Re: [ubuntu-uk] linux viruses
On Thu, Oct 22, 2009 at 2:48 AM, Matt Wheeler m...@funkyhat.org wrote: 2009/10/21 Peter Adam Kelly pe...@thatwilldo.com: Thanks loads for the info, I am brushing up on my knowledge of network security, I have some Ubuntu dedicated and VPS servers and of course I want them as strong as can be, any more links or info would be appreciated. Cheers A couple of other pointers - if running PHP consider using the suhosin patch - and for other public facing servers test their vulnerability using Nessus/Nikto etc (I believe this has recently been mentioned in another post of the list - although it might have been a different list). You might also want to consider routing syslogs to another box. That way, if a machine is compromised, the logs are not at as much risk. Needless to say, only permit traffic to hosts from the boxes that need access - not so good for webservers, but if you're running private webservers it's often possible to only permit access to these from hosts that you approve of. If possible, only permit key based login using SSH as well - this will completely remove the risk of password based attacks Hope this helps -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] linux viruses
I think you meant users tend to be logged in as a normal user instead of root, so it's much harder... Otherwise, being logged in as root all the time does give access to system files, which Linux is good at protecting by not having a user logged in as root, compared to Windows, where a user is encouraged (at least in the past, not sure about Windows 7) to be an Administrator so that they can run all the software, as they do not know how to get some software running as a non-Adminstrator user (e.g. file defragmentation, some games). David King Tony Arnold wrote: The other is that users tend to be logged in as root all the time, so it's much harder to compromise system files, although some argue the users' data is still vulnerable which is much more valuable than the system stuff. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] linux viruses
I do that too, sometimes. Too eager to get my post sent, I forget to completely proofread it first and so sometimes mistyped words/phrases get sent accidentally. I do try now more often to check and read my emails carefully before sending, but sometimes I send an email quickly (and live to regret it). David King Tony Arnold wrote: David, David King wrote: I think you meant users tend to be logged in as a normal user instead of root, so it's much harder... Indeed, I did! Just careless posting on my part! Regards, Tony. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
[ubuntu-uk] linux viruses
Dia duit ar maidin, I was thinking this morning (which is quite exceptional for me at such an early hour, but that's another story haha) that a large distro user base like ubuntu's is great, it standardizes things and all that, but I was left wondering maybe having so many people using one distro makes the user base more seseptable to virusses or mallicious attacks, is the none standardisation in gnu linux a good thing in security terms and standization a bad thing? -- Regards Peter Adam Kelly -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] linux viruses
Tony Arnold wrote: [...] Having said, that Linux is not immune from the hackers. My experience is that most incidents with Linux machines have been down to week or default passwords. Hackers can then get in and use the machine to scan other machines for weaknesses. My guess is if you put a machine on the netork with an ssh daemon running and a user name of david and password of david (for example), then it will be compromised within 24 hours or less. (I know someone who did exactly this). Hello, Tony. I second that: We got hit because a user with a dictionary name set a password of 12345 ... You can slow down 'brute-force' attacks using IP-tables with, for example, fail2ban, which is in the Ubuntu repo's. This 'bans' an IP after a configurable number of failed login attempts. However, it's not just SSH that you have to worry about: One of my servers was recently caught sending 100,000 SPAM emails because it had been compromised using a PHP exploit via port 80. I've previously used Nikto to check web servers for vulnerabilities: http://www.cirt.net/nikto2 I've used nessus: http://www.nessus.org/nessus/ In the good old days, nessus was GPL. Unfortunately, nessus is no longer FLOSS and requires a paid for subscription for 'professional' use. However, there is now a FLOSS fork of the previously GPL nessus code called OpenVAS: http://www.openvas.org/ I've been trying this out recently, and it looks very good! Bye, Tony. -- Dr. A.J.Travis, University of Aberdeen, Rowett Institute of Nutrition and Health, Greenburn Road, Bucksburn, Aberdeen AB21 9SB, Scotland, UK tel +44(0)1224 712751, fax +44(0)1224 716687, http://www.rowett.ac.uk mailto:a.tra...@abdn.ac.uk, http://bioinformatics.rri.sari.ac.uk/~ajt -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] linux viruses
Tony Arnold wrote: Peter, Peter Adam Kelly wrote: I was thinking this morning (which is quite exceptional for me at such an early hour, but that's another story haha) that a large distro user base like ubuntu's is great, it standardizes things and all that, but I was left wondering maybe having so many people using one distro makes the user base more seseptable to virusses or mallicious attacks, is the none standardisation in gnu linux a good thing in security terms and standization a bad thing? It's generally agreed that a homogeneous environment is bad from a security viewpoint because it means that if one machine is compromised then it's likely all of them will or could be. Having a variety of machines can help limit the scope of the effects of a compromise. There are a number of reasons why Linux has not be hit by viruses in the same way that Windows has. The main one, IMHO, is that files are not executable by default and so an attacker has to work that little bit harder to get a user to run something malicious. The other is that users [in Ubuntu, unlike typical Windows users,] tend [NOT] to be logged in as root all the time, so it's much harder to compromise system files, although some argue the users' data is still vulnerable which is much more valuable than the system stuff. ?typo? -- alan cocks Ubuntu user -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] linux viruses
Alan, alan c wrote: The other is that users [in Ubuntu, unlike typical Windows users,] tend [NOT] to be logged in as root all the time, so it's much harder to compromise system files, although some argue the users' data is still vulnerable which is much more valuable than the system stuff. ?typo? Oops! Yes, typo. Should really read my posts more carefully before hitting that send button. Thanks for the correction! Regards, Tony. -- Tony Arnold, IT Security Coordinator, University of Manchester, IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL. T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039 E: tony.arn...@manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
