How do you know someone has tried to get into your Fedora based hd..?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How do you know someone has tried to get into your Fedora based hd..?
IF an expert hack can get into a Fedora OS over the Internet.. How would you know that someone has tried to get into your hd's OS..?
Are there Linux software packages that can be installed, and a window be placed on the desktop, that shows in real-time, who and what has tried to, or has, or is, infiltrated a Fedora OS..? if a Fedora OS can be compromised thus...
Are there software packages that can show if someone is uploading your private files from a Fedora OS..?
How do you know your OS doesn't have backdoors in it..?
No "conspiracy" here.. just valid security questions that deserve an honest answer...
When you first install the system, you can run some programs that will give you a baseline "fingerprint" that can be compared later to determine if someone has changed something.
If your new hacker pal is sloppy, he may leave clues in your log files (That's why reviewing your logs is so important). If he was smart enough to break in though, he is likely smart enough to cover his tracks.
The best I can tell you is a mix of good practices is the best bet:
Strong passwords
Patch your system so it's up to date
Keep it patched
Don't run unnecessary services
Read and learn as much as you can.
IF an expert hack can get into a Fedora OS over the Internet.. How would you know that someone has tried to get into your hd's OS..?
If he really is an expert, it needs an expert, too, to notice it, I think.
Quote:
if a Fedora OS can be compromised thus...
Every OS can be compromised, there will never be a 100% security.
Quote:
How do you know your OS doesn't have backdoors in it..?
At first you have to trust your distribution, that it has no backdoors already built in. Then you have to take a fingerprint from your fresh installed system (at best installed without network connection), and you have to compare the fingerprint before you update your system and generate a new one after the system-update. And that every time you update your system.
Or you install from scratch, that means you compile your whole system from source, after you have searched through the whole source for backdoors.
Be aware that any OS is only as secure as the security options the user chooses.
Quoing: "...first install the system, you can run some programs that will give you a baseline "fingerprint" that can be compared later to determine if someone has changed something."
Ok.. So now I'm going to DBAN-Autonuke these 3-hd's, and reinstall F-14 on clean platters...
Is there a best way to install F-14..?
And please detail, for the novice, how to do this "fingerprint" thingy...
____________________
Quoting: "it needs an expert, too, to notice it..."
Then the next obvious question would have to be.. What first thing would the expert look at, to start determining if there has been a compromise..?
____________________
Quoting: "you have to trust your distribution..."
Fedora is at the top of trustworthy...
____________________
Quoting: "And that every time you update your system.
Or you install from scratch, that means you compile your whole system from source, after you have searched through the whole source for backdoors."
Please detail how it's done...
____________________
This is what I've been asking about for ten years on the Net.. but all I ever got from this type of question was flamed, flamed, and more flamed, and banned.. then someone totally trashing the OS within an hour...
Funny.. I'm rushing to make the backup, by habit.. I suppose this is called "shell-shock"...
umm.. I was expecting to be smoke-screened, insulted, blasted, beatup, flamed, killed, and banned, then killed some more, and my PC's OS to be nuked...
Umm..? it didn't happen..?? I actually got some real answers...
_____________
I figured the best way to start this security check is to run "Chrootkit" to test the old OS before I jumps into fresh stuff the right way...
Is this Chrootkit-log anything bad?..
Checking `syslogd'... not tested
Searching for suspicious files and dirs, it may take a while...
/usr/lib/.libfipscheck.so.1.hmac /usr/lib/.libssl.so.1.0.0c.hmac /usr/lib/.libfipscheck.so.1.1.0.hmac /usr/lib/.libssl.so.10.hmac /usr/lib/firefox-3.6/.autoreg /lib/.libcrypto.so.10.hmac /lib/.libcrypto.so.1.0.0c.hmac /lib/.libgcrypt.so.11.hmac
And please detail, for the novice, how to do this "fingerprint" thingy...
You can run a HIDS such as AIDE. This will, of course, require that you first read the documentation and familiarize yourself with how AIDE is used. Also, you'll want to install AIDE right after you've installed your OS from trusted media and before you even plug the network cable in. Otherwise, you risk getting a baseline from an already compromised installation, which would defeat the purpose.
I'm trying to find an "Aide rpm".. I found only one for fedora-11...
Do you know of an Aide rpm for Fedora-14..? I'm having a tough time trying to install an src. or a tar..?
Fedora is humanity's Hat.. Fedora is humanity's leader in love and respect, even if humanity doesn't know it yet.. Can't you feel it?.. Do you know love..?
You think?..
So what do you do to know what's happnin' in your computer's security..?
What's your big "securits"..?
What's the first thing you do to determine if your OS has been compromised..?
Start with the distribution that you download. Verify its md5sum and gpg signature against those reported and signed by the developer. There may even be a designated signer for the package. At a minimum, make sure that the keys used have been signed by several individuals with known organizational email addresses. Granted, this is not 100%, but it is a strong indication that you are getting a legitimate download. Then, create your CD and re-verify the burned ISO image's sum to verify that you have a solid build. Install it and as part of your base install, implement a host based intrusion detection system that will create fingerprints for your system files and monitor them for changes.
Beyond that, do as the above posts suggest. Don't run unnecessary server packages. Don't open unnecessary ports in your firewall. Don't give users permissions that they don't need, keep your system up to date, watch your logs, don't allow root SSH and preferably use key based authentication, and so forth. Keep reading and learning, but maintain eternal vigilance on the performance of your system without relying on an application to secure your system for you.
Second, disable all remote logins using SE-Linux or other settings. This is especially important for root.
Third, use only reputable repositories that others have used without problems.
"Https://www.Earlspervertedspecialpicssite.net/freak/executablesandbinaries" is NOT a reputable repository.
The actual site is, of course, a joke. It doesn't really exist. I would not provide such a real link even if I was into such things. (I'm not.)
Fourth, use complex passwords with at least 10 characters. Sixteen would be better. Obviously use wildcards, numbers, capitol and lower case letters.
Don't use just dictionary words. Don't post your passwords on the side of your computer monitor. If you must write down your passwords, consider hiding them real well or getting a safe located in another room without a computer.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.