Security: rkhunter - needed?

Here is the place were the team and the community projects meet together. Help us to develop SolydXK projects or contribute your ideas for future releases.
User avatar
Arjen Balfoort
Site Admin
Posts: 9258
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Security: rkhunter - needed?

Postby Arjen Balfoort » 27 Sep 2015 08:24

I've been thinking about how we can improve security for SolydXK and have been checking rkhunter.
rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.
From: https://en.wikipedia.org/wiki/Rkhunter

I have followed this link to configure rkhunter: https://help.ubuntu.com/community/RKhunter

But I somehow feel this would be overkill for anything but a server.
Am I wrong?


SolydXK needs you!
Development | Testing | Translations

User avatar
MAYBL8
Posts: 1487
Joined: 10 Mar 2013 18:41
Location: Maryland Heights, MO USA
Contact:

Re: Security: rkhunter - needed?

Postby MAYBL8 » 27 Sep 2015 14:59

You can go a lot of different directions with this.
Here is an excerpt from this article on security:
https://wiki.ubuntu.com/BasicSecurity


The most basic set of rules

If you're a simple desktop user who only uses his computer for the most ordinary things, then this is the basic rule set:
1. immediately install security updates when you're notified;
2. do not install antivirus, as you *really* don't need it in Linux;unless you share files with Windows
3. enable the firewall (sudo ufw enable) without further tweaks;
4. stick to the official repo's as much as possible, and only deviate from them when strictly necessary and with much caution;
5. keep Java (both openJDK and Oracle Java) disabled by default in your browser, and only enable it when needed;
6. use Wine with caution;
7. and most important of all: use your common sense. The biggest security threat is generally found between keyboard and chair.


User avatar
ilu
Posts: 2477
Joined: 09 Oct 2013 12:45

Re: Security: rkhunter - needed?

Postby ilu » 27 Sep 2015 22:20

I agree with MAYBLB, I'd just add:
6a. Use Noscript and keep flash deactivated or at least in ask-mode.

And rule no. 7 can't be repeated enough. I've had a DOS-boot-sector infection at the beginning of my computer days and afterwards went through 20 years of completely malware-free MS win usage. I would not like to have a clogged system just because some people can't use their brains.

But we should keep a close watch on developments - if and when Linux starts to get targeted by malware programmers, things like that program will become necessary.

User avatar
palimmo
Posts: 802
Joined: 19 Nov 2013 19:44
Contact:

Re: Security: rkhunter - needed?

Postby palimmo » 28 Sep 2015 00:00

MAYBL8 wrote:
3. enable the firewall (sudo ufw enable) without further tweaks;
Activate it in the Firewall - KDE Controle Module (GUI) is the same?

thank you
Proud user of SolydK!

Dai diamanti non nasce niente, dal letame nascono i fior. http://aquilone.wordpress.com/

User avatar
MAYBL8
Posts: 1487
Joined: 10 Mar 2013 18:41
Location: Maryland Heights, MO USA
Contact:

Re: Security: rkhunter - needed?

Postby MAYBL8 » 28 Sep 2015 00:07

There are some issues with the firewall settings blocking you from doing some ordinary day to day activities so some modification of the firewall can be done and still ensure you have a safe computer. I believe some of those issues have even been brought up in the forum somewhere.


User avatar
Zill
Posts: 1850
Joined: 13 Aug 2013 14:28
Location: Lincolnshire, UK

Re: Security: rkhunter - needed?

Postby Zill » 28 Sep 2015 14:53

I live in a quite a good area with a low crime rate and so I am not normally too concerned if either my house or my car is unlocked for a while. OTOH, if I leave this area and go elsewhere then I always ensure that I lock my car and keep my valuables in a hotel safe.

I regard the internet in a similar way. As long as I am using a Linux OS via my home NAT router then I feel secure as long as I don't do anything stupid, such as visit dodgy websites or install software from anywhere other than the official repos for my distro.

So far, after using Linux systems in this way for around fifteen years, this philosophy has served me well as I have never experienced any malware of any kind, either viruses or rootkits.

I would add that, while I consider a software firewall unnecessary for a home system behind a NAT router, I do use UFW when I am away from home as you just don't know who else may be on the line. ;-)

I do run a couple of servers, NFS and SSH, but again, as they are behind my router, I really don't worry about them.

So, for normal home/SOHO users, I do not really consider rootkits a problem unless the user is particularly reckless!

To quote from the Wikipedia Rootkit article:
Defenses
System hardening represents one of the first layers of defence against a rootkit, to prevent it from being able to install. Applying security patches, implementing the principle of least privilege, reducing the attack surface and installing antivirus software are some standard security best practices that are effective against all classes of malware.
As most of these factors are actually inherent to Linux design, (antivirus is not necessary!), then all that remains is to guard against an "Evil Maid Attack" as, if someone else has physical access to the machine, then all software defences are irrelevant!

User avatar
ilu
Posts: 2477
Joined: 09 Oct 2013 12:45

Re: Security: rkhunter - needed?

Postby ilu » 28 Sep 2015 22:16

I forgot to mention that I'm not really concerned about eeeevil hackers trying to do eeeevil things on my cmputer - I'm worried about good agencies (with five eyes or such) trying to stop me from eacting deeds of terrorism - or whatever they claim they are doing. As long as I still install the possible rootkits by my uneducated self (flash, h264 - there might be more) I don't think I really need rkhunter ...

I'm working to get rid of those though. Along these lines I would propose to ship firefox with a preset of media.gmp-gmpopenh264.enabled;false - or is it already?

kurotsugi
Posts: 2226
Joined: 09 Jan 2014 00:17

Re: Security: rkhunter - needed?

Postby kurotsugi » 29 Sep 2015 11:55

the tool would be considered useless if the user didn't know :
1. whether if he had it (or whether if it exist or not)
2. what is it and how it work
3. how to use it

in the case with rkhunter...I think all of those point above applied to almost all of us :lol:

Refugee
Posts: 47
Joined: 17 Apr 2014 00:32

Re: Security: rkhunter - needed?

Postby Refugee » 03 Oct 2015 12:47

Rkhunter is absolutely necessary. Please don't remove it. Peace of mind is important.

User avatar
Arjen Balfoort
Site Admin
Posts: 9258
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: Security: rkhunter - needed?

Postby Arjen Balfoort » 03 Oct 2015 14:25

Refugee wrote:Rkhunter is absolutely necessary. Please don't remove it. Peace of mind is important.
It is not installed in the ISOs but it's available in the repository. I'm just checking if it would be necessary/helpful for the ISOs.


SolydXK needs you!
Development | Testing | Translations

User avatar
Zill
Posts: 1850
Joined: 13 Aug 2013 14:28
Location: Lincolnshire, UK

Re: Security: rkhunter - needed?

Postby Zill » 03 Oct 2015 15:25

Refugee wrote:Rkhunter is absolutely necessary. Please don't remove it. Peace of mind is important.
No-one is suggesting removing it from the Debian repos! It can easily be installed by any user who actually wants to run it.

This discussion is about including it on the ISOs which do not, obviously, include every package in the Debian repos. IMO, the ISOs should only include the minimum number of packages needed for a basic but functional OS and a selection of important applications.

Users are then free to later personalise their system by adding their preferred packages but, as we all have different preferences, the ISOs only need to have a minimal selection included.


Return to “Suggestions & ideas / Open Projects”

Who is online

Users browsing this forum: No registered users and 3 guests