Linux, security and all that ... (after)
Inspired by this topic. The author asked the right questions, but unfortunately did not give the correct answers.
In fact, this is a common sad trend. For some reason, everyone is convinced that since there are no viruses under Linux, then security itself is ensured. Understanding the fallacy of this view comes often too late when you are already hacking, and it is still not known which of the cases described in the comments is worse - a hacked corporate server or a desktop ubunta installed by my beloved son at home.
Let's take a look at how you can protect yourself from any garbage.
A simple but effective rootkit tracking software. It is installed elementary:
Then we update the database:
And we run the check:
It will be very useful to open the file /etc/rkhunter.conf and uncomment the line MAIL-ON-WARNING, adding your mailing address there.
As a last step, it makes sense to register the daily (or nightly) start of the check in CZK, and at breakfast to view the sent check logs in the mail.
This is a more serious tool. It stores a snapshot of the current file system (up to the inodes used by files) and reports any changes (hello to fans of auto updates).
Again:
during installation, we set the password separately for key generation and policy, and the second password for the database.
After installation rules file /etc/tripwire/twcfg.txt and /etc/tripwire/twpol.txt , do database initialization:
and run the test check
the output is Tuyev huchu missing files messages. The basic version tripwire mention all options files, so the rules again policy file /etc/tripwire/twpol.txt and update it:
Again, as in the previous case, we check whether the mail goes to you:
and create a task in the crown with the key --email-report
But do not relax - if the attacker gets root rights on your car, then it will not be difficult for him just reinstall tripwire with your keys, and you will still receive reports in the style of "All is well, beautiful marquise", until one day you decide to update the config or policy and get a message about the wrong password.
Be carefull!
In fact, this is a common sad trend. For some reason, everyone is convinced that since there are no viruses under Linux, then security itself is ensured. Understanding the fallacy of this view comes often too late when you are already hacking, and it is still not known which of the cases described in the comments is worse - a hacked corporate server or a desktop ubunta installed by my beloved son at home.
Let's take a look at how you can protect yourself from any garbage.
rkhunter
A simple but effective rootkit tracking software. It is installed elementary:
apt-get install rkhunter
Then we update the database:
rkhunter --update
And we run the check:
rkhunter --check
It will be very useful to open the file /etc/rkhunter.conf and uncomment the line MAIL-ON-WARNING, adding your mailing address there.
As a last step, it makes sense to register the daily (or nightly) start of the check in CZK, and at breakfast to view the sent check logs in the mail.
tripwire
This is a more serious tool. It stores a snapshot of the current file system (up to the inodes used by files) and reports any changes (hello to fans of auto updates).
Again:
apt-get install tripwire
during installation, we set the password separately for key generation and policy, and the second password for the database.
After installation rules file /etc/tripwire/twcfg.txt and /etc/tripwire/twpol.txt , do database initialization:
tripwire --init
and run the test check
tripwire --check
the output is Tuyev huchu missing files messages. The basic version tripwire mention all options files, so the rules again policy file /etc/tripwire/twpol.txt and update it:
tripwire --update-policy /etc/tripwire/twpol.txt
Again, as in the previous case, we check whether the mail goes to you:
tripwire --test --email адрес
and create a task in the crown with the key --email-report
But do not relax - if the attacker gets root rights on your car, then it will not be difficult for him just reinstall tripwire with your keys, and you will still receive reports in the style of "All is well, beautiful marquise", until one day you decide to update the config or policy and get a message about the wrong password.
Be carefull!