Should security be taken seriously on linux?

generic_ · 2009-06-11 14:00:48

Ive been bored lately and after messing with Linux for about 1 year, reading "How Linux Works", and experimenting with lots of cool Linux software. I wanted to go a little deeper into Linux without getting in to much into kernel hacking.( I'm still teaching my self how to program.) So I thought that security would be a good way to go for now. I understand that there is not as big of a need for security in Linux for obvious reasons. From what I''ve gathered it seems exploits and rootkits are bigger threat than a virus on a Linux system mostly because your virus can't really DO anything interesting unless you have root (This is what I've heard I can't personally validate that). And there seems to be a bigger focus (on the attackers end) towards gaining root access instead of just exploding a box. IM just a desktop user, I read my emails, download music/videos, read ebooks, go on IRC ,etc. I'm not a desirable target (I think!) so should I take security seriously?

Last edited by generic_ (2009-06-11 14:01:45)

Wra!th · 2009-06-11 14:25:07

Switch to OpenBSD and forget you ever made this post
But just to clear one thing up, users that are allowed to sudo (so like 90% of average users) are in the same SH**TY situation as root when it comes to malicious stuff. (*cough* timeout period *cough*). Who needs exploits when for a few minutes you can be God?

Last edited by Wra!th (2009-06-11 14:27:47)

.:B:. · 2009-06-11 14:41:30

generic_ wrote:

I understand that there is not as big of a need for security in Linux for obvious reasons.

Between this and the sentence following, it's quite a contradiction. Define how security concerns just viruses?

From what I''ve gathered it seems exploits and rootkits are bigger threat than a virus on a Linux system mostly because your virus can't really DO anything interesting unless you have root (This is what I've heard I can't personally validate that).

They can still wreck havoc to the home directory of the user that happens to activate them and everything he has write access to. Not a minor concern if you ask me...

And there seems to be a bigger focus (on the attackers end) towards gaining root access instead of just exploding a box.

Not true. Most people just want in - after that it's a matter of time before you hack your way into root (if you know how) and take over the box. The thing is, most users on Windows already run with admin permissions, so it's barely an issue (well actually it is a big issue, but MS likes to work around that...).

IM just a desktop user, I read my emails, download music/videos, read ebooks, go on IRC ,etc. I'm not a desirable target (I think!) so should I take security seriously?

Now let's see. A colleague of mine told me yesterday he had his credit card credentials stolen. He had the credit card company block the card. Today he tells me his computer has been taken over - he can't run anything. No malware or anti-virus scanners, not even a simple task manager. My uninformed guess (I have the laptop here to wipe and reinstall, yay): he has spyware on his system amongst which a keylogger who got his credentials. As soon as the criminals found out his data were worthless they staged a final assault: they hold his laptop hostage until he pays.

No. You shouldn't worry about security since you're just a simple desktop user.

I still think one should run a firewall on a Linux box, for obvious reasons. Keep in mind a lot of firewalls on Windows will also do e.g. intrusion detection whereas on Linux a firewall generally is what it is - a firewall. it keeps the bad guys out. If they get in, there's no way to know.

Things like trojans and keyloggers go unnoticed until it's too late. Rootkits may be installed to hide them (after all a rootkit is seldomly installed for the sake of it; it serves a purpose, take Sony's copy protection scheme for example.

I don't run a IDS myself (I think few people do it on a desktop). But my router's firewall is on (it's just iptables), and I have a few rootkit detection programs installed that I run once in a while. A virus scanner is completely redundant since most Linux scanners only scan for Windows viruses . As a favour to your (Windows) environment it might be useful though, if you pass them on files etc.

generic_ · 2009-06-11 20:51:08

Wow did your friend use linux? Ive heard and seen that stuff before with windows. But I have a windows install I need to use I never get viruses and I don't use antivirus but windows is a whole other subject. Personally everything in my home directory is replace able. In fact my entire install is replaceable quite quickly too. I would be annoyed if someone got in my computer and just nuked it. I'm more afraid of someone monitoring my activity and getting my credentials. When you use iptables what exactly are you blocking? Do you have to manually set each ip to be denied? How do you know who the "bad guys" are just by their IP?

As far as OpenBSD. How is driver support? Can I recompile the kernel? Does it have x86_64?

And hello wraith! Is there ratpoison on OpenBSD too?

Last edited by generic_ (2009-06-11 21:00:09)

hatten · 2009-06-11 21:05:12

@OpenBSD, just fkin google it
Of what i have heard, you can do about everything you need on it, includingt recompiling the kernel (for whatever reason that may be)

Peasantoid · 2009-06-11 21:09:46

Security is important, but don't go crazy with it. You don't need a whole lot to make your system secure (or secure enough).

generic_ · 2009-06-11 21:20:24

Why is it that no one want to answer questions anymore? People ask because a person can be of more help than google. But recompiling the kernel on linux usually has very noticeable effect on speed, is that not the case on OpenBSD?

Wra!th · 2009-06-11 21:21:55

generic_ wrote:

Wow did your friend use linux? Ive heard and seen that stuff before with windows. But I have a windows install I need to use I never get viruses and I don't use antivirus but windows is a whole other subject. Personally everything in my home directory is replace able. In fact my entire install is replaceable quite quickly too. I would be annoyed if someone got in my computer and just nuked it. I'm more afraid of someone monitoring my activity and getting my credentials. When you use iptables what exactly are you blocking? Do you have to manually set each ip to be denied? How do you know who the "bad guys" are just by their IP?
As far as OpenBSD. How is driver support? Can I recompile the kernel? Does it have x86_64?
And hello wraith! Is there ratpoison on OpenBSD too?

I run ratpoison-git on OpenBSD just fine. Yes you can recompile anything you want, they have ports, they have binary packages, and driver support is better for me out of the box than Arch. And the extra? It already comes with X and friends (yes on that iso that's smaller than the Arch core). I didn't need to install anything else, I just booted and started X. I don't even use a xorg.conf and it works just fine . Only thing keeping me out of OpenBSD as a desktop for good is UTF-8. they have support but not the best. IF that's not your thing then it's ok as a desktop too.

edit: also no need to recompile the OpenBSD kernel for speed, it's fast as is....trust me...

Last edited by Wra!th (2009-06-11 21:22:47)

cardinals_fan · 2009-06-11 21:26:41

Security is important on any operating system. Antivirus software isn't, since it is really just a scam to convince people they are secure by wasting resources. You need to assume responsibility and be careful.

I actually don't think OpenBSD is that secure for desktop use. Yes, the default install is hardened beyond belief and it could make a great server. But the packages are often out of date, probably more of a security issue than anything else.

generic_ · 2009-06-11 22:31:40

out of date packages are not a security risk unless those packages have vulnerability.(at least thats the idea) Its just I REALLY like linux. Its fun! Im not worried about concerns apps theres always something to do a certain job. Its just I don't want to end up as some boring bsd user who never gets his hands dirty or has to worry about xorg breaking and hal not working or kdemod even though i hate kde thats besides the point, archlinux really is the best linux out there. I mean does openBSD have an AUR, an excellent wiki, a sick color scheme? I just feel like if I use bsd ill be "settling down" and no more long nights at the terminal. I understand that bsd out scores linux in many aspects but linux is awesome.

szymon_g · 2009-06-11 22:49:51

generic_ wrote:

I understand that there is not as big of a need for security in Linux for obvious reasons.

I dont think that I'll agree with you. actually, security is a quite important issue- remember, linux is still mostly used on servers, and they should be a bit more secure than 'ordinary' desktops

generic_ wrote:

From what I''ve gathered it seems exploits and rootkits are bigger threat than a virus on a Linux system mostly because your virus can't really DO anything interesting unless you have root (This is what I've heard I can't personally validate that)

well... losing whole content of $HOME isnt nice experiance... sure, there should be backups, but...

generic_ wrote:

And there seems to be a bigger focus (on the attackers end) towards gaining root access instead of just exploding a box.

yes, in most cases gaining control over box is much more usefull than just 'exploding' it. it can be used for spam/virus control/sending or other not-so-nice things

generic_ wrote:

IM just a desktop user, I read my emails, download music/videos, read ebooks, go on IRC ,etc. I'm not a desirable target (I think!) so should I take security seriously?

firewall, frequent updates, common sense and some hardening tips should be enough.
but, if you are interested is security, you can always check pax/grsecurity/rsbac/selinux/apparmor/tomoyo. for more info, visit gentoo-hardened pages ;)

shining_grin · 2009-06-11 23:27:39

Wra!th wrote:

Switch to OpenBSD and forget you ever made this post
But just to clear one thing up, users that are allowed to sudo (so like 90% of average users) are in the same SH**TY situation as root when it comes to malicious stuff. (*cough* timeout period *cough*). Who needs exploits when for a few minutes you can be God?

OpenBSD is even more server oriented than Linux, so maybe you can virtualize it to see how it works but I don't think it's ok for "normal" desktop use.

I don't agree with your statement about sudoers: if you configure sudo correctly, i.e. defining which commands an user can run, avoiding vi or emacs as default editor and so on you will solve some of that problems

Wra!th · 2009-06-12 05:54:50

shining_grin wrote:

Wra!th wrote:
Switch to OpenBSD and forget you ever made this post
But just to clear one thing up, users that are allowed to sudo (so like 90% of average users) are in the same SH**TY situation as root when it comes to malicious stuff. (*cough* timeout period *cough*). Who needs exploits when for a few minutes you can be God?
OpenBSD is even more server oriented than Linux, so maybe you can virtualize it to see how it works but I don't think it's ok for "normal" desktop use.
I don't agree with your statement about sudoers: if you configure sudo correctly, i.e. defining which commands an user can run, avoiding vi or emacs as default editor and so on you will solve some of that problems

Why is OpenBSD server oriented? Just because that's what people USUALLY use it for? In that case so is FreeBSD, but there are tons of people using Fbsd as a desktop (even on these forums). I used it for a year and apart from lack of flash at the time, I had no problem.
You also can't dissagree with my sudoers statement, you can just complete it . Just because you and I know how to configure sudo that doesn't mean it's a general case .
The big majority just sets their user to be able to sudo ANY, and that's it.

xd-0 · 2009-06-12 07:05:53

generic_ wrote:

Ive been bored lately and after messing with Linux for about 1 year, reading "How Linux Works", and experimenting with lots of cool Linux software. I wanted to go a little deeper into Linux without getting in to much into kernel hacking.( I'm still teaching my self how to program.) So I thought that security would be a good way to go for now.

Well seems to me you want to take it to the next step. I think first you should go back to the basics. Fire up a cli and begin to learn how to use the basic tools like find, cp, ps, mv, wildcards, sed, awk. Learn about the basic structure of Linux, (initlevels, filesystem, different configfiles). When you know your way around blindfolded begin shell programing in bash to automate different tasks. After that go over and learn some stuff about networking. How the different protocols work etc. Then read about iptables untill your eyes bleed.

edit: conclusion, know the basics in your sleep.

Last edited by xd-0 (2009-06-12 07:06:49)

b9anders · 2009-06-12 08:18:09

Wra!th wrote:

Switch to OpenBSD and forget you ever made this post
But just to clear one thing up, users that are allowed to sudo (so like 90% of average users) are in the same SH**TY situation as root when it comes to malicious stuff. (*cough* timeout period *cough*). Who needs exploits when for a few minutes you can be God?

Sudo is a lot more than the ubuntu implementation. I have some tasks set for no password as I don't consider it necessary and all root tasks are authorisable via sudo but nonetheless requiring the root password. I don't see how that makes it less secure than ordinary su-.

For my own concerns, it's a lot more secure as I frequently leave terminals open and forget about them. Not a good idea if you su'ed into it and left it open. With sudo, the permission is closed after five minutes. In Ubuntu, it's not so much the timeout period that I consider a risc as it is the user password authorising it along with all potential root actions being left open for exploit (with tty_tickets enabled, root permission is limited to the shell it was authorised in). With sudo properly configured, Someone incidentally hacking your user account while sudo is on is about as likely as someone incidentally hacking it while you have a root terminal open, if you do root tasks regularly.

Last edited by b9anders (2009-06-12 08:32:30)

Wra!th · 2009-06-12 08:37:41

b9anders wrote:

With sudo properly configured, Someone incidentally hacking your user account while sudo is on is about as likely as someone incidentally hacking it while you have a root terminal open, if you do root tasks regularly.

WITH it configured! We're talking averages here, not what you or I would do. I use su - and I never leave root terminals open. It IS safer than (default) sudo. Having a timeout period is insane. Should be removed by default imo.
Imagine someone writing a tiny "malware" that just idles, checking for your bash history's last line. if there's a sudo in there, run sudo <naughty command here>. since it's likely still timeout period, away goes your work.
Why is this Ubuntu talk all of a sudden? Sudo is bad everywhere

.:B:. · 2009-06-12 09:20:20

generic_ wrote:

Wow did your friend use linux?

It's a colleague . And no. I am through the stage of promoting Linux to my friends (or good colleagues, for that matter). If they come to me moaning about their Windows setup I tell them to go Mac next time (despite their vendor lock-in practices being even more loathable than Microsoft's at time, their total product is better imho).

To me, there's nothing that beats Linux (or any other decent OS that allows you to tinker, and is *nix-based). But for a lot of people the shift from Windows to Mac OS X is huge, let alone the switch to Ubuntu, however userfriendly it may be (often more userfriendly than Windows imho).

So yes, he runs Windows. I reinstalled his setup yesterday. No way he's gonna run with an admin account ever again . And I told him to buy a Mac next time.

lseubert · 2009-06-12 10:28:49

generic_ wrote:

Ive been bored lately and after messing with Linux for about 1 year, reading "How Linux Works", and experimenting with lots of cool Linux software. I wanted to go a little deeper into Linux without getting in to much into kernel hacking.

Here you go - huge homework assignment:

Securing Debian Manual

While this manual is about Debian, most of the information in it applies to all Linux distributions. If you want to get good at security, work your way through the manual, step-by-step, and lock down your box. Then, read all of the cited references, for additional knowledge on security matters.

Last edited by lseubert (2009-06-12 10:35:13)

moljac024 · 2009-06-12 10:47:22

Wra!th wrote:

b9anders wrote:
With sudo properly configured, Someone incidentally hacking your user account while sudo is on is about as likely as someone incidentally hacking it while you have a root terminal open, if you do root tasks regularly.
WITH it configured! We're talking averages here, not what you or I would do. I use su - and I never leave root terminals open. It IS safer than (default) sudo. Having a timeout period is insane. Should be removed by default imo.
Imagine someone writing a tiny "malware" that just idles, checking for your bash history's last line. if there's a sudo in there, run sudo <naughty command here>. since it's likely still timeout period, away goes your work.
Why is this Ubuntu talk all of a sudden? Sudo is bad everywhere

I agree.
Timeout period = An idea so bad, it hurts

Last edited by moljac024 (2009-06-12 10:47:50)

timetrap · 2009-06-12 10:52:06

More homework.

From this statement

I understand that there is not as big of a need for security in Linux for obvious reasons.

It seems like you have a fundamental misunderstanding of computer security.

Read this blog (Schneier on Security)
Watch these videos (CERIAS @ Purdue)

Computer security is a far more complex than patching and NATing.

IM just a desktop user, I read my emails, download music/videos, read ebooks, go on IRC ,etc. I'm not a desirable target (I think!) so should I take security seriously?

If you use a search engine, take it seriously.

generic_ · 2009-06-12 16:54:17

Wow! This is a prime example of when people say our community is great. Personaly sudo seems like a big sercurity hole in it self as its commonly set to

user ALL = ALL (ALL)

(or something like that you get the idea) What are some things sudo should never apporve of? Im the only person on my system who uses the command line. Anyone else uses gnome. Because of that I have NOPASSWD on some programs I use often. But if some one ever tries to fix aproblem on their own instead of telling me about I don't want them to do something stupid. Basically my question is what commands should be blocked in sudo?

R00KIE · 2009-06-12 20:24:04

How about adding only some accounts to the wheel group? Like the account the admin uses to fix things and manage the system and leave everyone else out, normal users have no need to use sudo anyway, if they don't know what they are doing better not let them sudo rm -rf /
Besides thats the reason some people are called admin and others are called users

%wheel    ALL=(ALL) ALL

On the timeout idea ... yes bad idea but also handy sometimes, as a rule I never login as root and use sudo (sometimes it prevents one doing some damage) but leaves a window of time that can be exploited to do nasty things. Is there any way to reduce/disable the timeout?

fukawi2 · 2009-06-12 23:23:37

Questions like the OP topic keeps me in a job

Only allowing wheel users to use sudo is a good idea. And making PAM enforce secure passwords:
http://www.tutorialnut.com/index.php/20 … ntu-linux/

muunleit · 2009-06-12 23:42:41

generic_ wrote:

... because your virus can't really DO anything interesting unless you have root (This is what I've heard I can't personally validate that).

Please take a look here => How to write a Linux virus in 5 easy steps

olovram · 2009-06-13 00:03:17

just..
http://xkcd.com/538/

Arch Linux

#1 2009-06-11 14:00:48

Should security be taken seriously on linux?

#2 2009-06-11 14:25:07

Re: Should security be taken seriously on linux?

#3 2009-06-11 14:41:30

Re: Should security be taken seriously on linux?

#4 2009-06-11 20:51:08

Re: Should security be taken seriously on linux?

#5 2009-06-11 21:05:12

Re: Should security be taken seriously on linux?

#6 2009-06-11 21:09:46

Re: Should security be taken seriously on linux?

#7 2009-06-11 21:20:24

Re: Should security be taken seriously on linux?

#8 2009-06-11 21:21:55

Re: Should security be taken seriously on linux?

#9 2009-06-11 21:26:41

Re: Should security be taken seriously on linux?

#10 2009-06-11 22:31:40

Re: Should security be taken seriously on linux?

#11 2009-06-11 22:49:51

Re: Should security be taken seriously on linux?

#12 2009-06-11 23:27:39

Re: Should security be taken seriously on linux?

#13 2009-06-12 05:54:50

Re: Should security be taken seriously on linux?

#14 2009-06-12 07:05:53

Re: Should security be taken seriously on linux?

#15 2009-06-12 08:18:09

Re: Should security be taken seriously on linux?

#16 2009-06-12 08:37:41

Re: Should security be taken seriously on linux?

#17 2009-06-12 09:20:20

Re: Should security be taken seriously on linux?

#18 2009-06-12 10:28:49

Re: Should security be taken seriously on linux?

#19 2009-06-12 10:47:22

Re: Should security be taken seriously on linux?

#20 2009-06-12 10:52:06

Re: Should security be taken seriously on linux?

#21 2009-06-12 16:54:17

Re: Should security be taken seriously on linux?

#22 2009-06-12 20:24:04

Re: Should security be taken seriously on linux?

#23 2009-06-12 23:23:37

Re: Should security be taken seriously on linux?

#24 2009-06-12 23:42:41

Re: Should security be taken seriously on linux?

#25 2009-06-13 00:03:17

Re: Should security be taken seriously on linux?

Board footer