LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-23-2017, 08:51 PM   #1
floundering_fella
LQ Newbie
 
Registered: Oct 2017
Posts: 8

Rep: Reputation: Disabled
Introducing Myself and a question about KRACK updates


Hi all

I tried introducing myself before but the software mustn't have liked me as it just kept me on the composition page.

Anyhoo, I'm calling myself 'floundering_fella' because that describes me teaching myself Linux (Ubuntu 16.04, LTS Xenial Xerus).

I have an initial question. The context is: I don't really know what I'm doing so I look up a command or tip online and execute it and god knows what happens as a result.

My current worry - and many people's I suppose - is the KRACK issue. I note Ubuntu has an advisory (USN-3455-1: wpa_supplicant and hostapd vulnerabilities - I won't include the link, I've noticed it didn't work on another forum I posted to). Catch is, how do I know if I've downloaded these patches?

On the 17th October, by coincidence, I did "sudo apt-get update > sudo apt-get dist-upgrade" and LATER read Vanhoef's article. Hence, I wasn't looking at what was in the updates.

I've done other updates since, using terminal commands, Update Manager and Software Centre. I gather the last isn't of much use to Ubuntu 16.04 users.

All I know is "my software is up to date" - whatever that might mean. So, first question: Anyone able to say if there is a way to interrogate your machine (not my present one - the Ubuntu's on an old Toshiba L840) to verify you've downloaded specific patches?

Thanks

floundering_fella
 
Old 10-24-2017, 06:35 AM   #2
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,869

Rep: Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052
Quote:
Originally Posted by floundering_fella View Post
...
My current worry - and many people's I suppose - is the KRACK issue. I note Ubuntu has an advisory (USN-3455-1: wpa_supplicant and hostapd vulnerabilities - I won't include the link, I've noticed it didn't work on another forum I posted to). Catch is, how do I know if I've downloaded these patches?
The version of the packages in question.

Quote:
On the 17th October, by coincidence, I did "sudo apt-get update > sudo apt-get dist-upgrade" and LATER read Vanhoef's article. Hence, I wasn't looking at what was in the updates.

I've done other updates since, using terminal commands, Update Manager and Software Centre. I gather the last isn't of much use to Ubuntu 16.04 users.

All I know is "my software is up to date" - whatever that might mean. So, first question: Anyone able to say if there is a way to interrogate your machine (not my present one - the Ubuntu's on an old Toshiba L840) to verify you've downloaded specific patches?

Thanks

floundering_fella
Yes there is at least a couple of ways to find out what packages you have installed. I think what you should understand is that in Linux generally, updates are usually installed (like most other things) via software packages. This includes security patches.

One command to check your packages is the apt command. Here's an example;

Code:
sudo apt list --installed | grep -i apache
This will list all packages related to apache.

There is also the dpkg command as well.
 
1 members found this post helpful.
Old 10-24-2017, 07:53 AM   #3
floundering_fella
LQ Newbie
 
Registered: Oct 2017
Posts: 8

Original Poster
Rep: Reputation: Disabled
Thanks jsbjsb001

What might I insert in place of "apache"? (Bear with me please - I really am at base level in knowledge).

There seem a number of possibilities:
(A) From USN-3455-1: wpa_supplicant and hostapd vulnerabilities.
Instead of "apache": hostapd ? 2.4-0ubuntu6.2 ? wpasupplicant ?

(B) From wpa 2.4-0ubuntu6.2 source package in Ubuntu.
Instead of "apache": wpa_2.4.orig.tar.xz ? wpa_2.4-0ubuntu6.2.debian.tar.xz ? wpa_2.4-0ubuntu6.2.dsc?

Cheers

ff
 
Old 10-24-2017, 08:24 AM   #4
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,869

Rep: Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052
Quote:
Originally Posted by floundering_fella View Post
...
What might I insert in place of "apache"? (Bear with me please - I really am at base level in knowledge).
...
I'd say things like wpasupplicant, wpa and/or hostapd. The issues your referring to cannot be done remotely, only someone who is in "range" of the same wifi network, from my understanding.

The package that would have been "patched" was probably the wpasupplicant package.
 
1 members found this post helpful.
Old 10-24-2017, 09:36 AM   #5
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,240
Blog Entries: 4

Rep: Reputation: 3263Reputation: 3263Reputation: 3263Reputation: 3263Reputation: 3263Reputation: 3263Reputation: 3263Reputation: 3263Reputation: 3263Reputation: 3263Reputation: 3263
Although software packages will be promptly updated to cover vulnerabilities, if they haven't been already, do bear in mind that WPA2 et al were never really intended to be "secure," in the sense that you could expect to use them for primary security.

Furthermore, if you're connecting to a secure (https) web site, or a VPN, or using a mail-service that supports TLS/SSL encryption on its link (as most do ...), the packets that you are transmitting, via wireless or otherwise, are encrypted using a technology that can be relied-upon for primary security, before they are ever tendered to the network for transmission.

There should be no "open ports" or "exposed" services being run on your computer anyhow, if you rely upon wireless at any time.

Thus, while vulnerabilities in WPA2 security are certainly annoying, they are (IMHO) not in-practice catastrophic nor even particularly serious.

Last edited by sundialsvcs; 10-24-2017 at 09:37 AM.
 
1 members found this post helpful.
Old 10-25-2017, 12:01 AM   #6
floundering_fella
LQ Newbie
 
Registered: Oct 2017
Posts: 8

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jsbjsb001 View Post
... The issues your referring to cannot be done remotely, only someone who is in "range" of the same wifi network, from my understanding.
Sadly, we live in a 'zero-lot-line' suburb. Signal strength of at least 5-6 neighbours' hotspots good enough at any given time.

I'll give the command line "sudo apt list --installed | grep -i _______" a test drive tonight and let folk know how it went.

Many thanks!

ff
 
Old 10-25-2017, 12:35 AM   #7
floundering_fella
LQ Newbie
 
Registered: Oct 2017
Posts: 8

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by sundialsvcs View Post
... bear in mind that WPA2 et al were never really intended to be "secure," in the sense that you could expect to use them for primary security. ... if you're connecting to a secure (https) web site, or a VPN, or using a mail-service that supports TLS/SSL encryption on its link (as most do ...), the packets that you are transmitting, via wireless or otherwise, are encrypted using a technology that can be relied-upon for primary security, before they are ever tendered to the network for transmission.
Those points, emphasized by others too, are actually reassuring. I'm trying to stick to "https" pages and am using Mozilla Private Window to access Tracking Protection. That has the advantage of visually modifying the "lock icon+https" if parts of the page aren't secure. I've also been thinking about trying one of the free VPNs. At the "researching" stage there.

Quote:
Originally Posted by sundialsvcs View Post
... There should be no "open ports" or "exposed" services being run on your computer anyhow, if you rely upon wireless at any time.
Do you mean "it is unlikely" these would be open/exposed, or "I should be taking steps" to secure ports etc. If "should be taking steps" I'll happily accept tips. Port security is one more of my many knowledge gaps. Something else to look at.

Many thanks also,

ff
 
Old 10-25-2017, 03:14 AM   #8
Philip Lacroix
Member
 
Registered: Jun 2012
Posts: 426

Rep: Reputation: 565Reputation: 565Reputation: 565Reputation: 565Reputation: 565Reputation: 565
Quote:
Originally Posted by floundering_fella View Post
Quote:
Originally Posted by sundialsvcs View Post
There should be no "open ports" or "exposed" services being run on your computer anyhow, if you rely upon wireless at any time.
Do you mean "it is unlikely" these would be open/exposed, or "I should be taking steps" to secure ports etc. If "should be taking steps" I'll happily accept tips. Port security is one more of my many knowledge gaps. Something else to look at.
That depends on you (the admin), and on your distribution's default configuration. Having an open port or an exposed "service" means that your machine is allowing connections from a network to your system, through a specific port, to access a specific "service", which might be a web server (httpd), a secure shell (sshd), a print server, or any other daemon listening on a port on your external network address. The problem is that possible vulnerabilities or an incorrect configuration of such programs might allow the bad guys to do nasty things on your system.

You can improve your machine's security either by shutting down and disabling any daemon ("service") that you don't actually need, and by setting up a firewall that simply drops any unsolicited connections to your network interface. There are several front-ends to iptables (the firewall tool on Linux systems) that can help you do the latter, some of them even have a graphical interface (like gufw, which is a GUI for ufw); the packet filtering system, called Netfilter, is already built into the Linux kernel. Regarding the former, you should read your distribution's documentation and learn how it manages its daemons (Ubuntu now uses the systemd init system, which I'm not familiar with).

In general, I suggest that you get acquainted with some relevant documentation, in order to understand how a Linux system works. This is a general guide to Linux which I'm used to recommend: Introduction to Linux, A Hands on Guide. A couple of (a bit dated, but still useful) HOWTOs: Linux Security HOWTO and Firewall and Proxy Server HOWTO.

Welcome to LQ!

Last edited by Philip Lacroix; 10-25-2017 at 06:21 AM.
 
1 members found this post helpful.
Old 10-25-2017, 05:51 AM   #9
floundering_fella
LQ Newbie
 
Registered: Oct 2017
Posts: 8

Original Poster
Rep: Reputation: Disabled
Hi all

I thought I'd report on my use of the command-line: "sudo apt list --installed | grep -i ______" with 4 substitutes for "_______". Namely, wpasupplicant, wpa, hostapd and 2.4-0ubuntu6.2.

All substitutes called up the first line "WARNING: apt does not have a stable CLI interface. Use with caution in scripts." (ANY COMMENT ON THAT APPRECIATED!)

hostapd did not call up a second line, so is assumed not to have been an appropriate search term.

The other three all called up the same second line, namely: "wpasupplicant/xenial-updates,xenial-security,now 2.4-0ubuntu6.2 amd64 [installed]". Each of these search results was differentiated by the inserted search term being highlighted in red in the second line.

I'm guessing that second line, then, is Ubuntu for "we installed them!" (Or ... ?)

Next step, jsbjsb001 mentions a "dpkg" command. Is it the same command line as above (with "dpkg" instead of "_______". If not, could I ask for the command line please so I can give it a go too?

Many thanks,

ff
 
Old 10-25-2017, 06:26 AM   #10
floundering_fella
LQ Newbie
 
Registered: Oct 2017
Posts: 8

Original Poster
Rep: Reputation: Disabled
Hi Philip

Thanks indeed for your post. You've given me plenty to follow up but this is just what I'm looking for. My immediate focus I imagine will thus be firewall options. But, you're right. Broader reading in Linux generally is necessary.

Cheers

ff
 
Old 10-25-2017, 07:53 AM   #11
Philip Lacroix
Member
 
Registered: Jun 2012
Posts: 426

Rep: Reputation: 565Reputation: 565Reputation: 565Reputation: 565Reputation: 565Reputation: 565
Quote:
Originally Posted by floundering_fella View Post
I thought I'd report on my use of the command-line: "sudo apt list --installed | grep -i ______"
(...)
All substitutes called up the first line "WARNING: apt does not have a stable CLI interface. Use with caution in scripts." (any comment on that appreciated!)
The command line interface (CLI) of apt will potentially change, hence it is not advisable to use it in a shell script, because your script might break in the future when said interface actually changes. Since you are not writing a shell script that uses apt, I wouldn't worry about it.

Quote:
Originally Posted by floundering_fella
hostapd did not call up a second line, so is assumed not to have been an appropriate search term.
Yes, grep clearly didn't find any instance of the string "hostapd" in the output of apt (which means that it is probably not installed). This technique is called "piping" the output of a command, by using the "|" character ("pipe"), to another command, which then uses it as its input. For instance, this part of the command you issued lists all packages installed on your system:

Code:
apt list --installed
... whereas this part parses the output of the first one and searches for a given text string:

Code:
grep -i <string>
In turn, grep will output only those lines containing that string. The "-i" option means that grep will ignore case distinctions, hence if your string is "string" and grep finds "String", it will still output the related line.

Quote:
Originally Posted by floundering_fella
Next step, jsbjsb001 mentions a "dpkg" command. Is it the same command line as above (with "dpkg" instead of "_______". If not, could I ask for the command line please so I can give it a go too?
You can run the command "man dpkg" in your terminal emulator, to see in detail what dpkg is, and what it does. You can do the same for grep as well, and for any installed software that has a "man" (manual) page.

Quote:
Originally Posted by floundering_fella View Post
Thanks indeed for your post. You've given me plenty to follow up but this is just what I'm looking for. My immediate focus I imagine will thus be firewall options. But, you're right. Broader reading in Linux generally is necessary.
You're welcome! The first guide I have listed will help you to become familiar with the command line, which is essential on all Linux systems.

Last edited by Philip Lacroix; 10-25-2017 at 08:08 AM. Reason: typo
 
1 members found this post helpful.
Old 10-25-2017, 08:06 AM   #12
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,869

Rep: Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052
Quote:
Originally Posted by floundering_fella View Post
Sadly, we live in a 'zero-lot-line' suburb. Signal strength of at least 5-6 neighbours' hotspots good enough at any given time.

I'll give the command line "sudo apt list --installed | grep -i _______" a test drive tonight and let folk know how it went.

Many thanks!

ff
Unless you have good reason to believe that any of them are skilled hackers, from what I've read about it, it's not the easiest hack to pull off. So, I would not be too concerned about it.

You have been given some very good advice by other members here, who are quite knowledgeable about these sorts of things. Just take it slow, re-read stuff if you need to and take your own time. No one here was born knowing all there is to know about Linux.

And, your welcome!
 
1 members found this post helpful.
Old 10-25-2017, 06:16 PM   #13
floundering_fella
LQ Newbie
 
Registered: Oct 2017
Posts: 8

Original Poster
Rep: Reputation: Disabled
Hi again all

Apologies if weird things happen here. I just tried to respond to the latest posts and put a final question, then submitted the post, and I can't see it. I'll quickly repeat what I said.

Sincere thanks to all responding. I certainly have lots to help me forward. Could I just clarify with Philip if he meant hostapd (the software) or the hostapd patch probably hadn't been downloaded? (If I have hostapd on my L840 than I'll have to take steps to download the patch)

Again, many thanks

ff.
 
Old 10-26-2017, 02:38 AM   #14
Philip Lacroix
Member
 
Registered: Jun 2012
Posts: 426

Rep: Reputation: 565Reputation: 565Reputation: 565Reputation: 565Reputation: 565Reputation: 565
Hi ff!

Since Ubuntu is a binary distribution (it ships precompiled software packages, you don't have to build them yourself) as most distributions are, when it releases a patch for a given package it does that by creating a new package based on the patched source code that replaces the old one. Therefore you won't have a separate package with the patch only.

If the command "apt list --installed" did not list hostapd, then the hostapd package is not installed at all, therefore you don't have to update it with the patched version either. Unless you need to turn your machine into a wireless access point and authentication server, you don't have to install it the fact that it is not installed by default does actually make sense.

A few references:

hostapd (project home page)
hostapd (Gentoo documentation)
wpa 2.4-0ubuntu6.2 source package in Ubuntu
Binary package "hostapd" in ubuntu xenial
WifiDocs/WirelessAccessPoint (Ubuntu documentation)

Cheers
Philip

Last edited by Philip Lacroix; 10-26-2017 at 02:40 AM.
 
1 members found this post helpful.
Old 10-27-2017, 05:44 AM   #15
floundering_fella
LQ Newbie
 
Registered: Oct 2017
Posts: 8

Original Poster
Rep: Reputation: Disabled
First, many thanks (again) to Philip for your reply. That explains things for me, not only very clearly regarding hostapd, but instructively for Linux more broadly.

Second, I repeat my thanks to all responding. You'll have noted I've rated every reply. That's not just me being nice, but because every response gave an answer I can use as forward guidance. Most contributors to forums try to be helpful but, here, there's evident expertise/experience and targeted help. Put another way, a desire to teach. I value that.

This has been a great introduction to a forum I'll certainly feel comfortable returning to.

All the best and - SOLVED!

Cheers

ff.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
What is KRACK Vulnerability and How WPA-2 was compromised brettjohnson General 16 10-21-2017 09:29 AM
Introducing myself to answer another question samarth_math LinuxQuestions.org Member Intro 3 09-19-2016 09:19 AM
Introducing myself and Asking My first Question (NFS) kd7sjt LinuxQuestions.org Member Intro 3 05-19-2016 07:52 PM
LXer: Introducing eppDater - GUI for Apt-Get Package Updates LXer Syndicated Linux News 0 03-16-2014 08:00 AM
introducing my self with a question:-) losvre Linux - Newbie 4 03-03-2012 04:42 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration