Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
10-08-2007, 03:29 AM
|
#1
|
Member
Registered: Oct 2007
Location: Stockholm Sweden
Distribution: Snow Puppy and Fluppy and Lupu frugal install
Posts: 279
Rep:
|
Newbie on security. Server?
Security people had a world conference recently on the new threat to Linux servers.
As a noob to me a Server is what web hotel use. and Email services has a mail server.
But I also have heard that many linux users have a server at home.
My questions
1. Does every Linux distro have built in Server but it is not activated until you start it?
2. Does that mean that an intruder could fire up, start my built in Linux server without me knowing it?
3. When in Linux using dual boot WUBI Ubuntu I notised a lot of HDD activity without me doing anything.
Could that be such an intruder or was WUBI phoning home to Ubuntu or some scheduled activity? How could I look for source and cause of such activity. some kind of log? That are readable for a beginner?
As I remember the conference was reported in IDG news and RSS to their Mags around the world. My text in Swedish so no use linking to it.
The alarming thing was that none of the Linux server users had a clue on that their servers had a root kit that allowed their servers to be used as control centers for international crime in blackmailing. Controlling 20000 Window machine bots around the world. It was very serious. 7 out of 10 servers had it? My memory could have that wrong but very serious.
It seems not true anymore that Linux is not targetted. Servers are. So that is my question. doesn't every distro have a server built in?
Last edited by nooby; 10-08-2007 at 03:31 AM.
|
|
|
10-08-2007, 03:35 AM
|
#2
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
1. there is no such thing a "a server"... you don't pour it out by the pint or something. any process which accepts external connections and processes them can be deemed to be a server (among many other even looser descriptions), regardless of whatever it's actually doing. do you mean a web server? email? ftp? ssh? there are a million things you could serve, each with a totally seperate and unrelated bit of software.
2. as above, this makes little sense... you are already serving something i bet, probably ssh for a start. you can not start "The Server(tm)(r)" though. if you don't advertise connectivity to thises services from the outside world, no one can attack them.
3. that's not a question... but yes... things do happen in the background. could be plenty of things.
|
|
|
10-08-2007, 05:22 AM
|
#3
|
Member
Registered: Oct 2007
Location: Stockholm Sweden
Distribution: Snow Puppy and Fluppy and Lupu frugal install
Posts: 279
Original Poster
Rep:
|
I should have given the link. I didn't have it at time of writing, now read this:
http://www.linuxworld.com/news/2007/...rss-linux-news
Quote:
"The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling. We expected Microsoft boxes," he said.
Rootkit software covers the tracks of the attackers and can be extremely difficult to detect. According to Cullinane, none of the Linux operators whose machines had been compromised were even aware they'd been infected.
Although Linux has long been considered more secure than Windows, many of the programs that run on top of Linux have known security vulnerabilities, and if an attacker were to exploit an unpatched bug on a misconfigured system, he could seize control of the machine.
|
So one need to know exactly what the writer refers to. It is not a text for us newbies cause I have no clue on what he refers to. But the fact is that "The vast majority of the threats we saw were rootkitted Linux boxes," and the worst part: "According to Cullinane, none of the Linux operators whose machines had been compromised were even aware they'd been infected."
Which goes against your "if you don't advertise connectivity to thises services from the outside world, no one can attack them. "
Had the Linux users known they did what you say they would have stopped doing it. So it seems that even very advanced users didn't know they did. Which is scary for a newbie like me. How could I know such then? I think you are formally right and technically right but it didn't help all these owners of Linux servers out there.
Last edited by nooby; 10-08-2007 at 05:23 AM.
|
|
|
10-08-2007, 07:33 AM
|
#4
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
it doesn't go against what i said, it's right in line. those users who end up with rootkits probably had ssh services portforwarded on their router so they can get in. someone is then scanning port 22 against an ip list and finds somethign that responds. they do a simple dictionary attack and get root access to the box and do what they want.
|
|
|
10-08-2007, 09:50 AM
|
#5
|
Member
Registered: Oct 2007
Location: Stockholm Sweden
Distribution: Snow Puppy and Fluppy and Lupu frugal install
Posts: 279
Original Poster
Rep:
|
No it doesn't goes against what you said but it goes against all the assertions that linux is free of the problems of windows. Well it is only a matter of time. They will target linux too when enough money is to be harvest from doing it. Linux live on borrowed time.
What about VMware Player. Would that give one more security and still be able to use Linux on a nwindows machine? Maybe a bit slower? But one would learn linux without crashing the windows?
|
|
|
10-08-2007, 10:47 AM
|
#6
|
Senior Member
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Rep:
|
Quote:
... said Dave Cullinane, eBay's chief information and security officer, speaking at a Microsoft-sponsored security symposium...
|
nooby, that particular article is the subject of much debate / criticism. You should read the whole thing.
Quote:
"We see a lot of Linux machines used in phishing," said Alfred Huger, vice president for Symantec Security Response. "We see them as part of the command and control networks for botnets, but we rarely see them be the actual bots. Botnets are almost uniformly Windows-based."
|
It's poorly worded and confusing. It doesn't appear to cite any real information.
As for you, personally: - Run your packet filtering firewall.
- Keep your software up to date.
|
|
|
10-08-2007, 08:39 PM
|
#7
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,405
|
As it's 'Microsoft sponsored' I'd be surprised if they hadn't come up with an anti-Linux quote somewhere....
|
|
|
10-09-2007, 03:41 AM
|
#8
|
Member
Registered: Oct 2007
Location: Stockholm Sweden
Distribution: Snow Puppy and Fluppy and Lupu frugal install
Posts: 279
Original Poster
Rep:
|
I apology, I am a poor reader. Trust massmedia too much.
But even if it is an attack. Then we have to come up with other figures. Even if biased they had some facts, it was not imagined figures. None of the infected knew that that was so.
Shows we have to improve the knowledge of the average linux users.
How good are these anti-root-kit programs to find them?
|
|
|
10-09-2007, 04:34 AM
|
#9
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
The best tactics are still prevention, prevention and prevention.
Turn off which ever service you don't require; don't allow inbound
connections if you don't have to. If you have to, make sure you use
sensible authentication methods and strong passwords. Don't allow
connections as user root from anywhere but a local console.
Put file-integrity checking into place (e.g. AIDE, tripwire, ....)
BEFORE you put your machine on the net ....
Read the stickies in our security forum ;} for details.
Cheers,
Tink
|
|
|
10-09-2007, 06:45 AM
|
#10
|
Member
Registered: Oct 2007
Location: Stockholm Sweden
Distribution: Snow Puppy and Fluppy and Lupu frugal install
Posts: 279
Original Poster
Rep:
|
I trust you gave good advise but you missed out that some of us noobs even fail to know what the advise says. We stumble on words like "inbound".
And even more to these.
Quote:
Put file-integrity checking into place (e.g. AIDE, tripwire, ....)
BEFORE you put your machine on the net ....
|
I guess it is programs that make a kind of check that the files don't change without permission? So much to learn for a newbie. One need to be very motivated to dig deep into such when one just wanted to surf and write emails and go to a linux forum.
don't get me wrong. I do appreciate you answer. I value it highly. But it is a too wide gap to the level some of us noobs are on. Maybe wee need a living person at our side.
|
|
|
10-09-2007, 01:28 PM
|
#11
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
Quote:
Originally Posted by nooby
I trust you gave good advise but you missed out that some of us noobs even fail to know what the advise says. We stumble on words like "inbound".
|
Traffic trying to get to your machine from the
internet w/o you having initiated a session.
Quote:
Originally Posted by nooby
And even more to these.
I guess it is programs that make a kind of check that the files don't change without permission? So much to learn for a newbie. One need to be very motivated to dig deep into such when one just wanted to surf and write emails and go to a linux forum.
|
Not quite. They will take status information and
checksums, and store them securely, and then alert
you if a protected file has been tampered with.
Part of an intrusion detection system.
Quote:
Originally Posted by nooby
don't get me wrong. I do appreciate you answer. I value it highly. But it is a too wide gap to the level some of us noobs are on. Maybe wee need a living person at our side.
|
If this is your first attempt at Linux, and the machine
holds highly important data or is for corporate use, by
all means - getting a "consultant" (a friend who knows or
a paid for person) in to set it up for you may be the
right choice.
However, the learning curve shouldn't stop you from trying
to set up tight security. That would be like buying an
el cheapo car w/o seat belts and airbags, and with bald
tyres, and leaving it at that :} (this holds true for
windows more so than Linux, btw).
Cheers,
Tink
Last edited by Tinkster; 10-09-2007 at 01:30 PM.
|
|
|
10-10-2007, 01:03 PM
|
#12
|
Member
Registered: Oct 2007
Location: Stockholm Sweden
Distribution: Snow Puppy and Fluppy and Lupu frugal install
Posts: 279
Original Poster
Rep:
|
I saw one cool linux thing. A dedicated security thumb. I find the link after editing. They list all new products. this one had a kind of firewall within so it protected itself. I am a poor reader of text. Not sure of if it could be used as a linux but it has linux inside
http://www.linuxdevices.com/news/NS5094510735.html
Last edited by nooby; 10-11-2007 at 04:26 AM.
|
|
|
10-10-2007, 01:52 PM
|
#13
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
Looks interesting :}
Cheers,
Tink
|
|
|
All times are GMT -5. The time now is 01:57 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|