoScript (a must,) Redirect Remover, Adblock Plus, Better Privacy and Ghostery.
I can't speak for all "Cloud" (I hate buzzwords) solutions, but I use the Amazon Cloud in a business and it absolutely rocks! For those who don't know this latest, mindless technology cliche, Clouds are just virtualized instances for sale, at least as Amazon is provisioning it. There are other interpretations. Let's not fret over a word that is meant to be intentionally vague.
I would think the people here would generally embrace the cloud because they are generally provisioned as Linux instances and their default security preferences are better than most distros out of the box. Amazon has the majority of the Cloud market right now and the majority of those are running Linux. It's cheap and it can scale.
I also have a Slack box I've colocated for years, but that was before the Cloud was available. I still have it and I'll keep it out there for now, but cost wise, it is making less and less sense. I wouldn't go out and buy the hardware now. But that was then and now there are other options. When it dies, I'm going cloud with that box too.
If guys like the paranoid schizophrenics on this forum are administering it, I'd think it would be a pretty safe option. Cloud or not, companies misuse and mistreat customers. From a technology standpoint, the Cloud is awesome. You just get don't get to get out of doing the admin work that always goes a long with managing any Linux system. You get a free pass on hardware, initial investment, scaling, network infrastructure, and you get some handy dandy extra tools provided by Right Scale.
You should try it before you knock it. For the most part, it's just same Linux we have come to know and love. It's a really cheap way to run a server on the Internet.
Well, that's where I draw the line with privacy. I'm never using any cloud apps, I want my data to stay on my HDD. I'm not quite as paranoid about privacy as many on here, but I do know that they plan on turning computers into terminals, with your data being stored on their servers.
I also don't think the Cloud is anything but vaporware being marketed as a wonder of technology, with a diabolical scheme in the background. I have no use for the cloud.
I've also had enough of this thread.
Last edited by H_TeXMeX_H; 11-03-2010 at 02:14 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.