How do you keep safe?


Recommended Posts

A strange question I know but one I feel I need to ask, I have used Linux for many years on a PC the gets recycled every 5 years, eg - once I buy a new PC the old one gets turned into a media/back up server - seeing as it only ever goes online to get metadata and updates I do not really do too much to it, other than to tell iptables to block everything coming into the PC that doesn't come from one of my other PC's.

 

I am curious how people secure their desktops for day to day use online, although I often hear that there are no viri for Linux and that it's much more secure by default and such, Linux is getting more coverage due to it being on phones and such and people are starting to make malware and such for it.

 

I suppose coming from a Windows background of 25 years plus, always having AV or malware programs running I have become to rely on them to much and I believe that this may be holding me back from going to Linux full time, seeing as I do online backing and such not.

 

I have heard about IDS scripts and such but having to look through log files every day to see if "something" happened it not that appealing to me, and I often hear the excuse "well if you don't vist bad sites you should be fine!", but then how do you know if a site is back, sites are always being hijacked and code added, how can you tell if a site that was good yesterday is still good today?

 

I am not writing this to flame or bait about which system is better, I am writing it in the hope that people can help me to understand Linux better so that I can trust it for my day to day needs :)

Link to comment
Share on other sites

Just like every other OS. Keep it up to date, regular backups, and a healthy dose of common sense. For the home user, that malware doesn't wind up on your system by magic, it's either via an exploit (IE keeping your system up to date) or user error (IE, no dumbassery allowed.) A few basic rules have kept all of my systems (Windows, BSD and Linux) malware free for a good number of years now, no babysitting software required. If you run public facing servers, obviously that's a whole different ballgame.

Link to comment
Share on other sites

I found some good hardening scripts people have wrote on Github!

 

Come on RED, you can only pull that ###### on The Blacklist. Do share these scripts, im interested as well

Link to comment
Share on other sites

Same as Max

 

I personally

 

  • Keep it up to date
  • Dont open stupid sites
  • Common Sense

 

The only time i scan files on Linux is if i will be accessing them from one of MY windows laptops

 

dont really give a toss if its someone elses windows systems lol

 

if i am curious and want to see what a dodgy site is i open it in a VM lol

Link to comment
Share on other sites

I found some good hardening scripts people have wrote on Github!

People should only run those if they know what every command does, I've seen "secure firewall" scripts that end up making the system less secure due to people not knowing what the rules did, etc.

Link to comment
Share on other sites

I update my system, have a firewall, use common sense, only use free software, and use addons that enhance security.

I have an Arch system, using Parabola GNU/Linux-Libre, so I followed this guide: https://wiki.archlinux.org/index.php/Security.

 

I use ClamAV to keep my system clear of Windows viruses, and use chkrootkit and rkhunter from time to time to scan for rootkits and other exploits.

Link to comment
Share on other sites

People should only run those if they know what every command does, I've seen "secure firewall" scripts that end up making the system less secure due to people not knowing what the rules did, etc.

 

Its a good job I know what I am doing I am just too lazy most of the time haha!! :laugh:

 

Come on RED, you can only pull that ###### on The Blacklist. Do share these scripts, im interested as well

 

Hahaha!! I was sleep deprived I will fish them out later.

 

Don't suppose you have links to said scripts :p

 

^

Link to comment
Share on other sites

People keep saying common sense but no one has answered how to cover the area of a site that you go to which could normally be safe, then due to an exploit in the web server program or forum software or wordpress it is now sending out malware, how would you check for that, I have heard about chkrootkit and rkhunter and have used them in the past.

 

In the past people have told me that Linux is so secure you dont have to worry about anything, but times change and common sense should tell people that nothing is secure, I know due to Linux usage numbers that you are at a lower risk, but knowing my luck and due tot the fact I have never used Linux for day to day stuff I am bound to do something wrong and get into trouble, if I didn't have bad luck I wouldnt get any luck at all :p

I update my system, have a firewall, use common sense, only use free software, and use addons that enhance security.

I have an Arch system, using Parabola GNU/Linux-Libre, so I followed this guide: https://wiki.archlinux.org/index.php/Security.

 

I use ClamAV to keep my system clear of Windows viruses, and use chkrootkit and rkhunter from time to time to scan for rootkits and other exploits.

Reading the stuff on that page now, and some good links at the bottom, might be for Arch, but should be good for Gentoo as well :)

Link to comment
Share on other sites

Hello,

 

There are security threats to Linux, although they aren't always the same kind (or volume) as seen for Microsoft Windows.

 

Here's a blog post I wrote at work on the subject you might find of interest:  Do you really need antivirus software for Linux desktops?

 

Regards,

 

Aryeh Goretsky

Link to comment
Share on other sites

The biggest thing I do with my linux boxes is just use common sense.

Make sure they're firewalled, make sure fail2ban is setup correctly, make sure that SSH password/root login is off, etc. On my work machine, which has a public IP, I see so many brute force attempts on SSH - it's crazy.

Link to comment
Share on other sites

"I see so many brute force attempts on SSH - it's crazy."

 

Going to be any public access box running ssh..  I always disable password auth on my ssh boxes..  I use public key auth, while fail2ban can keep the logs less cluttered..  If you there is no password, they can bang on it all day long ;)

Link to comment
Share on other sites

People keep saying common sense but no one has answered how to cover the area of a site that you go to which could normally be safe, then due to an exploit in the web server program or forum software or wordpress it is now sending out malware, how would you check for that, I have heard about chkrootkit and rkhunter and have used them in the past.

Even though a compromised site is sending out malware, it still needs one of two things for it to actually do harm. Either it's sending you a file and you were silly enough to actually let it run, or it's taking advantage of a vulnerability in whatever browser or an addon like Flash/Java/etc and doing some sort of remote code vulnerability, both of which goes back to common sense and keeping said software up to date, again that's not OS specific. Although I do go with a third layer; my browsers always run sandboxed. (Sandboxie/etc on Windows, not sure what's available for Linux, I typically don't run my *Nix systems in a desktop setup, but I'd suspect there's something similar.) So even if there was a zero day exploit in browser ____ and I happened to walk into a site that took advantage of it, it couldn't harm the system, at worst I'd have to flush the sandbox and the problem along with it, zero downtime with no tears. Random downloads are the same, sandbox or if that's unfeasible, a scratch VM that I could recover from a snapshot, let that take the bullet. No matter which OS you're on there's a risk of this sort of thing, desktop, server or mobile, doesn't matter.
Link to comment
Share on other sites

"I see so many brute force attempts on SSH - it's crazy."

 

Going to be any public access box running ssh..  I always disable password auth on my ssh boxes..  I use public key auth, while fail2ban can keep the logs less cluttered..  If you there is no password, they can bang on it all day long ;)

And if you really want to annoy them, have an exponential backoff timer in the "password failed" case, so every time they try a wrong password it takes longer and longer to report it.

Link to comment
Share on other sites

1. Stick to the official and trusted repositories for apps and scripts.

2. Keep your whole system updated (trivial on Linux).

3. Install ABP + Noscript browser addons.

4. Most people don't need a firewall on Linux, but if you're concerned, then there are lots of tools. Routers tend to block a lot of stuff by default.

You're much safer on Linux than Windows. It doesn't hurt to be careful what you run though. Knowing how your system works and how to inspect it means you'll notice anything out of the ordinary.

Banking or handling sensitive information should never be done on Windows. It's just too risky. Even a Linux VM is better than doing that stuff in Windows. The number of rootkits, keyloggers, adware, viruses, and scamware I've seen on Windows would put you off the platform for life. It's absolutely insane that people still do banking on it.

  • Like 2
Link to comment
Share on other sites

You still do need a firewall on Linux, you just need it properly configured (This is one area I think the Windows Firewall is really good at, allows traffic from LAN addresses by default, blocks it from WAN addresses by default, pretty much perfect if you trust the network)

Link to comment
Share on other sites

"allows traffic from LAN addresses by default, blocks it from WAN addresses by default, pretty much perfect if you trust the network)"

 

???  That is exactly what every nat router on the planet does, and my edge firewall pfsense..  So why does that box being on a trusted lan network need a software firewall when that rule is already in place at the edge..  Other than to suck up resources on the lan box?

Link to comment
Share on other sites

Been running Debian Linux exclusively on 2 boxes for well over a year now and have played with several other Linux distros for several years also. Definitely NOT a Linux guru by any stretch of the imagination though.

 

Yes,

People will say common sense is the number 1 defense and I will definitely agree with that, whether on Windows or Linux.

 

Can't say as I've ever had a malware/virus issue of any sort just by using common sense and keeping things up to date. I also use this excellent host file, http://winhelp2002.mvps.org/hosts.htm along with my own entries, on both Windows and Linux and keep that up to date too!

 

I know what you mean about relying on AV's and malware scanners in Windows though. I almost feel like I'm cheating or something in Linux as it leaves me with nothing to do as I don't have to waste hours waiting on a scanner to complete, only to see that it found nothing!

Link to comment
Share on other sites

You still do need a firewall on Linux, you just need it properly configured (This is one area I think the Windows Firewall is really good at, allows traffic from LAN addresses by default, blocks it from WAN addresses by default, pretty much perfect if you trust the network)

As Budman said, that's exactly what a standard router already does. Firewalls aren't a necessity on Linux because malware and trojans aren't a primary threat for the average user unlike on Windows. Provided a user sticks to the default respositories for software, there's little to fear.

For example:

zcGFHQd.jpg

Link to comment
Share on other sites

As Budman said, that's exactly what a standard router already does. Firewalls aren't a necessity on Linux because malware and trojans aren't a primary threat for the average user unlike on Windows. Provided a user sticks to the default respositories for software, there's little to fear.

For example:

 

 

I think your confusing Firewalls and Anti Virus

 

a firewall will do nothing for Malware and Trojan on any os

Link to comment
Share on other sites

"a firewall will do nothing for Malware and Trojan on any os"

 

Agreed!!  Firewalls are not required on any host in a trusted network be it windows, linux, bsd, beos, whatever..  I think the biggest problem is the Scare and Fear mongering and hype companies looking to cash in spread about you need a firewall you need a firewall, etc.  Sorry but unless the box is on a hostile network no it doesn't

 

You need a firewall at the border between hostile and trust!  This is 100% true..  But you don't need one on every freaking host/device in your network..

 

Link to comment
Share on other sites

I think your confusing Firewalls and Anti Virus

 

a firewall will do nothing for Malware and Trojan on any os

A firewall can prevent unauthorised outgoing traffic, including trojans. This isn't a problem on Linux, but on Windows it most certainly is and one of the reasons you need a firewall. The built-in Windows firewall isn't nearly sufficient to stop such threats though.

The simple firewall provided by a router is normally enough to keep out WAN traffic, but it won't help a compromised system from sending and receiving traffic.

Link to comment
Share on other sites

This topic is now closed to further replies.