LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


View Poll Results: How often do you scan your Linux Computer(s)?
I am so paranoid I scan it more then once a day... 0 0%
Once a day. 4 13.79%
Once a week. 0 0%
Once a month. 2 6.90%
A few times a year. 11 37.93%
Depends really on what I am doing. Can be often or not. 12 41.38%
Voters: 29. You may not vote on this poll

Reply
  Search this Thread
Old 11-01-2010, 07:10 PM   #31
meetscott
Samhain Slackbuild Maintainer
 
Registered: Sep 2004
Location: Phoenix, AZ, USA
Distribution: Slackware
Posts: 411

Rep: Reputation: 42

Quote:
Define "extra security"?
I don't think so dude. Sorry. I'm not playing that game.

I'll make you a deal... you define "Reasonable Security" and I'll define "Extra Security".
 
1 members found this post helpful.
Old 11-02-2010, 04:17 AM   #32
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291
Quote:
Originally Posted by unSpawn View Post
Given the fact that some OS installations are not that well-protected out of the box (Ubuntu's Remote Desktop comes to mind, see for instance the reports on Ubuntuforums), some users not knowing or caring for any security and the amount of hosts being compromised through the web stack still, I disagree.
Yes, well, I guess on Ubuntu, maybe. I think it would be better for Ubuntu to change, rather than having to do extra to keep it secure.

Reasonable security to me is:
1) Use strong passwords (not anything in a dictionary or a name).

2) Firewall (can be on a router, although usually not as configurable, or regular netfilter/iptables).

3) Disable any service that uses a port that you don't need, especially remote login.

4) Scan with rkhunter, chkrootkit, and maybe clamav.

5) If you use sudo, make sure you configure it in a sane manner, unlike Ubuntu.

6) Checksum packages (probably automatic).

I would think that on a non-Ubuntu desktop, this is reasonable security.

Now, on a server, you can and should do more than this.

P.S. I also know the motto of the Security forum: Too much security is never enough. This is also why I seldom reply to anything here.

Last edited by H_TeXMeX_H; 11-02-2010 at 04:30 AM.
 
1 members found this post helpful.
Old 11-02-2010, 04:37 AM   #33
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,818

Rep: Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004
Being a security freak, here is my setup, from power on:

bios password
(bootloader password when i need to edit or change something)
LUKS password
default boots to init 3
log in using standard user, then to root to init 5 if needed (most of the time I do)
log in standard user for gui

as far as scanning my system, I have cron scripts set up for both clamav and rkhunter
for firefox, I have noscript, redirect remover, adblock plus, ghostery, betterprivacy, user agent switcher, plus a few other tools and dev tools I use.

there is a lot more to my system, including my IDS (snort), and real-time alerting on my desktop via conky, as well as system stats through conky. I have screenshots in the "post your desktop" thread. I have a lot going on, and I love it. But once again, I am a security freak.

also to add - i am running a custom kernel, and custom iptables setup which drops everything that I don't initiate.

Last edited by corp769; 11-02-2010 at 04:54 AM. Reason: added more...
 
Old 11-02-2010, 08:48 AM   #34
meetscott
Samhain Slackbuild Maintainer
 
Registered: Sep 2004
Location: Phoenix, AZ, USA
Distribution: Slackware
Posts: 411

Rep: Reputation: 42
I'll share a quick story with you all...

I've been hacked once. It was years ago when the scripts for password guessing were first getting hot on the Internet. I used to have an account on my system called "guest" and the password was "guest" so visitors could get on and use my computer. It was guessed (imagine that?) and the person tried to install a spam relay with a PHP script. The visit was short and he didn't get anywhere. The IP was from Romania.

I was compromised but the damage was minimal because I was generally doing other things that were quite effective. Strong passwords for other accounts, the file system was reasonably locked down, I was running a firewall, services I didn't need were not running, etc. I know more now than I did then. But even in that case I had enough security for my system. Clean up didn't take very long.

So I learned not to keep that guest account anymore. I keep learning. There are even a few ideas I've gleaned from people's responses here. I love Luks to protect my mobile file systems. It's awesome and it works well. IP tables, awesome. I was able to write scripts to minimize and block those repeated attacks from script kiddies.

10 years ago things were not as good as they are now. We have tons of tools and things to help us out and make it easier. In addition, distros are generally doing better default installs than they used to. Nowadays it's easier for users to follow a few good guidelines and have a fairly secure system. It's really hard to exploit a Linux system. And even if that's successful, it's often not very useful to do so. Compare that to Windows. Our lives are way better than the common computer user.
 
Old 11-02-2010, 10:56 AM   #35
OlRoy
Member
 
Registered: Dec 2002
Posts: 304

Rep: Reputation: 86
Quote:
Originally Posted by meetscott View Post
I'll share a quick story with you all...

I've been hacked once. It was years ago when the scripts for password guessing were first getting hot on the Internet. I used to have an account on my system called "guest" and the password was "guest" so visitors could get on and use my computer. It was guessed (imagine that?) and the person tried to install a spam relay with a PHP script. The visit was short and he didn't get anywhere. The IP was from Romania.

I was compromised but the damage was minimal because I was generally doing other things that were quite effective. Strong passwords for other accounts, the file system was reasonably locked down, I was running a firewall, services I didn't need were not running, etc. I know more now than I did then. But even in that case I had enough security for my system. Clean up didn't take very long.

So I learned not to keep that guest account anymore. I keep learning. There are even a few ideas I've gleaned from people's responses here. I love Luks to protect my mobile file systems. It's awesome and it works well. IP tables, awesome. I was able to write scripts to minimize and block those repeated attacks from script kiddies.

10 years ago things were not as good as they are now. We have tons of tools and things to help us out and make it easier. In addition, distros are generally doing better default installs than they used to. Nowadays it's easier for users to follow a few good guidelines and have a fairly secure system. It's really hard to exploit a Linux system. And even if that's successful, it's often not very useful to do so. Compare that to Windows. Our lives are way better than the common computer user.
The point of monitoring is to limit damage when prevention fails, and it appears to of saved you once before. There certainly isn't anything wrong with focusing on preventing attacks. However, there is something wrong with completely ignoring detection. Monitoring will always play a role in security, because there will always be residual risk.

As Bruce Schneier said, monitoring is the first thing you should do to determine what attacks you face, so you know what countermeasures to implement. It also lets you trust your computer by verifying your preventative controls are working.
 
Old 11-02-2010, 12:06 PM   #36
meetscott
Samhain Slackbuild Maintainer
 
Registered: Sep 2004
Location: Phoenix, AZ, USA
Distribution: Slackware
Posts: 411

Rep: Reputation: 42
Quote:
The point of monitoring is to limit damage when prevention fails, and it appears to of saved you once before. There certainly isn't anything wrong with focusing on preventing attacks. However, there is something wrong with completely ignoring detection.
OlRoy, are you aware that I maintain a monitoring and detection package? I hardly consider that ignoring.

I guess I'm sometimes disgusted with people just shooting their mouths off. I quit Slashdot years ago because of this. I mean this in all sincerity, go back there. We simply don't do that to people here.

I agree with the statement that there is something wrong with ignoring detection. I guess that's why I maintain that Samhain build. Did you really mean to direct it towards me? I'm really sorry to pounce on someone if it was simple misspoken language.
 
Old 11-02-2010, 12:18 PM   #37
OlRoy
Member
 
Registered: Dec 2002
Posts: 304

Rep: Reputation: 86
Quote:
Originally Posted by meetscott View Post
OlRoy, are you aware that I maintain a monitoring and detection package? I hardly consider that ignoring.

I guess I'm sometimes disgusted with people just shooting their mouths off. I quit Slashdot years ago because of this. I mean this in all sincerity, go back there. We simply don't do that to people here.

I agree with the statement that there is something wrong with ignoring detection. I guess that's why I maintain that Samhain build. Did you really mean to direct it towards me? I'm really sorry to pounce on someone if it was simple misspoken language.
Yes, it was directed at you. However, I didn't notice you maintained Samhain so I guess I misinterpreted some of what you said. No need to get your panties in a bunch.
 
Old 11-02-2010, 12:44 PM   #38
meetscott
Samhain Slackbuild Maintainer
 
Registered: Sep 2004
Location: Phoenix, AZ, USA
Distribution: Slackware
Posts: 411

Rep: Reputation: 42
Quote:
No need to get your panties in a bunch.
Ahhh nooo. Hell no. These panties are totally wrecked.

From H_TeXMeX_H:
Quote:
P.S. I also know the motto of the Security forum: Too much security is never enough. This is also why I seldom reply to anything here.
I think you might be on to something with this.

No hard feelings OlRoy.
 
Old 11-02-2010, 01:14 PM   #39
Amdx2_x64
Member
 
Registered: Jun 2008
Distribution: Left LQ. Mods are too Rude!
Posts: 598

Original Poster
Rep: Reputation: 50
Quote:
Too much security is never enough.
This is how I feel. Not from a paranoid angle but just because of how things are these days and the likely direction they will keep going in.

Edit: Plus it is fun to learn about security. There is so much it never gets dull.

Last edited by Amdx2_x64; 11-02-2010 at 01:24 PM.
 
Old 11-03-2010, 03:01 AM   #40
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291
Quote:
Originally Posted by Amdx2_x64 View Post
This is how I feel. Not from a paranoid angle but just because of how things are these days and the likely direction they will keep going in.
So, how is that ? How are things these days ?
 
Old 11-03-2010, 03:15 AM   #41
Amdx2_x64
Member
 
Registered: Jun 2008
Distribution: Left LQ. Mods are too Rude!
Posts: 598

Original Poster
Rep: Reputation: 50
Quote:
Originally Posted by H_TeXMeX_H View Post
So, how is that ? How are things these days ?

Here are a couple of things.

The fact so much user data/profiles/browsing history/etc is stored online by various companies and others alone is reason enough. And with Cloud computing it will get much worse (I have never been a fan of Cloud Computing anyways.) Not to mention the lack of concern many have about sharing personal information or clicking anything (flash games, Java Games and so on.) Facebook, MySpace are perfect examples of this. And some companies not caring about user privacy and even selling user information or having it "Accidentally Exposed," somehow.

Last edited by Amdx2_x64; 11-03-2010 at 11:58 AM.
 
Old 11-03-2010, 03:23 AM   #42
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291
Privacy is not the same thing as security, so if you're concerned about privacy, may want to start a new thread. For privacy, you mostly have to customize firefox to block all the BS they throw at you. I don't have flash installed, I download the mp4 instead from youtube.

For FF I have the very much needed Adblock, NoScript, Greasemonkey.

I also stay far away from Google and the Cloud (of doom).
 
Old 11-03-2010, 03:26 AM   #43
Amdx2_x64
Member
 
Registered: Jun 2008
Distribution: Left LQ. Mods are too Rude!
Posts: 598

Original Poster
Rep: Reputation: 50
Quote:
Originally Posted by H_TeXMeX_H View Post
Privacy is not the same thing as security, so if you're concerned about privacy, may want to start a new thread. For privacy, you mostly have to customize firefox to block all the BS they throw at you. I don't have flash installed, I download the mp4 instead from youtube.

For FF I have the very much needed Adblock, NoScript, Greasemonkey.

I also stay far away from Google and the Cloud (of doom).
I disagree. Privacy and Security can go hand and hand. For example the information that was stolen from users can help someone get a profile of that person, their habits, where they live, etc. Then it goes from privacy into security. If a person's privacy is at risk or stolen then someone could easily try and hack into that persons computer, which goes back to security. With all the information being stored on users habits and some actually giving it away freely, it has the potential of getting real messy, real fast.

Edit: My FF list is: NoScript (a must,) Redirect Remover, Adblock Plus, Better Privacy and Ghostery.

Last edited by Amdx2_x64; 11-03-2010 at 04:39 AM.
 
Old 11-03-2010, 08:33 AM   #44
meetscott
Samhain Slackbuild Maintainer
 
Registered: Sep 2004
Location: Phoenix, AZ, USA
Distribution: Slackware
Posts: 411

Rep: Reputation: 42
I can't speak for all "Cloud" (I hate buzzwords) solutions, but I use the Amazon Cloud in a business and it absolutely rocks! For those who don't know this latest, mindless technology cliche, Clouds are just virtualized instances for sale, at least as Amazon is provisioning it. There are other interpretations. Let's not fret over a word that is meant to be intentionally vague.

I would think the people here would generally embrace the cloud because they are generally provisioned as Linux instances and their default security preferences are better than most distros out of the box. Amazon has the majority of the Cloud market right now and the majority of those are running Linux. It's cheap and it can scale.

I also have a Slack box I've colocated for years, but that was before the Cloud was available. I still have it and I'll keep it out there for now, but cost wise, it is making less and less sense. I wouldn't go out and buy the hardware now. But that was then and now there are other options. When it dies, I'm going cloud with that box too.

If guys like the paranoid schizophrenics on this forum are administering it, I'd think it would be a pretty safe option. Cloud or not, companies misuse and mistreat customers. From a technology standpoint, the Cloud is awesome. You just get don't get to get out of doing the admin work that always goes a long with managing any Linux system. You get a free pass on hardware, initial investment, scaling, network infrastructure, and you get some handy dandy extra tools provided by Right Scale.

You should try it before you knock it. For the most part, it's just same Linux we have come to know and love. It's a really cheap way to run a server on the Internet.

Last edited by meetscott; 11-03-2010 at 08:40 AM.
 
Old 11-03-2010, 02:12 PM   #45
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291
Well, that's where I draw the line with privacy. I'm never using any cloud apps, I want my data to stay on my HDD. I'm not quite as paranoid about privacy as many on here, but I do know that they plan on turning computers into terminals, with your data being stored on their servers.

I also don't think the Cloud is anything but vaporware being marketed as a wonder of technology, with a diabolical scheme in the background. I have no use for the cloud.

I've also had enough of this thread.

Last edited by H_TeXMeX_H; 11-03-2010 at 02:14 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iwlist scan - no scan results compu73rg33k Linux - Wireless Networking 6 05-29-2009 02:37 AM
LXer: The world's fastest computers are Linux computers LXer Syndicated Linux News 0 11-28-2008 06:20 PM
Nessus scan and no port scan possible? memo007 Linux - Security 1 09-08-2008 06:21 PM
LXer: FSF works with Los Alamos Computers to provide free computers LXer Syndicated Linux News 0 07-29-2008 10:12 PM
To SCAN or not to SCAN? HP750xi Suse 9.2 Pro newtwolinux Linux - Hardware 4 06-22-2005 04:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration