Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Okay, so I am not a head of state on my Linux home computer, but is there any way of detecting whether the Turla trojan is sitting quietly on my PC, awaiting further instructions?
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,629
Rep:
?? The first link you posted yourself reads some way down:
Quote:
Administrators who want to check for Turla-infected Linux systems can check outgoing traffic for connections to news-bbc.podzone[.]org or 80.248.65.183, which are the addresses of known command and control channels hardcoded into the Linux trojan. Admins can also build a signature using a tool called YARA that detects the strings "TREX_PID=%u" and "Remote VS is empty !"
You're "running other people's software" on your machine all the time. (In fact, right now you're running JavaScript supplied by "LinuxQuestions.org!") You can't prevent that.
What you can do, though, is to make it "even slightly inconvenient" for malware to exploit your system. Malware is strictly "a numbers game," searching among millions of potentially-accessible machines to find those that (a) are accessible, and (b)are run by stupid-people ..are run by careless-people .. are vulnerable. The odds are small, but in their favor.
Most of all, just do common-sense things:
Don't run as an Administrator, or as a member of the wheel group, or as a user who can issue sudo su and supply their password and thereby become root.
Actually have a password , and change it more than once a year.
Store sensitive information in encrypted "keychains."
Have multiple non-privileged accounts for different purposes, and secure the home-directories from each other. (No one else "needs to know" even what is inside someone else's home.)
Keep the operating system up-to-date.
Use secure backup software that is running all the time.
Don't run "anti-virus" software! This software, being "highly pervasive," is most-easily compromised and can serve as an attack vector. (It's difficult to remove the "cruft" from Windows, but it can be done. Do it.)
These are things that can be done on any operating system. A computer is terrible at knowing when to say "yes," but it's great at saying "no."
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.