Lately we have seen some news about malware that attacks Linux-based systems, something not too frequent, but we must not be trusting and ensure that Linux is 100% invulnerable against these threats. Although our distros are much more secure than other systems, we must have common sense and protect our equipment against possible threats so as not to be surprised.
We have already talked in this blog about how use Squid o IPTABLES, to create a barrier in our network against possible threats. Because, having a firewall or firewall is a good practice to avoid these types of threats, but it is not the only or infallible, since threats can come from sources other than the network, such as an infected medium, etc. We also dedicate an article on how to install and use certain programs to detect rootkits and other malware....
But in this article, we will give you more options to be able to shield your computer with Linux and thus be more calm in the face of possible threats that threaten us. Although this does not mean 100% unconcern, you already know that total security does not exist, but we can improve it. Likewise, we have dedicated another article to give some guidelines to toughen up our distro that I also recommend that you read. And how do I consider that safety is a hot topic For the latest news of threats, although it should always be, here I put another grain of sand to be more sure:
- Have a set up firewall and other filters.
- Don't install packages from suspicious sources.
- Use tools for threat detection on the table:
- Chkrootkit: to detect rootkits
- Rootkit Hunter: both chkrootkit like this one are focused on detecting rootkits and backdoors.
- ClamAV - a good antivirus that will detect and disable malware threats.
- LMD (Linux Malware Detect) - Another powerful tool for detecting malware.
- Other malware can be detected by other techniques monitoring the system, detecting anomalies with packages such as:
- HELP (Advanced Intrusion Detection Environment)
- Halloween
- In real time, you can also block some ads and threats on the net Through the use of safe browsers and some plugins or add-ons.
I hope I have helped you make your distro a little bit more secure, at least something else ...
Cool! Thanks I will try some.
Good reminder not to trust yourself and to get in the habit of protecting your systems.
A program to audit our unix system is lynis, which does some tests and indicates at the end of the tests the% security it has, and also makes reports at the end of the tests of your strengths and weaknesses and gives you advice on improvement, it works well for both workstations and linux servers. That is if the program works in commands via console.
Linux is doomed to failure, I don't know why it doesn't die all at once
Without Linux, most large companies would not have their servers operating.
Greetings.
Poor "Alexander" Ridiculous Lifeless Troll. Thanks for the advice, for servers and computers at risk, it is very important to take stronger measures given the large number of these computers with Linux. For the desk, it seems to me that with the basic measurements and a check from time to time more than enough.
linux is not going anywhere as always since always linux is backward
It hurts, it doesn't hurt, it doesn't matter, it's failure
Excellent post, but without wanting to be demanding, you could publish how to automate the use of some of the applications using CRON and some BASH (you know how to leave them something to copy / paste).
and moving on to another security issue linked to the post ...
How many read the install and post install scripts for DEB packages?
since some packages (chromium / chrome) install services in the background without the user noticing, and new users always download the DEB packages (understand that they use Ubuntu since they are new, that's why I only talk about the DEB) of pages , not from reliable sources.
you are as dead as linux poor unhappy one hundred sorry for you and linuxero
I will make a march against linux so that they prohibit that barbarism since linux = delay
Better go back to school as your spelling leaves a lot to be desired. I gather that you use windows since it is an OS that even an idiot like you could use. Ask the zoo keeper where the monkey cage is in case you don't know how to return.
You will have a gay march. !!!
ha ha ha ha ha ha.
Because they took away your barbies.
What things do you see around here?
Hahahaha
More secure than linux is freebsd or openbsd since they are pure unixs.
Hello, in a few days we will publish an article on security-focused operating systems where I talk about some distros and OpenBSD and other BSDs. You will like it, stay tuned ...
A greeting!
CTB-Locker becomes strong infecting web servers
Without a doubt, it is one of the threats that is giving more to talk about so far this year. It is curiously the first to abandon personal computers and focus on web servers. But those responsible for CTB-Locker are not about to stop the activity and a very high peak of infections is being achieved.
It should be added that to find the origin of this threat we have to move to the beginning of last year, when the first version was created, which, as you can guess, mainly affected private users. The infection process and the consequences are similar to those of any ransomware: the threat encrypts the files, informs the user of what is happening and is invited to pay a sum of money if they want to regain access. Now, the owners of the variants have turned the tables and decided to affect Linux web servers, encrypting the files contained therein and proceeding to inform the owners by performing a deface, also offering the possibility of making the payment to regain access to HTML files and scripts.
The owners of the affected servers will have to make the payment of 0,4 Bitcoin in order to regain access, something that, as we have already repeated on numerous occasions, is not recommended at all. The novelty in quotes is that a demo of the decryption process has begun to be included, allowing the owner to recover two files, thus encouraging the requested amount to be paid.
In addition to not being advisable to pay the amount due to the probability of losing money and files, what we want to avoid is that the cost of developing this type of content is being covered, which is why today in day there are so many variants.
Some details of CTB-Locker
The experts who have had contact with the threat and the possibility of carrying out its analysis have concluded that it creates a series of files on the server that have information about the process carried out:
index.php: The main page with the instructions.
allenc.txt: List of files that have been affected by the process.
test.txt: The files that can be unlocked for free.
victims.txt: List of files that will be compressed.
extensions.txt: List of extensions that will be affected by encryption.
secret_ [site_specific_string]: The file used to perform free decryption of the two files.
Most of this type of threat has a control server and this was not going to be an exception. On this occasion, nothing more and nothing less than three have been located:
http://erdeni.ru/access.php
http://studiogreystar.com/access.php
http://a1hose.com/access.php
While it is estimated that the threat continues to infect web servers, it must be said that the versions available for Windows (the source of which we are dealing with) continue to act and affect home computers.
each and every one of the linux distros are nothing more than a joke an insult to human intelligence you can unite the whole community and defend linux but that will not change the fact that linux is nonsense without more if I am in the future so that I return to prehistory
A caveman and can write. :OR
They are not supposed to evolve !!!
From what I see some resisted evolution.
What's next? We go back further in time and arrive at the Mesozoic era.
Gentlemen, remember this golden rule: the best way to kill a "Troll" is by not giving it food. Don't feed the Troll your inappropriate comments. Ignore your comments and let's comment here civilized people. LA's moderation should also help ban the typical IT gangsters.
Regarding the article, you can use the ClamTK graphic tool.
It also goes without saying that the best antivirus in the world is yourself, being careful.
Oh, by the way, I forgot that Bitdefender exists for GNU Linux, it's free if you register on their website.
to download:
http://download.bitdefender.com/SMB/Workstation_Security_and_Management/BitDefender_Antivirus_Scanner_for_Unices/Unix/Current/EN_FR_BR_RO/Linux/
To register:
http://www.bitdefender.com/business/antivirus-for-unices.html
Leoramirez59 really believe the same as you, trolls should not be fed, therefore we do not act, because if we censor them they will go to another blog to troll. The best thing is to pass them, that is, say nothing and continue with our lives or with our Linux. Greetings to all
Can you use several antimalwares at the same time? And what happens when the envious windows sends you conflicts to linux, it happened to me that I had problems starting linux and connecting to the network among other anomalies, having apart from win 10 in the other partition, now the connection is disconnected from time to time, I have not been able to solve it the rest seems to work fine and windows 10 was installed but the system was ruined by an error of shutting it down while starting a recovery