LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Closed Thread
  Search this Thread
Old 12-12-2010, 07:26 PM   #1
Cosmicb
Member
 
Registered: Feb 2009
Posts: 70

Rep: Reputation: 0
How do you know someone has tried to get into your Fedora based hd..?


IF an expert hack can get into a Fedora OS over the Internet.. How would you know that someone has tried to get into your hd's OS..?

Are there Linux software packages that can be installed, and a window be placed on the desktop, that shows in real-time, who and what has tried to, or has, or is, infiltrated a Fedora OS..? if a Fedora OS can be compromised thus...

Are there software packages that can show if someone is uploading your private files from a Fedora OS..?

How do you know your OS doesn't have backdoors in it..?

No "conspiracy" here.. just valid security questions that deserve an honest answer...

Last edited by Cosmicb; 12-12-2010 at 07:30 PM.
 
Old 12-12-2010, 07:37 PM   #2
AsusDave
Member
 
Registered: Jul 2008
Distribution: Debian, Ubuntu 10.04
Posts: 151

Rep: Reputation: 34
When you first install the system, you can run some programs that will give you a baseline "fingerprint" that can be compared later to determine if someone has changed something.

If your new hacker pal is sloppy, he may leave clues in your log files (That's why reviewing your logs is so important). If he was smart enough to break in though, he is likely smart enough to cover his tracks.

The best I can tell you is a mix of good practices is the best bet:
Strong passwords
Patch your system so it's up to date
Keep it patched
Don't run unnecessary services
Read and learn as much as you can.

HTH
Dave
 
Old 12-12-2010, 07:53 PM   #3
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4864Reputation: 4864Reputation: 4864Reputation: 4864Reputation: 4864Reputation: 4864Reputation: 4864Reputation: 4864Reputation: 4864Reputation: 4864Reputation: 4864
Quote:
Originally Posted by Cosmicb View Post
IF an expert hack can get into a Fedora OS over the Internet.. How would you know that someone has tried to get into your hd's OS..?
If he really is an expert, it needs an expert, too, to notice it, I think.

Quote:
if a Fedora OS can be compromised thus...
Every OS can be compromised, there will never be a 100% security.

Quote:
How do you know your OS doesn't have backdoors in it..?
At first you have to trust your distribution, that it has no backdoors already built in. Then you have to take a fingerprint from your fresh installed system (at best installed without network connection), and you have to compare the fingerprint before you update your system and generate a new one after the system-update. And that every time you update your system.
Or you install from scratch, that means you compile your whole system from source, after you have searched through the whole source for backdoors.

Be aware that any OS is only as secure as the security options the user chooses.
 
Old 12-12-2010, 07:54 PM   #4
Cosmicb
Member
 
Registered: Feb 2009
Posts: 70

Original Poster
Rep: Reputation: 0
WoW!.. and WoW!..


_____________________


Quoing: "...first install the system, you can run some programs that will give you a baseline "fingerprint" that can be compared later to determine if someone has changed something."


Ok.. So now I'm going to DBAN-Autonuke these 3-hd's, and reinstall F-14 on clean platters...
Is there a best way to install F-14..?
And please detail, for the novice, how to do this "fingerprint" thingy...


____________________


Quoting: "it needs an expert, too, to notice it..."


Then the next obvious question would have to be.. What first thing would the expert look at, to start determining if there has been a compromise..?


____________________


Quoting: "you have to trust your distribution..."


Fedora is at the top of trustworthy...

____________________


Quoting: "And that every time you update your system.
Or you install from scratch, that means you compile your whole system from source, after you have searched through the whole source for backdoors."



Please detail how it's done...

____________________


This is what I've been asking about for ten years on the Net.. but all I ever got from this type of question was flamed, flamed, and more flamed, and banned.. then someone totally trashing the OS within an hour...
Funny.. I'm rushing to make the backup, by habit.. I suppose this is called "shell-shock"...

Last edited by Cosmicb; 12-12-2010 at 08:26 PM.
 
Old 12-12-2010, 07:59 PM   #5
AsusDave
Member
 
Registered: Jul 2008
Distribution: Debian, Ubuntu 10.04
Posts: 151

Rep: Reputation: 34

Was our answers not what you were expecting?

HTH
Dave
 
Old 12-12-2010, 08:41 PM   #6
Cosmicb
Member
 
Registered: Feb 2009
Posts: 70

Original Poster
Rep: Reputation: 0
umm.. I was expecting to be smoke-screened, insulted, blasted, beatup, flamed, killed, and banned, then killed some more, and my PC's OS to be nuked...
Umm..? it didn't happen..?? I actually got some real answers...


_____________


I figured the best way to start this security check is to run "Chrootkit" to test the old OS before I jumps into fresh stuff the right way...


Is this Chrootkit-log anything bad?..


Checking `syslogd'... not tested

Searching for suspicious files and dirs, it may take a while...
/usr/lib/.libfipscheck.so.1.hmac /usr/lib/.libssl.so.1.0.0c.hmac /usr/lib/.libfipscheck.so.1.1.0.hmac /usr/lib/.libssl.so.10.hmac /usr/lib/firefox-3.6/.autoreg /lib/.libcrypto.so.10.hmac /lib/.libcrypto.so.1.0.0c.hmac /lib/.libgcrypt.so.11.hmac

Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient)


________________

I'm supposing "false positives", but a second opinion would be nice...

________________



This is what I found in Google searches:

http://forum.nginx.org/read.php?30,120185

http://docs.fedoraproject.org/en-US/...-keypairs.html


Yikes! this is a seriously wicked task for someone doing it the first time... Wouldn't it be sweet if it were setup as a system tool...

Last edited by Cosmicb; 12-12-2010 at 10:14 PM.
 
Old 12-12-2010, 10:27 PM   #7
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally Posted by Cosmicb View Post
And please detail, for the novice, how to do this "fingerprint" thingy...
You can run a HIDS such as AIDE. This will, of course, require that you first read the documentation and familiarize yourself with how AIDE is used. Also, you'll want to install AIDE right after you've installed your OS from trusted media and before you even plug the network cable in. Otherwise, you risk getting a baseline from an already compromised installation, which would defeat the purpose.
 
Old 12-12-2010, 10:59 PM   #8
Cosmicb
Member
 
Registered: Feb 2009
Posts: 70

Original Poster
Rep: Reputation: 0
I'm trying to find an "Aide rpm".. I found only one for fedora-11...
Do you know of an Aide rpm for Fedora-14..? I'm having a tough time trying to install an src. or a tar..?


http://rpm.pbone.net/index.php3?stat...aide&srodzaj=3

http://www.google.com/search?q=aide+...+14&as_rights=
 
Old 12-12-2010, 11:49 PM   #9
knudfl
LQ 5k Club
 
Registered: Jan 2008
Location: Copenhagen DK
Distribution: PCLinuxOS2019 CentOS6.10 CentOS7.7 + 50+ other Linux OS, for test only.
Posts: 17,269

Rep: Reputation: 3568Reputation: 3568Reputation: 3568Reputation: 3568Reputation: 3568Reputation: 3568Reputation: 3568Reputation: 3568Reputation: 3568Reputation: 3568Reputation: 3568
'aide' is a Fedora package. ( Fedora 12 - 13 - 14 etc.)

# yum install aide


..
 
Old 12-13-2010, 01:50 AM   #10
Cosmicb
Member
 
Registered: Feb 2009
Posts: 70

Original Poster
Rep: Reputation: 0
got it... now to make it work for me...
 
Old 12-13-2010, 06:11 AM   #11
devnull10
Member
 
Registered: Jan 2010
Location: Lancashire
Distribution: Slackware Stable
Posts: 553

Rep: Reputation: 116Reputation: 116
Quote:
Quoting: "you have to trust your distribution..."


Fedora is at the top of trustworthy...
You think!?
 
Old 12-13-2010, 09:51 AM   #12
Cosmicb
Member
 
Registered: Feb 2009
Posts: 70

Original Poster
Rep: Reputation: 0
Fedora is humanity's Hat.. Fedora is humanity's leader in love and respect, even if humanity doesn't know it yet.. Can't you feel it?.. Do you know love..?
You think?..



So what do you do to know what's happnin' in your computer's security..?
What's your big "securits"..?
What's the first thing you do to determine if your OS has been compromised..?
 
Old 12-13-2010, 11:26 AM   #13
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780
Start with the distribution that you download. Verify its md5sum and gpg signature against those reported and signed by the developer. There may even be a designated signer for the package. At a minimum, make sure that the keys used have been signed by several individuals with known organizational email addresses. Granted, this is not 100%, but it is a strong indication that you are getting a legitimate download. Then, create your CD and re-verify the burned ISO image's sum to verify that you have a solid build. Install it and as part of your base install, implement a host based intrusion detection system that will create fingerprints for your system files and monitor them for changes.

Beyond that, do as the above posts suggest. Don't run unnecessary server packages. Don't open unnecessary ports in your firewall. Don't give users permissions that they don't need, keep your system up to date, watch your logs, don't allow root SSH and preferably use key based authentication, and so forth. Keep reading and learning, but maintain eternal vigilance on the performance of your system without relying on an application to secure your system for you.
 
1 members found this post helpful.
Old 12-13-2010, 06:47 PM   #14
Cosmicb
Member
 
Registered: Feb 2009
Posts: 70

Original Poster
Rep: Reputation: 0
Are those "signature checks" needed when you download Fedora from the Fedora Project site?..
and when you apply Fedora updater updates..?

Can hacks fake the updater?, like someone nasty did to my PC through Linux OS, not Fedora...
 
Old 12-13-2010, 10:03 PM   #15
mdlinuxwolf
Member
 
Registered: Dec 2006
Distribution: Mepis and Fedora, also Mandrake and SuSE PC-BSD Mint Solaris 11 express
Posts: 378

Rep: Reputation: 41
Cool Never fear -- Its easy to protect fedora

Quote:
Originally Posted by Cosmicb View Post
Are those "signature checks" needed when you download Fedora from the Fedora Project site?..
and when you apply Fedora updater updates..?

Can hacks fake the updater?, like someone nasty did to my PC through Linux OS, not Fedora...
First, when you install Fedora, make your partition encrypted. Here are all the gory details.

http://docs.fedoraproject.org/en-US/...setup-x86.html

Second, disable all remote logins using SE-Linux or other settings. This is especially important for root.

Third, use only reputable repositories that others have used without problems.

"Https://www.Earlspervertedspecialpicssite.net/freak/executablesandbinaries" is NOT a reputable repository.

The actual site is, of course, a joke. It doesn't really exist. I would not provide such a real link even if I was into such things. (I'm not.)

Fourth, use complex passwords with at least 10 characters. Sixteen would be better. Obviously use wildcards, numbers, capitol and lower case letters.

Don't use just dictionary words. Don't post your passwords on the side of your computer monitor. If you must write down your passwords, consider hiding them real well or getting a safe located in another room without a computer.

Lastly, consider upping your meds slightly !!
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Sorce based distro (gentoo) Vs Binary based distro(fedora, debian,..) ashwin_cse Linux - Distributions 7 02-08-2010 01:46 PM
pci based usb hc based on necd72010xf1 and pinnacle pctv card bt878 based ashwani_gupt Linux - Hardware 0 12-17-2009 08:34 AM
web based gnome desktop fedora 8 nomb Fedora 3 11-08-2007 07:19 PM
CD not mounting in Fedora-core1 or based psiva Linux - Hardware 5 04-09-2004 07:27 AM
Custom RedHat (Fedora) Based Distribution jimrt Linux - Distributions 3 11-14-2003 08:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration