Linux and malware: Should you worry?

Discussion in 'malware problems & news' started by mood, Feb 20, 2020.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,807
    Linux and malware: Should you worry?
    Malicious code is nothing to worry about on Linux, right? Hold your penguins
    February 20, 2020

    https://www.welivesecurity.com/2020/02/20/linux-malware-should-you-worry/
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,807
    Up close and personal with Linux malware
    What are the main security threats facing Linux? A Q&A with ESET Senior Malware Researcher Marc‑Etienne M.Léveillé
    February 21, 2020

    https://www.welivesecurity.com/2020/02/21/up-close-and-personal-with-linux-malware/
     
  3. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,842
    Some remarks:

    1. Those articles focus on Linux servers - and rightly so. The situation for Linux desktop systems is certainly very different.
    2. The recommendation to always keep those systems up-to-date is crucial, indeed. There have been many reports about security breaches in the past where security patches had been available (which would have prevented those incidents) but the systems were not updated. This is a careless attitude often resulting from mantras like "never touch a running system" and/or "availability 99.99999%".
    3. This problem is increased by the well-known fact that many cheap rental servers run Linux (because it's for free). They are often run by hobby admins who don't really know what they are doing resulting in poorly configured and managed systems.
     
  4. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,083
    Location:
    Member state of European Union
    4. Sometimes admin runs Windows on laptop, but Gnu/Linux on server. Admin's laptop gets infected with malware with trojan capabilities. Bad guy steals password or key to Gnu/Linux server root account and installs malware there.
     
  5. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,842
    Good point :thumb:
     
  6. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    744
    About OpenSSH...

    1. Always switch default port that SSH daemon is listening to something else.

    2. Even better, use port knocking if you can.

    3. Don't even think to login with plain password! Be smart, use public key authentication.

    4. Don't even think to login with root account!!!! You can always "su", "sudo" (or whatever floats your boat) inside your
    server after SSH login if you need to do stuff that need root privileges.

    5. Use the best ciphers available.

    6. If you only need to acces your server from some static IP address, block the rest of the world. If you need to access your
    server on the road from dynamic IP while traveling (a la laptop) then at least consider blocking the countries that you will
    likely never, ever visit and so don't need to allow access from those countries. Country blocking takes 3 lines of iptables rules if you use xtables-addons, 4 if you also want some loggin, and those 3 or 4 lines are for whole country ...

    7. If you have nothing better to do, check your logs (at least once per month!), take a beer and browse throught script kiddies hacking attempts...

    8. And last update update update!!!
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.