Is this just me or the Linux environment is less secure than Windows for a non-super(techie, tho) user?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is this just me or the Linux environment is less secure than Windows for a non-super(techie, tho) user?
For about two days now I'm looking for some ways to secure Linux environment as I have with Windows and I'm getting too damn frustrating about this, because I see threads(around i-net) with the same exactly issue(or kinda) I have and the answers are so fricking dumb - they are not even answers, because it doesn't answer the question. I'm also super upset, because it seems like there's no solution for what I'm looking for in Linux - even tho I refuse to believe in that.
So here I am, asking you the same thing in a hope I will get some reasonable answer/s and hopefully will eventually find one and switch to Linux at the end.
The question:
I'm getting super nervous if I don't have control of inbound/outbound traffic(of applications/anything else). By "control", I mean actually controlling it: be able to see the requested connection(ip, port, what application/something else is making a request) AND to actually make some decisions about it: temp block it, block it, temp allow it, allow it, etc.
If I am understanding you correctly, are you just wanting a firewall? If so, do a search for iptables, or, depending on your exact Linux distro, ufw (uncomplicated firewall).
If not, there are plenty of other security and network utilities for *nix systems. AIDE, ClamAV, OSSEC, fail2ban,Wireshark, etc. It would just depend on your needs.
In saying that, making the logical leap from not being able to implement an easy application-based firewall to stating that "the Linux environment is less secure than Windows" is not correct in my opinion.
My short advice is: if having an application-based firewall of the type you are looking for is important to you and not having one will make you super upset, stick to Windows or macOS.
I don't know what distro you use but if it is Slackware just follow the guide. https://docs.slackware.com/howtos:se...basic_security
I agree firewall setup can be complicated, I used the guide for the iptable but as the first reply said ufw is good and if you prefer using a gui then also install gui-ufw.
Oh according to this video a firewall may not be needed in Linux but is still recommended. https://youtu.be/e_Xi8e_ZOlE
Last edited by Slackware_fan_Fred; 02-16-2019 at 09:34 PM.
If you are looking for an application firewall, then the tool you are looking for is AppArmor. However, the UI is still for professionals, which are fewer and farther between these days. It lacks a point-and-click UI or front-end like GUFW for iptables. It's also a bit lacking in granularity in regards to networking. While at the file system level you can really lock it down to specific directories, network access is still either on or off. However, when you get down to it, in most cases that is adequate.
Just to build on what others have said and perhaps to add some context, the particular requirements you have may be may be more--er--difficult to meet easily in Linux, but as to the general question you started with, Linux is more secure out of the box than Windows and always has been. Linux was designed to Unix standards, and Unix was designed from the beginning as a multi-user OS for mainframes, and, in a multi-user environment, security was a concern from the git-go.
Windows was built on DOS, a single user system which, at its outset, did not envision networking or multiple users. In Windows world, security has always been a catch-up job.
Firewall capability (iptables) is built into the Linux kernel. Most Linux "firewall" programs are actually front-ends for configuring iptables. (The one I usually recommend is gufw.) In addition, in Linux, user cannot exercise administrative privileges; only root can do so. An invader who may gain access to user's home directory cannot access administrative privileges without gaining root access, and this requires entering a password, not just clicking an item in a dialog box.
In most distributions, you create a root password and use su to attain root privileges; in the *buntus, sudo is configured out-of-the-box, and the installing user is given privileges to perform administrative actions, but a password is still required to gain administrative privileges. (As an aside, I've not yet seen a convincing argument for the *buntus' sudo fetish, but that's just me.) Note that some distros activate a firewall on install and some do not.
So yes, meeting the precise desires you enumerated may be more complex on Linux than on Windows, but security in general is better on Linux than on Windows.
To expand on TurboCapitalist's recommendation regarding AppArmor, it's not uncommon for truly basic functions on Linux to be best approached from the command line. In the *nixes, the desktop environment is not part of the operating system, but rather floats on top of it, in a manner of speaking.
There are many desktop environments/window managers available, and some provide more GUI functionality than others. But the command line is the command line is the command line, regardless of the graphical environment and regardless of the distro.
(As an aside, I've not yet seen a convincing argument for the *buntus' sudo fetish, but that's just me.)
That's because, out of the box, the *buntus have seriously misconfigured sudo. They seem to be both badly misusing and underutilizing its capabilities. However, sudo configuration is not something you just stumble upon, most people have to be taught the idea behind it. It's obvious once you know it but the initial though might not occur to people.
That's because, out of the box, the *buntus have seriously misconfigured sudo.
(Grin) They are certainly using it for a purpose for which it was never intended!
If I run a *buntu (other than in a VM for playing with purposes), the first thing I do is enable root. But, I must say, as much as I like Mint (AKA, "Ubuntu done right"), I haven't run a *buntu for quite some time. I think I'll stick with Debian on that branch of the Linux tree.
In saying that, making the logical leap from not being able to implement an easy application-based firewall to stating that "the Linux environment is less secure than Windows" is not correct in my opinion.
My short advice is: if having an application-based firewall of the type you are looking for is important to you and not having one will make you super upset, stick to Windows or macOS.
Well, you could use SELinux to block network access for application X and Y to start off with. Not easy no (selinux).
I think there must be some optimal way to combine selinux with some networking tools to restrict network access to "only allow if..." then xyz.
(As an aside, I've not yet seen a convincing argument for the *buntus' sudo fetish, but that's just me.)
Actually, theoretically, doesn't that make it far more dangerous if a hostile user is able to crack the user account? A lot more damage can be done with the user account than in a non-sudo setup. Or am I wrong?
Just pondering on the theoreticals..
If that is the case, any system with sudo is far more vulnerable to social engineering and weak password setups, no?
If that is the case, any system with sudo is far more vulnerable to social engineering and weak password setups, no?
No. Only systems with badly misconfigured sudoers files (like the *buntus have) are more vulnerable. If you would like to read more, see the sudo rant in my LQ blog which I link to again here. Or see M W Lucas' presentation "sudo: You're Doing It Wrong", you'll find both slides and a video with a quick search. Watching it, even though it is long, will clear up about any question you could reasonably come up with regarding sudoers, such as the "theoretical" one posted just now.
See also
Code:
man sudoers
man sudo
Edit: I'd be far more worried about polkit's pkexec which is a lot less polished and comes from a dodgy group.
Last edited by Turbocapitalist; 02-19-2019 at 07:01 AM.
No. Only systems with badly misconfigured sudoers files (like the *buntus have) are more vulnerable. If you would like to read more, see the sudo rant in my LQ blog which I link to again here. Or see M W Lucas' presentation "sudo: You're Doing It Wrong", you'll find both slides and a video with a quick search. Watching it, even though it is long, will clear up about any question you could reasonably come up with regarding sudoers, such as the "theoretical" one posted just now.
See also
Code:
man sudoers
man sudo
Edit: I'd be far more worried about polkit's pkexec which is a lot less polished and comes from a dodgy group.
Well. IF someone manage to take over a user account on a sudo system, they can do alot more than if they take over a user account on a non sudo system. Sudo gives the "user" the right to do many admin tasks that a normal user on a non-sudo system just cannot do.
So, how does taking over a user account with sudo, prevent the "hostile" from using all those admin functions that the user account can use?
Sudo gives the "user" the right to do many admin tasks that a normal user on a non-sudo system just cannot do.
No it does not do that automatically. It does that only if it has been (mis-)configured to do so. It is quite easy to apply privileges safely via sudoers. Your worries have nothing to do with sudo per se and more about misconfiguration of permissions. Polkit is less granular and harder to configure and thus more dangerous, IMHO, but is less visible and thus flies in under the radar. Your concerns are more applicable to polkit's pkexec. However, please read up on what sudo is and how it works or at least listed the M W Lucas' presentation. Some background information is needed before informed questions can be posed.
Last edited by Turbocapitalist; 02-19-2019 at 07:31 AM.
No it does not do that automatically. It does that only if it has been (mis-)configured to do so. It is quite easy to apply privileges safely via sudoers. Your worries have nothing to do with sudo per se and more about misconfiguration of permissions. Polkit is less granular and harder to configure and thus more dangerous, IMHO, but is less visible and thus flies in under the radar. Your concerns are more applicable to polkit's pkexec. However, please read up on what sudo is and how it works or at least listed the M W Lucas' presentation. Some background information is needed before informed questions can be posed.
Well, in a way you are right. If you manually implement sudo it does not have to be unsafe and can add safe convenience. But since you mention misconfiguration, you have to admit that probably 90% of sudo users are *buntu users, and thus 90% of all sudo setups are grossly misconfigured and unsafe.
So yeah, I can imagine a way that I personally could implement sudo in a useful and safe way, so perhaps you want me to not blame sudo in and of itself?
But since you mention misconfiguration, you have to admit that probably 90% of sudo users are *buntu users, and thus 90% of all sudo setups are grossly misconfigured and unsafe.
That is the point of my blog post... So I do not admit it, I proclaim it and want it fixed. So no the fault is not sudo itself, it is the distros which provide misconfigured defaults for it.
It is still possible, however unlikely, for individuals to fix the broken defaults. Far better would have been for the distros to fix the broken defaults themselves before shipping. Probably won't happen even for Ubuntu 20.04
And againk if you are worried about the misconfigured defaults for sudo, take a look at polkit and pkexec
Edit: for clarity: pkexec is even worse.
Last edited by Turbocapitalist; 02-20-2019 at 12:05 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.