LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-08-2007, 03:29 AM   #1
nooby
Member
 
Registered: Oct 2007
Location: Stockholm Sweden
Distribution: Snow Puppy and Fluppy and Lupu frugal install
Posts: 279

Rep: Reputation: 33
Newbie on security. Server?


Security people had a world conference recently on the new threat to Linux servers.

As a noob to me a Server is what web hotel use. and Email services has a mail server.

But I also have heard that many linux users have a server at home.

My questions

1. Does every Linux distro have built in Server but it is not activated until you start it?

2. Does that mean that an intruder could fire up, start my built in Linux server without me knowing it?

3. When in Linux using dual boot WUBI Ubuntu I notised a lot of HDD activity without me doing anything.

Could that be such an intruder or was WUBI phoning home to Ubuntu or some scheduled activity? How could I look for source and cause of such activity. some kind of log? That are readable for a beginner?

As I remember the conference was reported in IDG news and RSS to their Mags around the world. My text in Swedish so no use linking to it.

The alarming thing was that none of the Linux server users had a clue on that their servers had a root kit that allowed their servers to be used as control centers for international crime in blackmailing. Controlling 20000 Window machine bots around the world. It was very serious. 7 out of 10 servers had it? My memory could have that wrong but very serious.

It seems not true anymore that Linux is not targetted. Servers are. So that is my question. doesn't every distro have a server built in?

Last edited by nooby; 10-08-2007 at 03:31 AM.
 
Old 10-08-2007, 03:35 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
1. there is no such thing a "a server"... you don't pour it out by the pint or something. any process which accepts external connections and processes them can be deemed to be a server (among many other even looser descriptions), regardless of whatever it's actually doing. do you mean a web server? email? ftp? ssh? there are a million things you could serve, each with a totally seperate and unrelated bit of software.

2. as above, this makes little sense... you are already serving something i bet, probably ssh for a start. you can not start "The Server(tm)(r)" though. if you don't advertise connectivity to thises services from the outside world, no one can attack them.

3. that's not a question... but yes... things do happen in the background. could be plenty of things.
 
Old 10-08-2007, 05:22 AM   #3
nooby
Member
 
Registered: Oct 2007
Location: Stockholm Sweden
Distribution: Snow Puppy and Fluppy and Lupu frugal install
Posts: 279

Original Poster
Rep: Reputation: 33
I should have given the link. I didn't have it at time of writing, now read this:
http://www.linuxworld.com/news/2007/...rss-linux-news

Quote:
"The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling. We expected Microsoft boxes," he said.

Rootkit software covers the tracks of the attackers and can be extremely difficult to detect. According to Cullinane, none of the Linux operators whose machines had been compromised were even aware they'd been infected.

Although Linux has long been considered more secure than Windows, many of the programs that run on top of Linux have known security vulnerabilities, and if an attacker were to exploit an unpatched bug on a misconfigured system, he could seize control of the machine.
So one need to know exactly what the writer refers to. It is not a text for us newbies cause I have no clue on what he refers to. But the fact is that "The vast majority of the threats we saw were rootkitted Linux boxes," and the worst part: "According to Cullinane, none of the Linux operators whose machines had been compromised were even aware they'd been infected."

Which goes against your "if you don't advertise connectivity to thises services from the outside world, no one can attack them. "

Had the Linux users known they did what you say they would have stopped doing it. So it seems that even very advanced users didn't know they did. Which is scary for a newbie like me. How could I know such then? I think you are formally right and technically right but it didn't help all these owners of Linux servers out there.

Last edited by nooby; 10-08-2007 at 05:23 AM.
 
Old 10-08-2007, 07:33 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
it doesn't go against what i said, it's right in line. those users who end up with rootkits probably had ssh services portforwarded on their router so they can get in. someone is then scanning port 22 against an ip list and finds somethign that responds. they do a simple dictionary attack and get root access to the box and do what they want.
 
Old 10-08-2007, 09:50 AM   #5
nooby
Member
 
Registered: Oct 2007
Location: Stockholm Sweden
Distribution: Snow Puppy and Fluppy and Lupu frugal install
Posts: 279

Original Poster
Rep: Reputation: 33
No it doesn't goes against what you said but it goes against all the assertions that linux is free of the problems of windows. Well it is only a matter of time. They will target linux too when enough money is to be harvest from doing it. Linux live on borrowed time.

What about VMware Player. Would that give one more security and still be able to use Linux on a nwindows machine? Maybe a bit slower? But one would learn linux without crashing the windows?
 
Old 10-08-2007, 10:47 AM   #6
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
... said Dave Cullinane, eBay's chief information and security officer, speaking at a Microsoft-sponsored security symposium...
nooby, that particular article is the subject of much debate / criticism. You should read the whole thing.

Quote:
"We see a lot of Linux machines used in phishing," said Alfred Huger, vice president for Symantec Security Response. "We see them as part of the command and control networks for botnets, but we rarely see them be the actual bots. Botnets are almost uniformly Windows-based."
It's poorly worded and confusing. It doesn't appear to cite any real information.

As for you, personally:
  • Run your packet filtering firewall.
  • Keep your software up to date.
 
Old 10-08-2007, 08:39 PM   #7
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,405

Rep: Reputation: 2783Reputation: 2783Reputation: 2783Reputation: 2783Reputation: 2783Reputation: 2783Reputation: 2783Reputation: 2783Reputation: 2783Reputation: 2783Reputation: 2783
As it's 'Microsoft sponsored' I'd be surprised if they hadn't come up with an anti-Linux quote somewhere....
 
Old 10-09-2007, 03:41 AM   #8
nooby
Member
 
Registered: Oct 2007
Location: Stockholm Sweden
Distribution: Snow Puppy and Fluppy and Lupu frugal install
Posts: 279

Original Poster
Rep: Reputation: 33
I apology, I am a poor reader. Trust massmedia too much.

But even if it is an attack. Then we have to come up with other figures. Even if biased they had some facts, it was not imagined figures. None of the infected knew that that was so.

Shows we have to improve the knowledge of the average linux users.

How good are these anti-root-kit programs to find them?
 
Old 10-09-2007, 04:34 AM   #9
Tinkster
Moderator
 
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928
The best tactics are still prevention, prevention and prevention.

Turn off which ever service you don't require; don't allow inbound
connections if you don't have to. If you have to, make sure you use
sensible authentication methods and strong passwords. Don't allow
connections as user root from anywhere but a local console.

Put file-integrity checking into place (e.g. AIDE, tripwire, ....)
BEFORE you put your machine on the net ....

Read the stickies in our security forum ;} for details.




Cheers,
Tink
 
Old 10-09-2007, 06:45 AM   #10
nooby
Member
 
Registered: Oct 2007
Location: Stockholm Sweden
Distribution: Snow Puppy and Fluppy and Lupu frugal install
Posts: 279

Original Poster
Rep: Reputation: 33
I trust you gave good advise but you missed out that some of us noobs even fail to know what the advise says. We stumble on words like "inbound".

And even more to these.
Quote:
Put file-integrity checking into place (e.g. AIDE, tripwire, ....)
BEFORE you put your machine on the net ....
I guess it is programs that make a kind of check that the files don't change without permission? So much to learn for a newbie. One need to be very motivated to dig deep into such when one just wanted to surf and write emails and go to a linux forum.

don't get me wrong. I do appreciate you answer. I value it highly. But it is a too wide gap to the level some of us noobs are on. Maybe wee need a living person at our side.
 
Old 10-09-2007, 01:28 PM   #11
Tinkster
Moderator
 
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928
Quote:
Originally Posted by nooby View Post
I trust you gave good advise but you missed out that some of us noobs even fail to know what the advise says. We stumble on words like "inbound".
Traffic trying to get to your machine from the
internet w/o you having initiated a session.


Quote:
Originally Posted by nooby View Post
And even more to these.

I guess it is programs that make a kind of check that the files don't change without permission? So much to learn for a newbie. One need to be very motivated to dig deep into such when one just wanted to surf and write emails and go to a linux forum.
Not quite. They will take status information and
checksums, and store them securely, and then alert
you if a protected file has been tampered with.
Part of an intrusion detection system.


Quote:
Originally Posted by nooby View Post
don't get me wrong. I do appreciate you answer. I value it highly. But it is a too wide gap to the level some of us noobs are on. Maybe wee need a living person at our side.
If this is your first attempt at Linux, and the machine
holds highly important data or is for corporate use, by
all means - getting a "consultant" (a friend who knows or
a paid for person) in to set it up for you may be the
right choice.

However, the learning curve shouldn't stop you from trying
to set up tight security. That would be like buying an
el cheapo car w/o seat belts and airbags, and with bald
tyres, and leaving it at that :} (this holds true for
windows more so than Linux, btw).


Cheers,
Tink

Last edited by Tinkster; 10-09-2007 at 01:30 PM.
 
Old 10-10-2007, 01:03 PM   #12
nooby
Member
 
Registered: Oct 2007
Location: Stockholm Sweden
Distribution: Snow Puppy and Fluppy and Lupu frugal install
Posts: 279

Original Poster
Rep: Reputation: 33
I saw one cool linux thing. A dedicated security thumb. I find the link after editing. They list all new products. this one had a kind of firewall within so it protected itself. I am a poor reader of text. Not sure of if it could be used as a linux but it has linux inside

http://www.linuxdevices.com/news/NS5094510735.html

Last edited by nooby; 10-11-2007 at 04:26 AM.
 
Old 10-10-2007, 01:52 PM   #13
Tinkster
Moderator
 
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928
Looks interesting :}



Cheers,
Tink
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
security newbie, but not Linux newbie. advice on secure delete tools mattie_linux Linux - Security 19 08-15-2005 02:50 AM
Security for a newbie mdktechie Linux - Security 1 10-01-2003 04:41 PM
Newbie and SSH Security KnightAzul Linux - Security 3 09-11-2003 07:37 PM
Linux Newbie seeking advice on proper security for 7.3 web server... marvc Linux - Security 3 03-24-2003 03:42 PM
newbie security. toothfish Slackware 2 04-29-2002 09:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration