A More Secure Linux

Hello readers,

As operating systems go there are preferences worth reviewing, and features worth noting within the world of Linux. Many of my readers use Linux for the same reasons I do, and one of those reasons is security.

How secure is Linux?

Compared to BSD it’s not particularly secure or insecure. It has clear advantages for most users when compared to Windows, and is arguably more secure than a Mac – due in part to the ways most hackers actually compromise an operating system. (Not that this indicates the likelihood of such an attack is necessarily higher strictly due to use.)

When we talk about Linux being more secure, it generally has something to do with how few viruses actually work against Linux. It isn’t true that none do, though it is entirely true that over 99.9% of traditional viruses and most malware in general have literally no effect on any Unix or Linux type environment due to the privelege escalation required to actually compromise such a system.

But does that mean it’s really more secure?

During the installation of most Linux based operating systems, there comes a part where you are offered an opportunity to encrypt certain folders or even partitions; i.e. the home folder, the root folder, etc. This might seem like a sure fire way to prevent anyone from compromising a system but it actually isn’t necessarily more than a slight improvement and an extra step while logging on. The AES type encryption used isn’t different than the kind encrypting your password, which is generally located in /etc/shadow.

What does increase the security of a Linux system is an option to make certain files unchangeable.

How to make a file immutable on Linux

I’m copying a bit from the link above here for quicker implementation’s sake.

Protecting important files

You can protect important files such as:

  • /etc/php.ini
  • /etc/passwd
  • /etc/shadow
  • /etc/group and more

 sudo su (followed by password at prompt)

 chattr +i /etc/shadow <— This snippet makes it impossible to delete or change your password – it should be followed immediately with chattr +i /etc/group and optionally chattr +i /etc/passwd

The link of course get’s far more involved with Chattr but you get the general idea. Optionally you can get install AES Crypt.

Optionally if you are handy with Python you can use Pycrypto.

performance

By itself Linux has advantages regarding firewall simplicity, integrity checking, and even experienced admins will admit that ssh-ing into a Linux machine with a reverse shell is no guarantee of anything provided the user has even a passing familiarity with their system. Setting an approved ssh key for a remote desktop often requires specialized x session configurations. <— Not easy to do remotely.

That means that really aside from seeing that the machine is there, even within one’s own network connecting and affecting are not guaranteed. While telnet, ssh, and rdp connections are almost as easy as using ftp to upload a file to a server, “Taking control of someone’s computer” is a bit trickier. (VNC passwords should of course not be the same as root passwords FYI.)

The most common exploits are still browser based and socially engineered, which means someone is more likely to defraud someone out of your passwords for websites and that doesn’t really change based on your operating system preference. Google’s Chrome OS has done a great job trying to idiot proof their browsers.

Linux can be zipped up tighter than anyone would guess, and depending on one’s browser configuration they could be relatively safe. The same can be done to some degree on any OS, the more obscure the less likely to be targeted directly.

It eventually boils down to things like encryption, RSA standards use a public key and a private key to make really big prime numbers or semiprime numbers that are very difficult to decrypt due to the many possibile combinations of numbers that those huge numbers might actually consist of.

9×9 = 81 so you could reasonably determine that 81 might represent 9×9…

On the other hand the number below is just an example of the number one might be stuck trying to decrypt to get at someone’s credit card information. What two numbers was it made of?

RSA-100 = 15226050279225333605356183781326374297180681149613
          80688657908494580122963258952897654000350692006139

This isn’t just a deterrent, it’s what makes your information more secure. Linux keygeneration can be done manually of course as indicated here.

That can be coupled with literally dozens of other methods to make secure connection between two Linux machines very secure. An article from digital ocean talks about that in greater detail here.

Out of the box even samba is only as secure as your configuration allows… But if you just keep a picture of a trollface in your shares folder and it gets hacked who really won?

The truth is that when properly motivated nothing is bulletproof. Setting a bios password is thwarted by popping out the battery, changing it to allow a usb to boot could allow someone to peruse your system from a live environment, or even to email themselves copies of your files. So using online storage might be almost a healthy level of paranoia if you think someone is motivated enough to snoop on your system.

Worse yet, simply taking someone’s hard drive out and popping it into another machine isn’t necessary, provided the attacker knows how to rig an external hard drive connection wire. That might be a reason to encrypt those home folders. (Just don’t leave the password on the same machine.)

Does the standard “hacker” know how to do all of this stuff? Probably, but most attacks really do start with lower tech approaches. Shoulder surfing, garbage sorting, social engineering… At the end of the day you just have to make it harder than it’s worth to get anything you value out of your digital world. Save things on external storage and hide it, or just don’t have anything more valuable than your links to my website.

linux2016
*Based on user experience, our picks for best Linux 2016

#Cheers and I’ll do more articles like this in the near future.

Spread the love

84 thoughts on “A More Secure Linux”

  1. You actually make it seem so easy with your presentation but I find this topic to be really something which I think I would never understand. It seems too complicated and extremely broad for me. I’m looking forward for your next post, I’ll try to get the hang of it!

  2. I do accept as true with all the ideas you have introduced on your post. They’re very convincing and will certainly work. Nonetheless, the posts are too quick for beginners. May you please lengthen them a bit from next time? Thank you for the post.

  3. This is really interesting, You are a very skilled blogger. I have joined your rss feed and look forward to seeking more of your excellent post. Also, I have shared your website in my social networks!

  4. Thank you for the sensible critique. Me and my neighbor were just preparing to do a little research on this. We got a grab a book from our local library but I think I learned more clear from this post. I am very glad to see such magnificent info being shared freely out there.

  5. I am not sure where you’re getting your information, but great topic. I needs to spend some time learning much more or understanding more. Thanks for magnificent info I was looking for this information for my mission.

  6. Hey, you used to write excellent, but the last several posts have been kinda boring¡K I miss your tremendous writings. Past several posts are just a little out of track! come on!

  7. Definitely believe that which you said. Your favorite reason appeared to be on the web the easiest thing to be aware of. I say to you, I certainly get irked while people think about worries that they just do not know about. You managed to hit the nail upon the top as well as defined out the whole thing without having side effect , people could take a signal. Will likely be back to get more. Thanks

  8. Thank you a lot for sharing this with all folks you really realize what you are speaking about! Bookmarked. Please additionally visit my site =). We may have a hyperlink exchange arrangement between us!

  9. Thank you for sharing excellent informations. Your web site is so cool. I’m impressed by the details that you have on this web site. It reveals how nicely you perceive this subject. Bookmarked this website page, will come back for more articles. You, my pal, ROCK! I found just the information I already searched everywhere and just could not come across. What a perfect web-site.

  10. Its like you read my mind! You appear to know so much about this, like you wrote the book in it or something. I think that you can do with a few pics to drive the message home a little bit, but other than that, this is excellent blog. A great read. I’ll certainly be back.

  11. My husband and i have been relieved that John could conclude his studies out of the ideas he got through your site. It’s not at all simplistic to just be making a gift of secrets which other folks might have been making money from. Therefore we understand we need you to be grateful to for this. All of the illustrations you made, the easy web site navigation, the friendships your site assist to foster – it’s everything awesome, and it’s really leading our son and our family reason why this matter is thrilling, and that’s really fundamental. Thanks for the whole thing!

  12. HeyHello There. I foundI discovered your blogweblog the use ofusingthe usage of msn. This isThat is a veryan extremelya really smartlywellneatly written article. I willI’ll be suremake sure to bookmark it and come backreturn to readlearn moreextra of your usefulhelpful informationinfo. Thank youThanks for the post. I willI’ll definitelycertainly comebackreturn.

    http://www.hqtext.com/top-10-best-quart-pressure-cookers-reviews/

  13. fantastic submit, very informative. I wonder why the other experts of this sector don’t understand this. You should continue your writing. I am confident, you have a great readers’ base already!

  14. Iím not that much of a online reader to be honest but your blogs really nice, keep it up! I’ll go ahead and bookmark your site to come back down the road. All the best

    https://jonesf580.shutterfly.com/278

  15. SimplyJust want towish todesire to say your article is as astonishingamazingsurprisingastounding. The clearnessclarity in your post is simplyjust spectacularniceexcellentcoolgreat and i cancould assume you areyou’re an expert on this subject. WellFine with your permission allowlet me to grab your RSS feedfeed to keep up to dateupdated with forthcoming post. Thanks a million and please keep upcontinuecarry on the gratifyingrewardingenjoyable work.

    http://interactworks.info/marketing-your-songs-workshop-with-perforated-doorway-hanger/

  16. Wow! This could be one particular of the most helpful blogs We have ever arrive across on this subject. Actually Wonderful. I am also an expert in this topic therefore I can understand your hard work.

  17. As I website possessor I believe the content matter here is rattling magnificent , appreciate it for your efforts. You should keep it up forever! Best of luck.

  18. This is really interesting, You are a very skilled blogger. I have joined your feed and look forward to seeking more of your great post. Also, I have shared your site in my social networks!

    http://www.djbasement.com/forum/discussion/1286981/polishing-marble-countertops-quick-press-editorial

  19. You created some decent points there. I looked on the net for the issue and discovered most individuals will go along with along with your internet site.

    http://www.projectwedding.com/blog_entries/820445

  20. This articlepostpiece of writingparagraph will helpassist the internet userspeopleviewersvisitors for creatingbuilding upsetting up new blogweblogwebpagewebsiteweb site or even a blogweblog from start to end.

    http://5productreviews.com

  21. Hi there, just became alert to your blog through Google, and found that it is really informative. I’m going to watch out for brussels. I will be grateful if you continue this in future. Many people will be benefited from your writing. Cheers!

  22. It is perfect time to make some plans for the future and it is time to be happy. I have read this post and if I could I desire to suggest you few interesting things or advice. Perhaps you could write next articles referring to this article. I desire to read even more things about it!

    http://pushbuttonbuyers.com/entry.php?w=lynnes&e_id=145662

  23. Today, I went to the beach front with my kids. I found a sea shell and gave it to my 4 year old daughter and said “You can hear the ocean if you put this to your ear.” She placed the shell to her ear and screamed. There was a hermit crab inside and it pinched her ear. She never wants to go back! LoL I know this is totally off topic but I had to tell someone!

    http://www.djbasement.com/forum/discussion/1301584/improve-expertise-on-batteries

  24. I think other site proprietors should take this site as an model, very clean and magnificent user friendly style and design, let alone the content. You are an expert in this topic!

  25. Great post. Thank you for your time in helping me get educated on the matter.

    http://www.vacuumcleanerrepairlincolnne.com/brands

  26. Very efficiently written information. It will be supportive to anyone who employess it, including myself. Keep up the good work – i will definitely read more posts.

    http://fredm21737.skyrock.com/3282782986-Important-Information-About-The-Problem-Regarding-Home-Pest-Control.html

  27. Wonderful site you have here but I was wanting to know if you knew of any user discussion forums that cover the same topics talked about here? I’d really love to be a part of group where I can get feed-back from other knowledgeable individuals that share the same interest. If you have any recommendations, please let me know. Cheers!

    http://www.purevolume.com/sarar42n/posts/15159646/Speaking+About+Poster+Printer+Software

  28. My wife and i were absolutely excited when Edward managed to conclude his homework using the ideas he gained from your own weblog. It is now and again perplexing to just choose to be releasing thoughts which usually people could have been trying to sell. So we do know we have the website owner to give thanks to for that. The most important explanations you have made, the easy blog navigation, the friendships your site give support to foster – it is everything wonderful, and it’s really facilitating our son and the family imagine that this content is pleasurable, and that’s especially vital. Thank you for everything!

    https://www.investaspace.com/blogs/459/523/which-is-the-greatest-zinus-mattress-to-get

Leave a Reply

Your email address will not be published. Required fields are marked *