..2013/8/10 <[email protected]> > I was just reading about this new malware threat. I'm not clear on how > exactly this thing can get installed on a Linux system. Would it require > 100% social engineering? I installed Fedora on my elderly mother's last two > laptops so she can do her banking without being paranoid about keyloggers, > trojans, etc... She is a news hound, so it's only a matter of time before > she comes flying at me demanding reassurances. > -- >
Mini gude how Fedora can protect You: 1. Use only official repos/strict package signing, no untrusted package sources. 2. Update browser scope threats, Iced-Tea, Flash-plugin. (whole system, whuh!) 3. Better create two browser profiles, one for everyday usage with Iced-Tea disabled, other one ONLY for internet-banking with Iced-Tea enabled, and tell your mother about the value of such security solution. 4. Disable autorun http://blogs.iss.net/archive/papers/ShmooCon2011-USB_Autorun_attacks_against_Linux.pdf 5. Use SELinux shield: # setsebool -P allow_execstack=0 # setsebool -P allow_execheap=0 # setsebool -P allow_execmod=0 (may break some buggy apps) 6. Set umask 077 in ~/.bashrc (and if needed ~/.gnomerc) to locally or globally(/etc/profile,/etc/bashrc) prevent new planted executables of being execuded. Of course if only system is not for multiuser, and there is no need for binary execution ~/ 7. HoT runs without root, so primary impact will be taking over control of user evironment. Protect important config files from modification, by setting chattr +i.(remove when needed) .bashrc .bash_profile .bash_logout .pam_environment .xinitrc .gnomerc .config/autostart/* and so on 8. Configure firewall, but this is different story, as I know from experience, this is difficult to fit any user browsing desires. But it's worth a try :) > users mailing list > [email protected] > To unsubscribe or change subscription options: > https://admin.fedoraproject.**org/mailman/listinfo/users<https://admin.fedoraproject.org/mailman/listinfo/users> > Fedora Code of Conduct: > http://fedoraproject.org/code-**of-conduct<http://fedoraproject.org/code-of-conduct> > Guidelines: > http://fedoraproject.org/wiki/**Mailing_list_guidelines<http://fedoraproject.org/wiki/Mailing_list_guidelines> > Have a question? Ask away: http://ask.fedoraproject.org >
-- users mailing list [email protected] To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
