LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Infected Home Directory (OT) (http://www.linuxquestions.org/questions/slackware-14/infected-home-directory-ot-4175489724/)

hitest 12-31-2013 10:03 AM

Infected Home Directory (OT)
 
Quote:

Originally Posted by unSpawn (Post 5089514)
First of all any action (and that includes wiping disks and re-installing the OS or any SW) without determining the cause first is inefficient and may well expose loopholes (if any) again. (That doesn't mean you shouldn't move to mitigate if a breach of security is suspected!)

I am glad that I recommended that the OP make sure that he is rooted before doing a wipe. Determining the root cause of an anomaly makes sense to prevent the event from reoccurring(thanks for that!). For a lot of us who are not professional system administrators (like me) determining the root cause of an anomaly will be a daunting task. I do try to prevent mishaps by patching my systems and having software and hardware firewalls in place.
As the maintainer of rkhunter and a security professional do you have any further(beyond what you mentioned) tips on how to harden a system?
Thanks in advance for any and all suggestions, links, and advice unSpawn. I am genuinely curious.

unSpawn 12-31-2013 10:47 AM

Quote:

Originally Posted by hitest (Post 5089621)
I do try to prevent mishaps by patching my systems and having software and hardware firewalls in place.

Good, good...


Quote:

Originally Posted by hitest (Post 5089621)
(..) do you have any further(beyond what you mentioned) tips on how to harden a system?

I'm sorry but that would deviate from the topic of this thread. You're invited to open a new thread for that topic.

hitest 12-31-2013 10:52 AM

Quote:

Originally Posted by unSpawn (Post 5089642)
I'm sorry but that would deviate from the topic of this thread. You're invited to open a new thread for that topic.

Thank you, unSpawn. I will do that.

ReaperX7 12-31-2013 02:48 PM

Proper system hardening involves many steps, but they're mostly common sense security tactics. Here's some I know of...

1. Implement a Host Intrusion Detection System like Samhain to notify you of attacks.

2. Set up a proper Stateful Packet Inspection and Filtering Firewall and tune it for specific ports and applications.

3. Set up a Secondary login account for Root and use strong passwords at least 14+ characters in length. Try to limit SSH and Telnet to non-root accounts if possible.

4. Use sudo or Superuser to access root through a user account with proper permissions.

5. Set up a proper Rootkit, Malware, and Virus scanner and keep it updated. Scan regularly and keep track of the scans.

6. Keep track of security alerts with packages and update as needed.

7. Lock down root. Prevent root logins from your Display Manager. KDM has a built in system for this.

8. Segregate /home to it's own partition if necessary and use a seperate /boot partition excluded from being auto mounted with fstab.

9. Backup your data files regularly.

10. Use script and ad blockers in web browsers, limit Flash and Java usage to user accounts. If necessary, don't install either.

There are dozens of other tips as well, but these are just common sense. In fact Common Sense is your best ally when securing your system. Use it regularly and wisely.

unSpawn 12-31-2013 02:53 PM

Quote:

Originally Posted by ReaperX7 (Post 5089762)
Proper system hardening involves many steps, but

Why did you think I said going into hardening would deviate from the topic of that thread? Now I'm forced to prune off-topic posts to prevent further pollution of that thread.

hitest 12-31-2013 07:40 PM

Sorry unSpawn. Marking this thread as solved. I would very much welcome your perspective in the Slackware hardening thread I recently started. If that interferes with your moderating duties I understand.
Happy New year. :)


All times are GMT -5. The time now is 08:09 PM.