Linux, security and all that ... (after)
Inspired by this topic. The author asked the right questions, but unfortunately did not give the right answers.
In fact, this is a general sad trend. For some reason, everyone is firmly convinced that once there are no viruses under Linux, then security is provided by itself. Understanding the fallacy of this view comes often too late when you already hack, and it is still unknown which of the cases described in the comments is worse - a hacked corporate server or desktop desktop installed by your favorite son at home.
Let's look at how you can protect yourself from all garbage.
A simple but effective program for tracking rootkits. It is installed elementarily:
Next we update the database:
And run the check:
It will be very useful to open the /etc/rkhunter.conf file and uncomment the MAIL-ON-WARNING line by adding your email address there.
As a final step, it makes sense to set a daily (or daily) launch of the scan in CZK, and check the sent check logs in the mail for breakfast.
')
This is a more serious tool. It stores a snapshot of the current file system (up to the inodes used by the files) and reports any changes (hello lovers of auto updates).
Again:
When setting, we set a separate password for generating keys and a policy, and a second password for the database.
After installation, edit the files /etc/tripwire/twcfg.txt and /etc/tripwire/twpol.txt , do the database initialization:
and run a test check
At the exit, you get a mess of messages about missing files. In the basic delivery of tripwire, all possible file variants are mentioned, so edit the /etc/tripwire/twpol.txt policy file again and update it:
Again, as in the previous case, we check if the mail goes to you:
and create in the crown a task with the key - email-report
But you shouldn’t relax - if an attacker gets rooting rights on your car, then it’s not difficult to just reinstall tripwire with your keys, and you will still receive reports in the “All is well, beautiful marquise” style, until one day do not decide to update the config or policy and do not receive a message about the wrong password.
Be carefull!
In fact, this is a general sad trend. For some reason, everyone is firmly convinced that once there are no viruses under Linux, then security is provided by itself. Understanding the fallacy of this view comes often too late when you already hack, and it is still unknown which of the cases described in the comments is worse - a hacked corporate server or desktop desktop installed by your favorite son at home.
Let's look at how you can protect yourself from all garbage.
rkhunter
A simple but effective program for tracking rootkits. It is installed elementarily:
apt-get install rkhunterNext we update the database:
rkhunter --updateAnd run the check:
rkhunter --checkIt will be very useful to open the /etc/rkhunter.conf file and uncomment the MAIL-ON-WARNING line by adding your email address there.
As a final step, it makes sense to set a daily (or daily) launch of the scan in CZK, and check the sent check logs in the mail for breakfast.
tripwire
')
This is a more serious tool. It stores a snapshot of the current file system (up to the inodes used by the files) and reports any changes (hello lovers of auto updates).
Again:
apt-get install tripwireWhen setting, we set a separate password for generating keys and a policy, and a second password for the database.
After installation, edit the files /etc/tripwire/twcfg.txt and /etc/tripwire/twpol.txt , do the database initialization:
tripwire --initand run a test check
tripwire --checkAt the exit, you get a mess of messages about missing files. In the basic delivery of tripwire, all possible file variants are mentioned, so edit the /etc/tripwire/twpol.txt policy file again and update it:
tripwire --update-policy /etc/tripwire/twpol.txtAgain, as in the previous case, we check if the mail goes to you:
tripwire --test --emailand create in the crown a task with the key - email-report
But you shouldn’t relax - if an attacker gets rooting rights on your car, then it’s not difficult to just reinstall tripwire with your keys, and you will still receive reports in the “All is well, beautiful marquise” style, until one day do not decide to update the config or policy and do not receive a message about the wrong password.
Be carefull!
Source: https://habr.com/ru/post/81889/
All Articles