Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
intrusion detection
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
farmer.ro
Apprentice
Apprentice


Joined: 20 Aug 2016
Posts: 179

PostPosted: Sun Sep 04, 2016 8:03 am    Post subject: intrusion detection Reply with quote

Code:
#aide #snort #chkrootkit #netstat #iftop #htop #ufw #sudo #common sense #physical contact #reading log files #no software from outside the Gentoo repository #staying up to date #least privileges #secure browser #no script #add block


the next two questions rush trough my mind:

Question: what does one have to do to have a secure Linux system?

Question: how does one check the Linux System for network intrusion?
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1717

PostPosted: Sun Sep 04, 2016 7:45 pm    Post subject: Reply with quote

Quote:
Question: what does one have to do to have a secure Linux system?

Unplugging wires and putting the PC into a strongbox did the trick for me. I can't even access it myself anymore, so it must be secure enough.

More seriously, the system itself is a pretty tough target. You want to make sure you don't expose any vulnerable services to the world though.
Say, if you run SSH, you better use public-key authentication and completely block password login.
If you have a web server, run it as a user without access to any files but those it's supposed to serve.
Basically look at the way you're going to use this machine, and ask yourself what could make a possible security issue. In most cases the answer is going to be "the user".
Quote:

Question: how does one check the Linux System for network intrusion?
I dare say it's impossible to do that automagically, at least when speaking of a single machine. Rumour says sophisticated security systems that analyse behaviour of the whole datacenter exist and are more effective than single-machine scanners.
It is possible to detect _some_ attempts and mitigate the numbers a bit. Stuff like fail2ban does that. Tripwire may help too, though running it inside the system it's supposed to protect would mean it can be easily dismantled.
Back to top
View user's profile Send private message
Syl20
Guru
Guru


Joined: 04 Aug 2005
Posts: 550
Location: France

PostPosted: Mon Sep 05, 2016 12:40 pm    Post subject: Re: intrusion detection Reply with quote

farmer.ro wrote:
Question: what does one have to do to have a secure Linux system?

You can make lots of things. And the more you do, the safer your system is. For example (there is no priority order below) :
- delete, disable, or uninstall all you don't need (but make backups first !) ;
- take the time to understand how to secure your apps (there are plenty of tutorials for each of them on the web), and, of course, do it ;
- make them produce all the logs you'd need ;
- read these logs, or make one or more softs (like logwatch) parse them ;
- keep your system up-to-date ;
- give your users (real or not) as few rights as possible ;
- configure and maintain a decent firewall ; only open the minimum required, and make it produce logs ;
- harden your system ;
- read GLSAs, and apply their recommendations ;
- install and use dedicated softs, like lynis, and apply their recommendations.

Quote:
Question: how does one check the Linux System for network intrusion?

Logs are a good start. But you can also look for unknown processus, files, users, groups, open tcp/UDP ports... If you disabled all you don't need, that's easier.

Last, but not least : think about the worst. Consider your system is really compromised. Are you able to quickly isolate it from your network ? Are you able to retrieve all the stored data ? To reinstall your system from scratch ?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum