Linux, security and all that ... (after)

    Inspired by this topic. The author asked the right questions, but unfortunately did not give the correct answers.
    In fact, this is a common sad trend. For some reason, everyone is convinced that since there are no viruses under Linux, then security itself is ensured. Understanding the fallacy of this view comes often too late when you are already hacking, and it is still not known which of the cases described in the comments is worse - a hacked corporate server or a desktop ubunta installed by my beloved son at home.
    Let's take a look at how you can protect yourself from any garbage.

    rkhunter



    A simple but effective rootkit tracking software. It is installed elementary:
    apt-get install rkhunter
    Then we update the database:
    rkhunter --update
    And we run the check:
    rkhunter --check
    It will be very useful to open the file /etc/rkhunter.conf and uncomment the line MAIL-ON-WARNING, adding your mailing address there.
    As a last step, it makes sense to register the daily (or nightly) start of the check in CZK, and at breakfast to view the sent check logs in the mail.

    tripwire



    This is a more serious tool. It stores a snapshot of the current file system (up to the inodes used by files) and reports any changes (hello to fans of auto updates).
    Again:
    apt-get install tripwire
    during installation, we set the password separately for key generation and policy, and the second password for the database.
    After installation rules file /etc/tripwire/twcfg.txt and /etc/tripwire/twpol.txt , do database initialization:
    tripwire --init
    and run the test check
    tripwire --check
    the output is Tuyev huchu missing files messages. The basic version tripwire mention all options files, so the rules again policy file /etc/tripwire/twpol.txt and update it:
    tripwire --update-policy /etc/tripwire/twpol.txt
    Again, as in the previous case, we check whether the mail goes to you:
    tripwire --test --email адрес
    and create a task in the crown with the key --email-report

    But do not relax - if the attacker gets root rights on your car, then it will not be difficult for him just reinstall tripwire with your keys, and you will still receive reports in the style of "All is well, beautiful marquise", until one day you decide to update the config or policy and get a message about the wrong password.

    Be carefull!

    Also popular now: