Linux Mint Security Question

I am new to Linux and I am struggling to understand fully what is required to start. I have a few questions but first this is what I have done so far after doing as much research as I could understand:

1. Installed Linux Mint (online as suggested) on a system that has XP Pro already installed
2. I spent about two hours looking around and familiarizing myself with the operating system offline
3. I went online and I updated the system through the Update Manager (#1 and #2 updates)
4. I am now setting up a limited user account and trying to research the firewall before I go online and use the internet

I am very cautious while online and I believe my surfing habits are safe, well…for windows anyway. My questions are as follows:

The third option for the update manager states “#3-Safe Packages Not Tested But Believed To Be Safe”. This is the third choice out of five. If I compare this to windows I would consider this to be equal to “Optional Updates” in windows. Is this correct?

Or should I download this level of updates? (all of #3)

Are “rkhunter” and “chkrootkit” packages is should install and use?

Any hints/criticism is appreciated.

Thank you.

 

Most Linux distributions have no ports open by default, and do not benefit from a firewall in most cases. Not sure about Mint though... Just FYI.

If your surfing habits are safe for Windows, they safe for Linux. But note that Linux is not invulnerable - malware in general doesn't target it, but browser exploits can work on it; and phishing is (obviously) still a danger. Pride comes before the fall, etc.

No. Same for 'unhide'. These tools produce lots of false positives, are difficult to use properly, and are probably geared more towards use on servers (where it's suspected that a human attacker has compromised a system).

Sorry I can't answer your other questions, I don't know much about Mint. Good luck!

 

Those updates are beta and untested.

As mentioned by default none of your ports are open. There isn't much reason for a firewall.

I suggest you look into apparmor. I've written a guide that should make things very simple.
https://insanitybit.wordpress.com/2012/05/29/apparmor-how-to/

 

I'm not sure but aren't kernel updates in Mint's category #3?

 

1. Gufw for firewall

2. chkrootkit/rkhunter

3. no script and wot addon firefox

4. norton DNS extra layer if you like

https://dns.norton.com/dnsweb/homePage.do

5. block samba service if dont do network sharing

http://www.ubuntux.org/how-to-start-restart-stop-samba-from-the-command-line

6. block these ports as well they open by default

http://www.cyberciti.biz/faq/what-p...-communicate-with-other-windowslinux-systems/

you can also remove samba completly

http://askubuntu.com/questions/74838/how-do-i-completely-remove-samba

7. app armor also add extra layer if you want


thats all i use on my linux mint more then enough

edit: do safe updates till 3 its ok unsafe 4,5 means their might be clashes on problem some packets they are for advance users.

 

May be helpful for Skype or IM clients that like to open ports.

No. I've been using Linux as my main OS for 8 years, and I still wouldn't trust myself to interpret these tools' output properly.

Noscript -> yes IMO, but takes some learning.

WOT -> IIRC it works by popular opinion, so I don't think I'd trust its ratings.

Samba server probably won't be running on Mint, I would think.

Umm? They shouldn't be. I have never seen those ports open (using netstat) on any desktop Linux distro. And for good reason, they're associated with the server, not the client.

 

what are your results on zenmap on linux mint 13 @Gullible Jones

 

Wow, looks like you're right - Mint has the SMB server running by default, listening on all IPs, with the firewall inactive by default. Madness! This is exactly the kind of stupid default configuration that has caused problems on Windows for so many years... File and printer sharing should be something the user has to set up, not something enabled by default so any friendly worm on your network can infect you.

 

Thank you everyone who took the time to reply to my questions.

I have gone over a few of the suggestions so far and I will be going over the rest later. My old mind can only take so much at a time.

I am glad I finally decided to try and learn this system as this kind of reminds me of the old “DOS” days when I first started learning computers. I love a challenge and this will be keeping me busy for a while….a long while I’m sure.

Thanks again.

 

What worm? What network? Even if you Samba is wide open and listening, if it has no vulnerabilities, nothing can happen. You're not deploying that Mint in an office with 400 co-workers, you're using at your home, probably a standalone machine and most likely with a router in place. So, no biggie.
Mrk

 

agree with mrk behind router really you dont need expect noscript and keep eye on your cookies more than enough )

for little extra mile not too much paranoid mode that what is above post 5 i have configure

 

MrKvonich, Samba consistently has vulnerabilities.

 

So, it has them and?
Mrk

 

We don't like vulnerabilities. Vulnerabilities are bad.

 

Nope. They are not. They just are.
If they don't manifest in exploits, they are like children with potential.
Mrk

 

http://www.google.com/search?q=samba exploited

http://www.bing.com/search?q=samba exploited

 

I'm going to stick with my 'vulnerabilities are bad' stance.

 

I can use google like a champ, thank you.
Most of the stuff is recycled.
References to wide-open business samba servers in the WAN.
Completely irrelevant to home users behind router.
Few to no real technical exploits.

Conclusion = security is a fetish.

Mrk

 

"precaution doesn't hurt". lol

 

Not gonna touch the 'security is a fetish' topic with a 10 foot pole.

 

Security can be a fetish, but so can anything. Having the potential to be a fetish doesn't mean it's not desirable.

IMO it should be reasonable to assume that a freshly installed desktop OS - be it Linux, Windows, whatever - is not configured to provide remote access to anything. Not files, not printers, nothing.

Making network services easy to set up is good. Having them run, unfirewalled, by default, on the basis that I might need them and have no clue how to configure them or use Google... That, I think, is poorly thought out.

 

You shouldn't have to do that. The original account created by the system is a limited account.

I think it only means that the packages are from reputable sources but haven't been tested by the Mint team. I have never heard of any issues with such packages.

No. Those are for rootkits, and in order to get a rootkit, a hacker would first need to root your box. And if he does that, it's game over even if you have a rootkit scanner. Moreover, they throw too many false positives and too many people don't understand how to read the results.

The truth is, you really don't need any extra security precautions. Just keep your system up to date and that's really all you need. If you want you can look into browser extensions like NoScript and the like. Or, if you are an advanced user you can look into using the kernel security features like AppArmor that offer Mandatory Access Controls.

 

I just wanted to say that samba makes me want to puke

That is all

*disappears*

 

What about limbo?

 

Sure, that's obviously true, but at least you know that you have a rootkit.
The false positives are of course a nuisance, but in rkhunter I try to eliminate/minimise them by editing the rkhunter.conf file. Eg. these are some FP's that don't show up anymore.. (Old example from my Ubuntu Lucid 10.04 LTS)
Warning: Suspicious file types found in /dev:
[18:04:16] /dev/shm/sem.ADBE_REL_ocky: data (UNCOMMENTED)
[18:04:16] /dev/shm/sem.ADBE_WritePrefs_ocky: data (")
[18:04:16] /dev/shm/sem.ADBE_ReadPrefs_ocky: data (")
[18:04:16] /dev/shm/pulse-shm-2796030377: data
[18:04:16] /dev/shm/mono-shared-1000-shared_fileshare-ocky-desktop-Linux-x86_64-40-12-0: data
[18:04:16] /dev/shm/mono-shared-1000-shared_data-ocky-desktop-Linux-x86_64-328-12-0: data
[18:04:16] /dev/shm/mono.1642: data
[18:04:16] /dev/shm/pulse-shm-1192406971: data
[18:04:17] /dev/shm/pulse-shm-1882854789: data
[18:04:17] /dev/shm/pulse-shm-2297440267: data
[18:04:17] Checking for hidden files and directories [ Warning ]
[18:04:17] Warning: Hidden directory found: /etc/.java (UNCOMMENTED)
[18:04:17] Warning: Hidden directory found: /dev/.udev (")
[18:04:17] Warning: Hidden directory found: /dev/.initramfs (")


ALLOWDEVFILE=/dev/shm/pulse-shm-* (UNCOMMENTED)
ALLOWDEVFILE=/dev/shm/mono* (ADDED)

Note: ADBE refers to Adobe Reader.

/dev/.blkid.tab: ASCII text (Ignore FP)