Re: [ubuntu-uk] linux & viruses
I do that too, sometimes. Too eager to get my post sent, I forget to completely proofread it first and so sometimes mistyped words/phrases get sent accidentally. I do try now more often to check and read my emails carefully before sending, but sometimes I send an email quickly (and live to regret it). David King Tony Arnold wrote: > David, > > David King wrote: > >> I think you meant "users tend to be logged in as a normal user instead >> of root, so it's much harder..." >> > > Indeed, I did! Just careless posting on my part! > > Regards, > Tony. > -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] linux & viruses
David, David King wrote: > I think you meant "users tend to be logged in as a normal user instead > of root, so it's much harder..." Indeed, I did! Just careless posting on my part! Regards, Tony. -- Tony Arnold, IT Security Coordinator, University of Manchester, IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL. T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039 E: tony.arn...@manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] linux & viruses
I think you meant "users tend to be logged in as a normal user instead of root, so it's much harder..." Otherwise, being logged in as root all the time does give access to system files, which Linux is good at protecting by not having a user logged in as root, compared to Windows, where a user is encouraged (at least in the past, not sure about Windows 7) to be an Administrator so that they can run all the software, as they do not know how to get some software running as a non-Adminstrator user (e.g. file defragmentation, some games). David King Tony Arnold wrote: > The other is that users > tend to be logged in as root all the time, so it's much harder to > compromise system files, although some argue the users' data is still > vulnerable which is much more valuable than the system stuff. > > -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] linux & viruses
2009/10/22 Paul Roach : > [snip] > > If possible, only permit key based login using SSH as well - this will > completely remove the risk of password based attacks > This is a very good idea but it's not always sufficient, as Apache recently found out. In their case, a third-party webserver got compromised, but it had accounts that had SSH keys to enable backup of apache servers. The SSH config on these password-less SSH keys allowed all commands, not just the backup commands. The attackers managed to alter the data on a staging server and then the automated backup copied it into production! To their credit, they did a full investigation and made all the results public here https://blogs.apache.org/infra/entry/apache_org_downtime_report HTH Cofion/Regards, Neil. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] linux & viruses
On Thu, Oct 22, 2009 at 2:48 AM, Matt Wheeler wrote: > 2009/10/21 Peter Adam Kelly : > > Thanks loads for the info, > > > > I am brushing up on my knowledge of network security, I have some Ubuntu > > dedicated and VPS servers and of course I want them as strong as can be, > any > > more links or info would be appreciated. > > > > Cheers > A couple of other pointers - if running PHP consider using the suhosin patch - and for other public facing servers test their vulnerability using Nessus/Nikto etc (I believe this has recently been mentioned in another post of the list - although it might have been a different list). You might also want to consider routing syslogs to another box. That way, if a machine is compromised, the logs are not at as much risk. Needless to say, only permit traffic to hosts from the boxes that need access - not so good for webservers, but if you're running private webservers it's often possible to only permit access to these from hosts that you "approve of". If possible, only permit key based login using SSH as well - this will completely remove the risk of password based attacks Hope this helps -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] linux & viruses
2009/10/21 Peter Adam Kelly : > Thanks loads for the info, > > I am brushing up on my knowledge of network security, I have some Ubuntu > dedicated and VPS servers and of course I want them as strong as can be, any > more links or info would be appreciated. > > Cheers Something which I've suggested on another thread in here, so you may have already read, is installing fail2ban on any servers with public-facing ports. By default it is set up to monitor ssh auth logs, and it can be configured to monitor any type of logs you want, with several pre-built watchers provided that just need enabling. fail2ban combined with strong passwords is significantly better than just strong passwords. Another thing I would suggest is if at all possible do not run an FTP service (unless it is just anonymous FTP). FTP is a clear text protocol, which means when you send your password it is sent in plain text. Anyone that is between you and your server could theoretically intercept your password, and then use it to connect to your server themselves. use SFTP instead (SFTP is file transfer via SSH, it's not as related to FTP as it sounds). Other than that, just keeping your systems up to date with the latest versions of packages should keep you secure against most attacks that might come your way :-). -- Matt Wheeler m...@funkyhat.org -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] linux & viruses
Thanks loads for the info, I am brushing up on my knowledge of network security, I have some Ubuntu dedicated and VPS servers and of course I want them as strong as can be, any more links or info would be appreciated. Cheers -- Regards Peter Adam Kelly -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] linux & viruses
Alan, alan c wrote: >> The other is that users > > [in Ubuntu, unlike typical Windows users,] > >> tend > > [NOT] > >> to be logged in as root all the time, so it's much harder to >> compromise system files, although some argue the users' data is still >> vulnerable which is much more valuable than the system stuff. > > ?typo? Oops! Yes, typo. Should really read my posts more carefully before hitting that send button. Thanks for the correction! Regards, Tony. -- Tony Arnold, IT Security Coordinator, University of Manchester, IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL. T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039 E: tony.arn...@manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] linux & viruses
Tony Arnold wrote: > Peter, > > Peter Adam Kelly wrote: > >> I was thinking this morning (which is quite exceptional for me at such >> an early hour, but that's another story haha) that a large distro user >> base like ubuntu's is great, it standardizes things and all that, but I >> was left wondering maybe having so many people using one distro makes >> the user base more seseptable to virusses or mallicious attacks, is the >> none standardisation in gnu linux a good thing in security terms and >> standization a bad thing? > > It's generally agreed that a homogeneous environment is bad from a > security viewpoint because it means that if one machine is compromised > then it's likely all of them will or could be. Having a variety of > machines can help limit the scope of the effects of a compromise. > > There are a number of reasons why Linux has not be hit by viruses in the > same way that Windows has. The main one, IMHO, is that files are not > executable by default and so an attacker has to work that little bit > harder to get a user to run something malicious. >The other is that users [in Ubuntu, unlike typical Windows users,] > tend [NOT] >to be logged in as root all the time, so it's much harder to > compromise system files, although some argue the users' data is still > vulnerable which is much more valuable than the system stuff. ?typo? -- alan cocks Ubuntu user -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] linux & viruses
Tony Arnold wrote: > [...] > Having said, that Linux is not immune from the hackers. My experience is > that most incidents with Linux machines have been down to week or > default passwords. Hackers can then get in and use the machine to scan > other machines for weaknesses. My guess is if you put a machine on the > netork with an ssh daemon running and a user name of david and password > of david (for example), then it will be compromised within 24 hours or > less. (I know someone who did exactly this). Hello, Tony. I second that: We got hit because a user with a dictionary name set a password of 12345 ... You can slow down 'brute-force' attacks using IP-tables with, for example, "fail2ban", which is in the Ubuntu repo's. This 'bans' an IP after a configurable number of failed login attempts. However, it's not just SSH that you have to worry about: One of my servers was recently caught sending 100,000 SPAM emails because it had been compromised using a PHP exploit via port 80. I've previously used "Nikto" to check web servers for vulnerabilities: http://www.cirt.net/nikto2 I've used "nessus": http://www.nessus.org/nessus/ In the good old days, "nessus" was GPL. Unfortunately, "nessus" is no longer FLOSS and requires a paid for subscription for 'professional' use. However, there is now a FLOSS fork of the previously GPL "nessus" code called OpenVAS: http://www.openvas.org/ I've been trying this out recently, and it looks very good! Bye, Tony. -- Dr. A.J.Travis, University of Aberdeen, Rowett Institute of Nutrition and Health, Greenburn Road, Bucksburn, Aberdeen AB21 9SB, Scotland, UK tel +44(0)1224 712751, fax +44(0)1224 716687, http://www.rowett.ac.uk mailto:a.tra...@abdn.ac.uk, http://bioinformatics.rri.sari.ac.uk/~ajt -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] linux & viruses
Peter, Peter Adam Kelly wrote: > I was thinking this morning (which is quite exceptional for me at such > an early hour, but that's another story haha) that a large distro user > base like ubuntu's is great, it standardizes things and all that, but I > was left wondering maybe having so many people using one distro makes > the user base more seseptable to virusses or mallicious attacks, is the > none standardisation in gnu linux a good thing in security terms and > standization a bad thing? It's generally agreed that a homogeneous environment is bad from a security viewpoint because it means that if one machine is compromised then it's likely all of them will or could be. Having a variety of machines can help limit the scope of the effects of a compromise. There are a number of reasons why Linux has not be hit by viruses in the same way that Windows has. The main one, IMHO, is that files are not executable by default and so an attacker has to work that little bit harder to get a user to run something malicious. The other is that users tend to be logged in as root all the time, so it's much harder to compromise system files, although some argue the users' data is still vulnerable which is much more valuable than the system stuff. Linux users still make up a relatively small proportion os computer users in the world so if a virus writer wanted to have maximium effect, starting with Linux does not make sense. Of course as this changes, virus writers may start turning their attentions to Linux. Having said, that Linux is not immune from the hackers. My experience is that most incidents with Linux machines have been down to week or default passwords. Hackers can then get in and use the machine to scan other machines for weaknesses. My guess is if you put a machine on the netork with an ssh daemon running and a user name of david and password of david (for example), then it will be compromised within 24 hours or less. (I know someone who did exactly this). Regards, Tony. -- Tony Arnold, IT Security Coordinator, University of Manchester, IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL. T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039 E: tony.arn...@manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
[ubuntu-uk] linux & viruses
sorry about the spelling in my last post, I didn't spell check and I struggle with dyslexia. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
[ubuntu-uk] linux & viruses
Dia duit ar maidin, I was thinking this morning (which is quite exceptional for me at such an early hour, but that's another story haha) that a large distro user base like ubuntu's is great, it standardizes things and all that, but I was left wondering maybe having so many people using one distro makes the user base more seseptable to virusses or mallicious attacks, is the none standardisation in gnu linux a good thing in security terms and standization a bad thing? -- Regards Peter Adam Kelly -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/