Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Don't need to run antivirus on your ubuntu based computer, it is safe until you don't do anything really stupid with root password. But if you want to play around try this.
* Only install programs from your package manager. On Ubuntu that's called "Software Center";
* Learn when and why to use sudo;
* Your browser is probably the worse security whole in your system. Don't run Flash or Java on it;
* Virtual Machines are your friends;
* Customize your firewall. Either run GUFW (and configure it properly) or learn how to set up iptables for your needs;
* Install 'rkhunter', and do regular checks with it (rkhunter --checkall)
Just to build on what Amarildo said, gufw is a program for configuring your firewall. In Linux, firewall capability is built-in (it's called iptables). Linux "firewall" programs are generally programs for making configuring iptables easier.
There are no Linux viruses in the wild and adware and spyware that is rampant on Windows will usually not run on Linux as it is OS-specific. Many experienced Linux users do not run an antivirus programs unless they are, for example, running mail servers and want to make sure that mail for Windows users is virus-free. Most articles a web-search will turn up about Linux security will be about server security.
The most vulnerable program you have is your web browser. I recommend running noscript with Firefox and Seamonkey or a similar program with your preferred browser. The most vulnerable component of any computer is the person sitting between the chair and the keyboard. That person needs to learn how to practice safe HEX.
There are no Linux viruses in the wild and adware and spyware that is rampant on Windows will usually not run on Linux as it is OS-specific.
In my experience it's even harder for a Win virus to run on Linux. There were some tests using WINE and most of the virus couldn't do a thing on Linux :P
Just remember: There ARE viruses in the wild. Obviously not in the repositories, but there are vulnerabilities in Flash and Java that affect all platforms.
Quote:
Originally Posted by frankbell
The most vulnerable program you have is your web browser. I recommend running noscript with Firefox and Seamonkey or a similar program with your preferred browser.
Good call. If I may add, there are other add-ons for adding security to the browser. Currently the ones I use are:
But first Google if the router model isn't vulnerable. There is huge wave of attacks conserning routers' vulnerable firmware.
And I wouldn't recommend anything made in the US either.
I would rather buy a desktop PC to use as a dedicated pfsense server. 100 times better then a router.
P. S. That's what I have in my computer config — pfsense on 2 core Intel Atom desktop PC, then switch and then my Phenom Quad Core Arch Linux desktop PC.
Another very important piece of advice ... for any computer (Windows, OS/X, Linux) is: "leave your Superman Suit locked in the closet!"
You should have no "guest" account, of course, and you should have one administrative user that is capable (via sudo su) of becoming root. But you should ordinarily not do anything as that user except to maintain the system software in the proscribed manner.
Instead, you should have "your" account ... having no special privileges or powers whatsoever. You might have more than one of these, if you "wear different hats" at different times. None of these are members of the wheel group. Their /home directories are private to themselves. They are just "ordinary Jane or Joe." Every account has a non-trivial password.
In this way, any rogue software that attempts to usurp access on your machine ... will find that there is no elevated level of access to be obtained! The user that you're logged-on as, is "nothing and no-one special." It can't touch any files other than its own; it can't modify anything. The user is as dull as donuts and as dumb as toast. You can rummage around in his boring little desk all you want to and never find the keys to the kingdom: they simply aren't there.
You never enter any administrative user-names or other credentials when logged-on as this user, even if asked. You don't store secret information there, even in an encrypted keychain, except as pertains to "this user," and then, yes, always in an encrypted keychain which is normally locked using a password different from the login password.
The rogue is therefore wasting its time. "Nothing to see here, nothing to do." Perfect. (And of course "secure backups are running all the time.")
Last edited by sundialsvcs; 07-17-2015 at 04:07 PM.
I second that. Tailored advice being nice and all that but reading ones chosen distros user, admin and security documentation should come first efficiency-wise.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.