Any good security programs for linux ?
Does anyone know of any good security programs for linux like there are for windows ? Something that locks-hides files & folders so they can`t be edited or moved deleted ? Any that restricts access to certain features like start menu,control panel,registry and others, Folder Lock as a example.
|
A standard Linux system will generally not allow a normal user (non-root, non-administrator) to write to any location the /home/user directory but will allow reading to many locations. If a user can't write to a directory, s/he cannot edit anything. Not sure what you want to limit in the Menu but the Control Panel used to configure various settings on the computer should require root privileges. There is no 'registry' in Linux, not sure what would be comparable but I'm sure someone else will post.
|
There are two frameworks that make background services more secure, AppArmor and SELinux. They are installed and configured by default on several distros. Their working principle is containment of attacks: When a service, for example web server, is compromised, an attacker that has gained root privilege can only cause damage to the files that belong to that service, and not to the system at large.
SELinux can tighten security even more by implementing its Multi-Level Security policy, which can make your system get clearance from the CIA and other spy organizations. May be overkill for you, but only the paranoid survive. Some distros configure a strict firewall that only opens the ssh port by default. It is not too hard to set up such a firewall on a more permissive system. Linux includes a command, chattr, that allow you to "lock down" a file, so that even root can't modify it. However, root can use chattr to unlock the file. |
Quote:
|
Quote:
|
Didn`t say it was or was not a conspiracy, just that i would not trust any of them-might be open source but was still developed by the NSA sometime in the 2000`s i do not trust any Gov. rep elected or otherwise & won`t change in the future. I do study history and go by what the facts are so i`m not going to trust them at all no matter what they say-it`s what they do that count`s.
|
Distrust of governments, people in power and secret services is healthy. My point is that this is not relevant. The software is open-source and has been since 10-15 years; if it contains anything nefarious, it would have been detected by now.
|
As berndbausch points out the likelyhood of it being a trojan is much less (but perhaps still non-zero) with many eyes reviewing the code.
On the other hand, you still trust those same actors, and more, to have not successfully compromised the kernel code (we know they have tried), and pretty much every other application you depend on... have you actually verified them all? At some point you have to decide whether and what to expose, and use your best judgment rather than rely on actual trust. |
Quote:
Perhaps you should look into OpenBSD. As far as I know, it's the most secure free operating system. |
As others have pointed out, by default, security is built into Linux out of the box. Linux was built to Unix standards, and, as Unix was a multi-user system from the get-go, security was always a concern.
The basic element of security with Linux are the same as with any other OS: a good firewall. Firewall capability is built into the Linux kernel--it's called iptables. Linux firewall "programs" are usually frontends for configuring iptables. Viruses are not a major concern, as most viruses target more popular operating systems, but that doesn't mean you should ignore them. There are AV programs for Linux. The biggest weakness in Linux is the same as with any other OS: The person sitting behind the keyboard: don't go to dodgy websites, don't click on questionable links, don't get phished. All the security software in the world can't protect against stupid. You may find this a good reference: https://www.linuxtopia.org/LinuxSecurity/index.html |
Quote:
Code:
chmod 400 file Just one of a million examples, read Code:
man chmod Hide: various trivial solutions exist. I use encfs for my porn collection. |
Quote:
I think OpenSSL taught developers and users, quite a lot with respect to "open source" code, in that problems can still lie hidden for years, if the code is not being continually re-examined, reevaluated and developed. |
Quote:
|
Quote:
|
Quote:
|
All times are GMT -5. The time now is 08:19 AM. |