Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
By Mara at 2004-10-15 14:22
|
How to ask a question and be secure
You're asing a question on LQ. Good. But remember that the information you post may be used by someone who doesn't want to help you. This HOWTO will cover main rules you should follow to post enough details to get a good answer and still be safe.
I'll first show the rules and then discuss them.
So here are the rules:
1. Do not fully trust the aswers you get.
2. Do not post your passwords. Never.
3. Do not post personal information (credit card number, serial number etc.).
4. Do not post your real, global IP address or hostname.
5. Do not allow remote access to your machine someone you've just met online.
6. Update your system.
Being secure is not an easy task. When you're online, you don't know who's on the other side. You don't know who's reading your posts and answering them, either. That's why there's no 1. What if you got a command that deletes all your files?
Check the commands you run. It's easy. To see what a command does just run
man command
You can also scroll down and check all options given.
If the solution is to change a configuration file, make a backup copy.
Example:
You don't know how to set up a default gateway. You have asked a question and got an aswer. Inside there's a command
route add default eth0
You've never heard about that command, so you check if that's what you want. Run
man route
to see route's manual. You'll get something like
route - show / manipulate the IP routing table
It's good. The routing table modification is what you need.
I started with answers, but more things should be said about questions and follow-ups.
You don't know who's reading your posts. In fact, they're accessible by search engines (LQ's engine, but also Google etc.). That's why you shouldn't post sensitive information (rules 3,4 and 5).
Your password is not needed to solve your problem. I may write this, as I have never seen a situation it would be. If a command should be run that requires password, you can do it yourself. Again, remember about rule no. 1.
Don't post credit card numbers, serial numbers. It has been said many times, but is still worth repeating.
There are more things that should be kept secure, especially when you're asking a network-related question (rule 4). Your IP address, domain name are good sources for an attacker. Why? If you're asking a question, in most cases you have a problem. It may mean your machine is not as secure as it should be and you may be an easy target. Don't give your address to an attacker. When you're posting results of route or ifconfig, remove all that may lead to you. Replace global address with a private one. If you're unsure how to do this, just use something like 'XXX.XXX.XXX.XXX'.
Change your domain to be something like 'example.com' (reserved domain name for documentation and similar things).
What's a private address? An address that's local to your network and it's not accessible from outside. There are 3 main ranges of such addresses:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
You don't have to replace addresses from that ranges.
Example:
You were asked to post results of route and ifconfig. An example how it should look below:
ifconfig eth0 result may looks this way:
Code:
eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3754 errors:0 dropped:0 overruns:0 frame:0
TX packets:3855 errors:0 dropped:0 overruns:0 carrier:0
collisions:1 txqueuelen:100
RX bytes:2687451 (2.5 Mb) TX bytes:502075 (490.3 Kb)
Interrupt:11 Base address:0x3800
Replaces elements are shown in [bold]bold[/bold]. HWaddr is a unique number of your NIC. You don't need to show it to public. Second bolded field shows IP address of eth0 interface. 192.168.1.1 is in the third local range. Broadcast changed to point to the right subnet.
route result will be similar to this:
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.0 U 0 0 0 eth0
default mygateway 0.0.0.0 UG 0 0 0 ppp0
In this case default gateway IP (or hostname) was changed.
You should also apply the rule above when you're posting your firewall (iptables) script and in many other situations.
When asking a questions, someone may ask you to give him/her remote access to your machine so they can solve your problem faster than you. Don't do it (rule 5) if you don't know that person really well. Most of the people would just do this: help you. But you don't know for sure.
Last thing, updates (rule 6)...When you post something like I have a problem using Programname version some-version... when some-version is known to have security holes, it's not good. Especially when you also provide your IP.
To sum up: you don't know who reads your posts. That's why don't post your passwords, sensitive information, real IPs and domain names. Before running a command check it.
|
|
|
All times are GMT -5. The time now is 08:36 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|
Thanks.