Linux Mint Security Question

Discussion in 'all things UNIX' started by oma53, Jun 28, 2012.

Thread Status:
Not open for further replies.
  1. oma53

    oma53 Registered Member

    Joined:
    Mar 10, 2008
    Posts:
    87
    I am new to Linux and I am struggling to understand fully what is required to start. I have a few questions but first this is what I have done so far after doing as much research as I could understand:

    1. Installed Linux Mint (online as suggested) on a system that has XP Pro already installed
    2. I spent about two hours looking around and familiarizing myself with the operating system offline
    3. I went online and I updated the system through the Update Manager (#1 and #2 updates)
    4. I am now setting up a limited user account and trying to research the firewall before I go online and use the internet

    I am very cautious while online and I believe my surfing habits are safe, well…for windows anyway. My questions are as follows:

    The third option for the update manager states “#3-Safe Packages Not Tested But Believed To Be Safe”. This is the third choice out of five. If I compare this to windows I would consider this to be equal to “Optional Updates” in windows. Is this correct?

    Or should I download this level of updates? (all of #3)

    Are “rkhunter” and “chkrootkit” packages is should install and use?

    Any hints/criticism is appreciated.

    Thank you.
     
  2. Most Linux distributions have no ports open by default, and do not benefit from a firewall in most cases. Not sure about Mint though... Just FYI.

    If your surfing habits are safe for Windows, they safe for Linux. But note that Linux is not invulnerable - malware in general doesn't target it, but browser exploits can work on it; and phishing is (obviously) still a danger. Pride comes before the fall, etc.

    No. Same for 'unhide'. These tools produce lots of false positives, are difficult to use properly, and are probably geared more towards use on servers (where it's suspected that a human attacker has compromised a system).

    Sorry I can't answer your other questions, I don't know much about Mint. Good luck!
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Those updates are beta and untested.

    As mentioned by default none of your ports are open. There isn't much reason for a firewall.

    I suggest you look into apparmor. I've written a guide that should make things very simple.
    https://insanitybit.wordpress.com/2012/05/29/apparmor-how-to/
     
  4. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    I'm not sure but aren't kernel updates in Mint's category #3?
     
  5. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    1. Gufw for firewall

    2. chkrootkit/rkhunter

    3. no script and wot addon firefox

    4. norton DNS extra layer if you like

    https://dns.norton.com/dnsweb/homePage.do

    5. block samba service if dont do network sharing

    http://www.ubuntux.org/how-to-start-restart-stop-samba-from-the-command-line

    6. block these ports as well they open by default

    http://www.cyberciti.biz/faq/what-p...-communicate-with-other-windowslinux-systems/

    you can also remove samba completly

    http://askubuntu.com/questions/74838/how-do-i-completely-remove-samba

    7. app armor also add extra layer if you want :)


    thats all i use on my linux mint more then enough :)

    edit: do safe updates till 3 its ok unsafe 4,5 means their might be clashes on problem some packets they are for advance users.
     
  6. May be helpful for Skype or IM clients that like to open ports.

    No. I've been using Linux as my main OS for 8 years, and I still wouldn't trust myself to interpret these tools' output properly.

    Noscript -> yes IMO, but takes some learning.

    WOT -> IIRC it works by popular opinion, so I don't think I'd trust its ratings.

    Samba server probably won't be running on Mint, I would think.

    Umm? They shouldn't be. I have never seen those ports open (using netstat) on any desktop Linux distro. And for good reason, they're associated with the server, not the client.
     
  7. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    what are your results on zenmap on linux mint 13 @Gullible Jones
     
  8. Wow, looks like you're right - Mint has the SMB server running by default, listening on all IPs, with the firewall inactive by default. Madness! This is exactly the kind of stupid default configuration that has caused problems on Windows for so many years... File and printer sharing should be something the user has to set up, not something enabled by default so any friendly worm on your network can infect you. :thumbd:
     
  9. oma53

    oma53 Registered Member

    Joined:
    Mar 10, 2008
    Posts:
    87
    Thank you everyone who took the time to reply to my questions.

    I have gone over a few of the suggestions so far and I will be going over the rest later. My old mind can only take so much at a time.

    I am glad I finally decided to try and learn this system as this kind of reminds me of the old “DOS” days when I first started learning computers. I love a challenge and this will be keeping me busy for a while….a long while I’m sure.

    Thanks again.
     
  10. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    What worm? What network? Even if you Samba is wide open and listening, if it has no vulnerabilities, nothing can happen. You're not deploying that Mint in an office with 400 co-workers, you're using at your home, probably a standalone machine and most likely with a router in place. So, no biggie.
    Mrk
     
  11. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    agree with mrk behind router really you dont need expect noscript and keep eye on your cookies more than enough :))

    for little extra mile not too much paranoid mode that what is above post 5 i have configure :p
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    MrKvonich, Samba consistently has vulnerabilities.
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    So, it has them and?
    Mrk
     
  14. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    We don't like vulnerabilities. Vulnerabilities are bad.
     
  15. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    Nope. They are not. They just are.
    If they don't manifest in exploits, they are like children with potential.
    Mrk
     
  16. guest

    guest Guest

  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I'm going to stick with my 'vulnerabilities are bad' stance.
     
  18. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    I can use google like a champ, thank you.
    Most of the stuff is recycled.
    References to wide-open business samba servers in the WAN.
    Completely irrelevant to home users behind router.
    Few to no real technical exploits.

    Conclusion = security is a fetish.

    Mrk
     
  19. guest

    guest Guest

    "precaution doesn't hurt". lol
     
  20. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Not gonna touch the 'security is a fetish' topic with a 10 foot pole.
     
  21. Security can be a fetish, but so can anything. Having the potential to be a fetish doesn't mean it's not desirable.

    IMO it should be reasonable to assume that a freshly installed desktop OS - be it Linux, Windows, whatever - is not configured to provide remote access to anything. Not files, not printers, nothing.

    Making network services easy to set up is good. Having them run, unfirewalled, by default, on the basis that I might need them and have no clue how to configure them or use Google... That, I think, is poorly thought out.
     
  22. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    You shouldn't have to do that. The original account created by the system is a limited account.

    I think it only means that the packages are from reputable sources but haven't been tested by the Mint team. I have never heard of any issues with such packages.

    No. Those are for rootkits, and in order to get a rootkit, a hacker would first need to root your box. And if he does that, it's game over even if you have a rootkit scanner. Moreover, they throw too many false positives and too many people don't understand how to read the results.

    The truth is, you really don't need any extra security precautions. Just keep your system up to date and that's really all you need. If you want you can look into browser extensions like NoScript and the like. Or, if you are an advanced user you can look into using the kernel security features like AppArmor that offer Mandatory Access Controls.
     
  23. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
    I just wanted to say that samba makes me want to puke

    That is all

    *disappears*
     
  24. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    What about limbo?
     
  25. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Sure, that's obviously true, but at least you know that you have a rootkit. :argh:
    The false positives are of course a nuisance, but in rkhunter I try to eliminate/minimise them by editing the rkhunter.conf file. Eg. these are some FP's that don't show up anymore.. (Old example from my Ubuntu Lucid 10.04 LTS)
    Warning: Suspicious file types found in /dev:
    [18:04:16] /dev/shm/sem.ADBE_REL_ocky: data (UNCOMMENTED)
    [18:04:16] /dev/shm/sem.ADBE_WritePrefs_ocky: data (")
    [18:04:16] /dev/shm/sem.ADBE_ReadPrefs_ocky: data (")
    [18:04:16] /dev/shm/pulse-shm-2796030377: data
    [18:04:16] /dev/shm/mono-shared-1000-shared_fileshare-ocky-desktop-Linux-x86_64-40-12-0: data
    [18:04:16] /dev/shm/mono-shared-1000-shared_data-ocky-desktop-Linux-x86_64-328-12-0: data
    [18:04:16] /dev/shm/mono.1642: data
    [18:04:16] /dev/shm/pulse-shm-1192406971: data
    [18:04:17] /dev/shm/pulse-shm-1882854789: data
    [18:04:17] /dev/shm/pulse-shm-2297440267: data
    [18:04:17] Checking for hidden files and directories [ Warning ]
    [18:04:17] Warning: Hidden directory found: /etc/.java (UNCOMMENTED)
    [18:04:17] Warning: Hidden directory found: /dev/.udev (")
    [18:04:17] Warning: Hidden directory found: /dev/.initramfs (")


    ALLOWDEVFILE=/dev/shm/pulse-shm-* (UNCOMMENTED)
    ALLOWDEVFILE=/dev/shm/mono* (ADDED)

    Note: ADBE refers to Adobe Reader.

    /dev/.blkid.tab: ASCII text (Ignore FP)
     
Loading...
Thread Status:
Not open for further replies.