What Linux tools and security??

JustPassingBy

weegie.geek wrote: »

Even with your example, 12k possible keys, 5 second delay between each brute force attempt, 60k seconds, 1000 minutes, 16 hours on average to get into that particular machine. Fixed packages were released within 3 days, which gives you plenty of time. Scan the hosts, find out which are vulnerable, get to work on individual hosts.

Good, I like sums. But what about a username? With root logins allowed root would probably be a goner. But how about hiawatha or halloweenpumpkin? Could we up your estimated 16 hours to 160 days? 160 years? Or is this bot so sophisticated it knows what the username is before it commences to login?

Actually, most automated scanning probes tend to go for relatively simple user names like john or mary. Monitoring these things is good for the soul; try it sometime. It's a pure guess after all. Sometimes they get sophisicated and try emelda or arisha or brianne but on the whole it's rather plodding. weegie.geek would never be a part of their vocabulary.

Username/password. That's what is needed for ssh to co-operate. The key space may be easily predictable (in this case) but unless the correct usename is entered the machine is untouchable.

These are unmanaged servers. OS is installed, root password emailed to user. You're on your own as far as security is concerned, and that's fair enough because they're bargain basement stuff.

They may not be concerned about your machine but bandwidth use should make them perk up. if it doesn't you're with the wrong hosting company .

I agree that a firewall isn't necessary to restrict access to certain ports by IP, as I agreed previously, but it's handy to have the configuration all in one place.

Nothing wrong with iptables.

Keeping software up to date will of course win, assuming there IS an update available.

If security updates aren't available in a reasonable way you should jettison the distribution. Have nothing to do with it. Put it out of business. Why deal with an entity whose concerns don't jel with yours?

In ideal conditions security holes would be fixed before they're made public. This rarely happens. A properly setup firewall, for example, would keep you safe in most cases.

A firewall doesn't help buzbymanx. At present he's quite happily surfing the web and collecting email. He feels secure and knows he is because he updates regularily and never uses root for anything trivial. Things have never been so good for him and he wonders why there is so much discussion about something so simple as security.

tweeter is staring at a copy of firestarter. She doesn't know what to do with it. iptables makes her think of dusting. But this nice man advised her to install it and said the world would fall apart if she didn't. She doesn't want to ask him again because he will lecture her on all the the nasty things which will happen to her if she doesn't have a firewall.

Contentment can be achieved by understanding:

• A single machine on the internet doesn't need a firewall.
• Regular software updates are essential.
• Running as root is vey bad.

weegie.geek

JustPassingBy wrote: »

Good, I like sums. But what about a username? With root logins allowed root would probably be a goner. But how about hiawatha or halloweenpumpkin? Could we up your estimated 16 hours to 160 days? 160 years? Or is this bot so sophisticated it knows what the username is before it commences to login?

Actually, most automated scanning probes tend to go for relatively simple user names like john or mary. Monitoring these things is good for the soul; try it sometime. It's a pure guess after all. Sometimes they get sophisicated and try emelda or arisha or brianne but on the whole it's rather plodding. weegie.geek would never be a part of their vocabulary.

Username/password. That's what is needed for ssh to co-operate. The key space may be easily predictable (in this case) but unless the correct usename is entered the machine is untouchable.

Again, how many people bother changing the root username? If people were sensible botnets wouldn't exist.

[quoteThey may not be concerned about your machine but bandwidth use should make them perk up. if it doesn't you're with the wrong hosting company .[/quote]

Most customers use much less than their allotted amount. Stay within that amount and you're fine. Lots of unmetered providers around too. Why should they care about a sudden BW spike? OVH's lowest transfer allowance is, I think, 5TB/month.

If security updates aren't available in a reasonable way you should jettison the distribution. Have nothing to do with it. Put it out of business. Why deal with an entity whose concerns don't jel with yours?

Agreed, but if the distro or the people responsible for the project don't know about the problems, they can't put out a fix.

tweeter

"

Contentment can be achieved by understanding:

• A single machine on the internet doesn't need a firewall.
• Regular software updates are essential.
• Running as root is very bad."

I must say that I've been religious about the last two points since I've installed Ubuntu, and I have a firewall as Mr Oink advised and have read all your contributions which leave me floundering to say the least, but "iptables makes her think of dusting" #92 is not true as I loath housework, lol. Thank you all for your contributions.

JustPassingBy

weegie.geek wrote: »

Again, how many people bother changing the root username? If people were sensible botnets wouldn't exist.

You're beginning to to lose me here. These people who cannot be bothered to configure a service, such as ssh, correctly or who don't have the skills to figure it out, these same people are real whiz at iptables rules and can set up a firewall without even a glance at the manual. You appear to have descended into defending incompetence and praising expertise at the same time.

In any case, my point was that a successful bot attack on ssh can only succeed when the username and password/key are guessed or known. Considering how difficult guessing is and how unintelligent bots are the chances of a breech of shh (even when it is already weakened) are not particularily high. By the time the bot has figured out where it is going wrong, which is unlikely, the updates have arrived.

No sotware can be designed to completely combat the stupidity of the user. If he thinks operating as root is fine and updating is for wimps he more than likely thinks tcp is an ointment. You let him get on with it, firewalls and all. If he falls victim to a botnet it's unfortunate but the rest of us merrily trudge on enjoying ourselves.

Agreed, but if the distro or the people responsible for the project don't know about the problems, they can't put out a fix.

That's rather obvious. The time to worry is when they do know about a problem and, without good reason, don't put out a fix.

JustPassingBy

tweeter wrote: »

"

I must say that I've been religious about the last two points since I've installed Ubuntu, . . . . .

You're a star. Keep clicking and enjoy yourself.

S0litaire

The good thing about Ubuntu (and a few other Linux versions) is that ROOT is effectivly disabled, as it does NOT have any password. (*Note* This is *not* the same as a blank / empty password!!) so it's impossible to log in as ROOT.

Mr_Oink

S0litaire wrote: »

The good thing about Ubuntu (and a few other Linux versions) is that ROOT is effectivly disabled, as it does NOT have any password. (*Note* This is *not* the same as a blank / empty password!!) so it's impossible to log in as ROOT.

Which you can quickly work around with:

sudo passwd root

To set one - effectively giving any user in the sudoer's list privilege escalation