Suggestion for improving Linux Security

steveg

New Member
Joined
Jul 4, 2024
Messages
2
Reaction score
1
Credits
24
It seems that most Linux distros include software for a far wider range of uses than any one implementation is ever likely to need. Every piece of software is a potential source of malevolent code and so there is a possibility that a particular computer may become compromised from malevolent code which was in a package that was never going to be used. Would it not be much more secure for a very minimal set of packages to be included and other packages only installed if they are required (that could be automated so no need for an administrator). I can see this would still be open to exploitation but I also think it might make it more difficult for systems to be compromised.

I was wondering if this idea has been discussed and what conclusions were reached.
 


It's well known that you should uninstall software which you don't use.
The question is why it was installed in first place if you're not using it?

But removing unused software isn't a thing of malevolent code, it's more about reducing attack surface by minimizing possibility of someone exploiting bugs in those programs.
 
I see what you mean that it is bugs although some people have tried to include malevolent code in Linux software (zx utils). Maybe some bugs can constitute a vulnerability even if the software they are in is not used (by the intended user not the person trying to hack into the system).
 
Maybe some bugs can constitute a vulnerability even if the software they are in is not used
Of course, a developer may intentionally introduce a bug only to later exploit it for its own gain.

In this case the software itself is not malware, it's clean, however intentional introduction of a bug let's him exploit all computers which use the software.

This method is far better than putting a malware into the code because it's more difficult for others to detect it and if they do the author won't be found guilty because it's a bug not malware.
 
Oh dear...not another one.

1720143114187.jpeg
 
Redhat clones have "Minimal Install" options. When we are creating a new server template, that's what we start with and install what is necessary for that specific application.

Just remember, security isn't a "thing" it's a lifestyle. There is far more than "installed applications" involved when securing a system. Networks, drivers, and the biggest attack surface is the user / admin himself. Most breaches are successful due to user / admin error prior to any other weakness. Not due to an initial software vulnerability.

Though as I said. It's a lifestyle. You must be diligent on all aspects of security.
 

Members online


Top