Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Lots of distros in the past, now Linux Mint
Posts: 748
Rep:
I wouldn't worry about this too much, simply because unless you're a company or another attractive target, it's unlikely someone will target you. Running 'r' commands (rsh and others) would be dangerous, but that's rare these days. Simply keep an eye on your system, and react accordingly if you see someone attempting to use your username to access your password.
Personally, if it bothered me that much, I'd probably change my username (and set up a honeypot with that username), or one of a hundred other options. The danger of removing all remote access to your system is that you might inadvertantly remove 127.0.0.1 access (your loopback), which means you're removing your own access to the system.
Another quick point. Revealing your username tends to be useless. The folks who can use it probably have a number of ways to jump into your system. The key here is to remember that almost all computer systems have a compromised username. For windows, it's something like admin. For Linux, it's root. So don't panic too much, just keep an eye on potential attackers.
I'm not trying to knock security, just putting it into perspective. You could lock your entire system, but for a skilled expert, you'd cause more hassle to yourself than the attacker. In many ways, it's like locking your house before you leave. Anybody can break in, some with skill, some with brute force. The key is to make it more effort than it's worth, and make them move on. In that respect, most Linux systems have an advantage, simply because there are so many insecure MS Windows systems online.
Having the username significantly reduces the complexity of performing a bruteforce or dictionary attack against the system. That's part of the reason why you should always disallow remote root logins, because the username is exposed and is vulnerable to bruteforce. While bruteforcing a standard user doesn't have the same impact as as getting root, it allows you access to the system, where you can still do nefarious things like setup udp flooders, access password hashes, or run a local root exploit and gain root. If you look at the passwords hardcoded into the bruteforcessh2 tool it does attempt a number of non-root usernames, indicating that any access whatsoever is still important to crackers
More in general, I'd disagree with the overall philosophy. Just because there are people out there capable of breaking into a hardened system, doesn't mean you shouldn't lock-down an exposed system or maintain good security practices. By maintaining lax security standards you're increasing the number of people who are capable of cracking your system and their definition of what is "low-hanging fruit" might be quite different than a script kiddies. It's also real mistake to think that your system won't be targeted because it's not part of a corporation. Your system has lots of value, like sniffing passwords/credit card info or even just for the bandwidth it can add as part of a DDoS botnet.
lmmix:
I'd definitely change the username. If you'd like to disable remote login capabilities, just turn off any services that allow remote access like sshd or ftpd. You can't remotely log into a machine that doesn't run any services.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.