Basic Security

Thanks for all the good info. It helps a lot. All my computing is at home and I was looking at a VPN as something like a firewall and defense against hackers. Everyone here has been very helpful.
 


It can be overwhelming for newbies.

SElinux, AppArmor, ufw, firewall-cmd, iptables, password-policies, security profiles, and application configuration files.
It's a lot to know. It seems a lot of people just disable most of it because it's too complicated.

Another part of it, is just keeping the security fixes and patches up to date. That isn't just a Linux thing, but applies
to Windows and Macs as well.

Then there is just user education, about spam emails, malicious links, ant-virus, malware, and just knowing
what to click on and what to avoid. Again, that isn't a Linux thing, but applies to all computers.
 
I am not having any issues at this time. I do not mess with permissions and such and in fact I have never really learned to use them except through the folder/file>preferences>permissions tab.
But my question is, if a person messed around and screwed up permissions all over the computer, is there a command that would reset all system permissions to the default state?
 
Last edited:
I've been considering authoring a series on securing your desktop Linux computer.

I've done a bunch of security articles, but most of them are aimed at the server/terminal.
 
sofasurfer said:
I am not having any issues at this time. I do not mess with permissions and such and in fact I have never really learned to use them except through the folder/file>preferences>permissions tab.
But my question is, if a person messed around and screwed up permissions all over the computer, is there a command that would reset all system permissions to the default state?
Click to expand...
There isn't a single command that I'm aware of that will reset permissions that have been altered. Linux allows the user to do both useful and self-destructive things to installations. It's non-discriminatory that way.

Linux will let you create your own warnings if you want it to, for example if you alias the remove command: rm, to: rm -i, it will prompt you each time you use rm to remove a file instead of just removing it wthout further ado.

There isn't such an option for chmod when changing permissions, but it could be scripted.

Recovery from permissions problems due to alterations to file permissions depends on the situation.

If one has been changing permissions in a terminal using bash for example, if they have a .bash_history file configured, the commands that they've used for altering permissions may all be recorded in the .bash_history file. In that case they can all be identified and reversed. Similarly for the root user, if there's a .bash_history configured for root.

Another means to finding files that have been altered is to use the find command with it's time locating options. For example, if you knew that the alterations had been made only in the last week, you could try and find all files that had been altered in the last week using the "-ctime -7", option to the find command which will identify files with permission changes, amongst others.

There are other ways to detect such changes as well which could be written up in scripts to get the information utilising the stat command which shows file alterations.

If the changes to permissions have been made through a file manager, then a record of those changes may depend on the file manager's history logs, if they have any, and I'm not familiar with any that do so thoroughly in relation to permission changes, but my experience with file managers is limited.

There are system level ways to go with this issue which can be done using the audit daemon from the auditd package. It would need to be configured for the purpose of monitoring permissions apart from the numerous other things it can monitor and have logged in a log file. It may however, be a bit like using a jackhammer to hammer a tack.
 
There is whonix in VM or Tails. For secure connection https covers 90%+ traffic. Or use DoH/DoT.
VPN is good when mobile. If you want to be really anonymous single VPN will not help and you will have issues with sites that ban VPN traffic in general.
You can harden your browser, sandbox/control network connections and harden kernel, glibc. This is all easy (well with exception of hardened libs) but not necessary for regular use. On average single user is fine with secured browser and mail client if using standalone.
 
I have not had a security breach on linux ever. Windoze used to have breaches weekly. The closest I have had to a linux breach was recently I had people trying to hack into a mysql database. apparently they hijack them and hold them ransom for bitcoin. The standard mysql_secure_install made it impossible for those guys to get in. Then changing the tcp port for mysql on my end stopped the rest. Linux security rocks.
 
sofasurfer said:
But my question is, if a person messed around and screwed up permissions all over the computer, is there a command that would reset all system permissions to the default state?
Click to expand...
Timeshift
 
APTI said:
The closest I have had to a linux breach was recently I had people trying to hack into a mysql database. apparently they hijack them and hold them ransom for bitcoin.
Click to expand...

About 35% of my traffic (on public facing sites) is malicious in nature.

I can't be 100% certain, but ~10% of the rest of the traffic is people trying to spam my sites. I've excluded that from 'malicious'. They're just jackholes. The next 15% is bots of various natures. The final 50% is real human visitors seeking answers to their questions or wanting to read an article. This is just for my only really popular site.

(I have more than just my Linux site. The Linux Tips site is much, much bigger than the rest.)
 
my experience in the last attack/attempt was that the majority of the attempts came from bc.googleusercontent.com which in my reading is ripe with malicious code and used for hacking attempts. Makes me wonder about google if they can't control their own system access and continue to allow people to misuse the resources. I used iptables to block that whole domain or at least I think I did.
 
APTI said:
Makes me wonder about google if they can't control their own system access and continue to allow people to misuse the resources.
Click to expand...

I get a whole lot of attacks from AWS, as well.

Oddly, I don't get many attacks from Azure.

I think they do police bad actors, it's just that bad actors have enough funds and time to generate new accounts. Maybe their policing should include payment methods. If you used x-credit card (assuming it's not stolen) to sign up and were canceled, don't let that credit card be used on another account.

But, then again, how many of these are legit credit cards? I doubt the criminals are using their own money for this. You can buy stolen debit cards for pennies on the dollar if you know where to look.
 
KGIII said:
I get a whole lot of attacks from AWS, as well.

Oddly, I don't get many attacks from Azure.

I think they do police bad actors, it's just that bad actors have enough funds and time to generate new accounts. Maybe their policing should include payment methods. If you used x-credit card (assuming it's not stolen) to sign up and were canceled, don't let that credit card be used on another account.

But, then again, how many of these are legit credit cards? I doubt the criminals are using their own money for this. You can buy stolen debit cards for pennies on the dollar if you know where to look.
Click to expand...
that is true I have seen them for sale so I know where to look too. Sad that people put that much effort into being criminals. They could use half that effort and make twice as much plus benefit others in a legit way.
 
To my opinion. Mining is a vital activity for many cryptocurrencies, such as Bitcoin, that rely on a decentralized network of nodes to verify transactions and secure the blockchain. However, mining also poses various challenges and risks, such as cyberattacks, environmental impact, regulatory uncertainty and geopolitical tensions. Therefore, miners need to adopt basic security measures to protect their operations and assets, such as using antivirus software, backup systems, encryption, firewalls, VPNs, and physical security. Moreover, miners should also be aware of the legal and ethical implications of their activities, and comply with the relevant laws and regulations in their jurisdictions. Mining and https://ultramining.com/en/cloud-mining/ can be a rewarding and profitable endeavor, but it also requires responsibility and vigilance
 
Last edited:
bob466 said:
I just enable the Firewall...never had any problems because Linux isn't windwoes.
happy0034.gif
Click to expand...
Enabling firewall takes at most 1 minute, if only it would be so easy...
I spent over 2 months to create firewall rules good enough to make me feel secure.
 
Of course it's most important to keep your system up to date...that goes without saying.
m1256.gif
 
You must log in or register to reply here.

Members online

Total: 915 (members: 3, guests: 912)

Latest posts

Top