Linux. Security.

So, what is it that we really need?

I've got it narrowed down to...

1. No unneeded services. [But which ones are needed? Is there a services cheatsheet like there is with Windows?]
2. Firewall is built in, so no need to get any of those.
3. Restricted policies by default. Be suspicious of anything that wants t3h root.
4. Run a rootkit scanner. [Which one though?]

So, what is to be thrown out the window is constant paranoia, and the resident protection.

Now I know why viruses dont' exist, it's because they can't survive with the restrictions.

But trojans? Are there linux trojans that steal our info? Or do they simply not exist? Is worrying about a javabyte.trjoan.whatever a thing of my Windows past?

These are such easy questions, but I could not find a definitive answer with 2 hours of googling that would put my mind at rest.

 

there are linux trojans, but idk how much damage theyre capable of.

also i found these pages:

comp.os.linux.security FAQ
Linux Security HOWTO

 

Hello,
Greatest security risks in Linux are:
SSH
Local access
Both can do a lot of damage, particularly if someone knows your root password. But you can disable SSH in your firewall, and make sure no unwanted people have access to your PC. And then, you're set.
Mrk

 

Mrk, can you explain why openSSH is a security risk?, i don't understand.
I thought it's purpose was to make secure connections with other systems in a network.

Lamehand

 

Hello,
It is a risk because if someone knows your ip and root password, he can connect from anywhere and do anything he likes. Of course, this risk is not very high. It is very slim. But it is higher than would-be trojan, virus or other inventions for Linux.
It is also a very good thing. Just need to be aware of all possibilities, that's all.
Mrk

 

Ok i understand, as long you use a 'strong' password and keep it safe this won't be a problem.


Lamehand

 

What is SSH and if u disable it, what functionality u loose?
Thanks.

 

It's an application to establish secure connections between systems, but if you don't have it installed there is nothing to worry about in this regard.
If you have it installed and then disable it you won't be able to use a secure connection, thats all.

Lamehand

 

http://en.wikipedia.org/wiki/Secure_Shell

 

thanks

 

Thanks for the heads up.

So, basically, just enable that firewall, strong root password, scan for a kit once in awhile. and I'm all set. I know about the booting into r00t via a floppy, and that's not something I'm going to worry about because of the location of the computer.

As for the firewall aspect, does one need outbound protection? I don't even think there is any mention of outbound protection for any of the Linux firewalls, but it's another habit one picks up when using MS.

But this SNORT thing, looks to be something to play with. What are some good proggies that will implement these rulesets as an IDS?

 

I use firestarter to set policy's for outbound connections, its a frontend for IPtables.
But if there aren't any strange or unneeded services running on the system there is no need for outbound protection.
The services i have running are only for systemlogging and daily automated tasks like checking for updates and such.

Lamehand

 

I can,t understand this.

 

- Firewall. On = good.
- root password = 14 char mixture of lower case, upper case, numerals, and ~!@#$%^&*()_+-=`
- Scan for rootkit once a month or so.
- If someone has access to your floppy drive on a Linux system, then you're as good as gone. All they have to to do reboot and they can reset r00t.

Hope that helps a bit. I tend to ramble.

 

Is it really true? How one can reset root without knowing root password?

 

This might be of some interest to you then.

http://www.bastille-linux.org/jay/anyone-with-a-screwdriver.html

scroll down to "Boot via a floppy / cdrom / other bootable, removable media"

Physical access is t3h evil. Everyone who uses Linux should keep that in mind. It's actually the first thing that people tell you when you ask "linux security".

 

If one disables SSH in Linux, does that only disable the SSH server service?
So one can not have a remote admin like on Windows?

With SSH service disabled can one still use an SSH client like PuTTy to connect to an SSH server, use SFTP programs, etc.?

 

If you disable the service it can't be used and it won't be running from startup and server and client-part can't be used.SSH doesn't come with linux you have to install it from synaptic, so it's a choice.
I don't have remote admin on this system so i can't comment on that, i kicked that off when i first installed linux, but remote admin doesn't depend on SSH
I just use SSH to connect a couple of systems i have, no putty here.
Sorry i can't be more helpfull, but i am still learning this system aswell.

Lamehand