Enhance Linux Desktop Security
Introduction
Malicious attacks on computers are becoming increasingly popular. The GNU/Linux virus exists despite the much fewer viruses used to attack the GNU/Linux system than the Windows system. In addition, the number of other types of malware that can infect Linux computers and the number of pure attacks are also growing. Wirenet.1 recently attacked computers running Linux and Mac OS X. The malware steals passwords and other information stored in Internet browsers, email clients, and instant messaging tools on computers.
Enhanced Linux Desktop Security easy-to-use tools to maintain system security [graphic] http://www.linuxidc.com/Linux/2008-12/17702.htm
How Security rumors spread
Windows is the main target when malicious attackers focus on pranks, because the system is easy to use and many inexperienced users purchase them. Some attacks are motivated to bring a negative image to Microsoft. Microsoft is considered to be a company that does not support open-source communities. These attacks have contributed to rumors that Windows is vulnerable to security in the computing field.
Platform-independent environments such as OpenOffice.org, Perl, and Firefox are not spared. For example, Dropper. MsPMs-a malicious Java archive (JAR) file was found on machines running Windows, Mac OS X, and Linux.
Some malicious packages are specially written for GNU/Linux. Rootkit is a collection of tools that allow attackers to gain account access permissions from the root administrator on the computer. It is part of the same malware series as the trojan password. These malicious software packages have different names, such as tOrn and ARK.
Defense against malware
Many factors determine the security of the system, but the most important is the system configuration method. This article describes the configuration of GNU/Linux desktops. Perform some steps to correctly configure your computer system to ensure computer security. Start with anti-virus protection.
Install anti-virus software ClamAV
ClamAV is an open-source (GPL) Anti-Virus engine designed to detect trojans, viruses, malware, and other malicious threats. When installing the program, you can specify whether to manually run the program or connect it to the background process for continuous running. For the desktop, it is ideal to run the program in the form of a later process, because in this case, you can still choose to perform a manual scan.
To install ClamAV as a running background process, perform the following steps:
1. Open the computer and log on.
2. on the menu bar, click Applications> Accessories> Terminal.
3. After starting the terminal, enter the following command:
- sudo apt-get install clamav-daemon
4. enter your password when the system prompts you.
In this case, a package named clamav-freshclam is installed, which is an update package for the ClamAV application.
5. Now you will see a message reminding you how much disk space you need to use when installing the software. Enter Y at the prompt to start installation.
The installation process takes only two minutes. After the installation is complete, you will see an alert stating that your virus database was x days ago. You should update it using the following steps.
6. Run the sudo freshclam command at the prompt.
Running freshclam updates the virus definition to the latest version. Keeping definitions up-to-date is important because ClamAV recognizes malware.
Virus definition is a code pattern exclusive to malware programs. The anti-virus scanner compares the content of your file with the code pattern in the virus-defined database. If a matching value is found, the program will remind you that there is an infected file on your computer and prevent code execution in the file.
If the definition of a specific part of a malware is not in your virus definition database, the anti-virus scanner cannot know that it is a malicious code, so it will continue to run, and bear the damage caused by executing it. Update your definition regularly to provide the most comprehensive protection.
Start ClamAV
ClamTk: GUI of your anti-virus application
If you do not like working from a terminal, you can choose to install a GUI named ClamTk for ClamAV. This GUI can be easily installed using the Add/Remove Applications tool in Ubuntu. After the installation is complete, click Applications> System Tools> Virus plugin to run it.
After updating the virus definition, you can start ClamAV. To manually scan your main folder, go to the terminal prompt and enter clamscan. After the clamscan command is completed, you will see a report on the number of directories and files scanned and the number of infected files found.
To run ClamAV in the form of a later process, go to the terminal prompt and enter clamdscan. The clamdscan command creates a user named ClamAV. Then, you can add this user to a group that owns the files you want to scan.
Use rkhunter to defend against rootkit
The most dangerous malware for GNU/Linux users may be rootkit. Rootkit Hunter (rkhunter) and chkrootkit scan suspicious files on the desktop. Attackers may install these files to gain control of your computer.
To install rkhunter to find and delete one of the best rootkit programs), perform the following steps:
1. to navigate back to the Terminal, click Applications> Accessories> Terminal.
2. In terminal shell, enter the following command:
- sudo aptitude install rkhunter
3. After receiving a message that tells you how much space the software needs to use, enter Y to start installation.
After rkhunter is installed, you can run it to check for attack damages on the desktop. Go to the terminal prompt and enter sudo rkhunter -- check.
If rkhunter runs correctly, you will see a list of directories containing the Vocabulary "OK" or "Warning. Once started, rkhunter performs multiple types of scans. After a scan is completed, press Enter to start the next scan. Scan types include:
- Directory
- Attack damage on the desktop
- Ports commonly used for backdoor access
- Start files, groups and accounts, system configuration files, and file systems
- Applications
After all the scans are completed, rkhunter will provide you with a report and use the results to create a log file.
Like ClamAV, You need to regularly update rkhunter so that it can detect the latest vulnerabilities and attack damages:
1. Input sudo rkhunter -- update from the terminal.
2. enter your password when the system prompts you.
Use Tiger to scan your system
In terms of security, benchmarking is one of the most important tasks you can do. From here, you can determine whether any content has been tampered with, because the tampering will modify the baseline content. If you install an Office suite, you will also modify the benchmark, but you can approve this addition. If a malware is installed on your machine, a benchmark check will also detect the malware.
Most people do not know how to manually create baselines for their computer configurations. However, a program named Tiger will review the computer system and check whether any content has been modified. If the content is modified, the software provides an error code.
To install Tiger on the Ubuntu Desktop, open the terminal first. Run the following command from here:
sudo aptitude -y install tiger
This command places Tiger software on your machine. Now you need to run it.
Run sudo tiger to create a security issue report and save the report to/var/log/tiger. The file name often contains the Host Name of the computer, followed by the date and time, such as security. report. hostname.121220. The file name will be provided to you when the report is complete.
To view the report, run sudo gedit and include/var/log/tiger and file name. In this example, the command is:
- sudo gedit /var/log/tiger/security.report.hostname.121220-8:46
The report then provides the error code for the problem it finds. You can search for the meaning of each error code online.
Use Firewall
The next preventive step you should take is to use a firewall built into the operating system. By default, Ubuntu runs iptables on each release as a firewall. After the firewall is installed, the default settings of the firewall allow all incoming and outgoing traffic. To effectively use the firewall, you need to create rules to lock the desktop.
You can configure iptables on the terminal to write Firewall rules, or use a GUI called Gufw to write Firewall rules based on the Uncomplicated Firewall (UFW) program with Ubuntu.
Open the terminal and run the following command to install Gufw:
sudo apt-get install gufw
After installation, you can access it from System> Administration> Firewall. Turn on and enable Gufw. It is disabled by default. Under the title Actual Status, click the Enabled check box to open it. In this way, all incoming traffic is set to Deny. Click Add to create a rule based on four available options based on how you want UFW to handle certain types of traffic:
• Allow. The traffic that the system allows to access from a port.
• Deny. The system rejects incoming traffic from a port.
• Reject. The system rejects the traffic entering a port and sends the request to connect to the system whose traffic is denied.
• Limit. If an IP address tries to initiate six or more connections in the past 30 seconds, the system rejects these connections.
When you click Add, a window containing three tabs will appear: Preconfigured, Simple, and Advanced. The Preconfigured tab is the easiest way to create rules, because you can select the traffic you want to allow or deny from a drop-down list
On the Simple tab, you can tell UFW whether you want to allow or reject certain traffic, and then select the Protocol/service and port number.
You can use the Advanced tab to further tune the rule.
Back up and restore desktop files
Another step to protect the GNU/Linux Desktop involves creating a backup and recovery process.
In the past, you had to install backup and recovery software in most Linux releases. However, the need to have a reasonable disaster recovery solution has prompted many distributions to include backup and recovery software during installation. Ubuntu depends on Duplicity. This program uses rsync. To make things easier, Ubuntu comes with Deja Dup, which is the graphic front-end of Duplicity.
To start using Deja Dup, click System Settings in the gear icon. In the System Settings window, click Backup.
Before enabling automatic backup, click Storage to set the backup location. You can use Ubuntu One cloud storage option) to send your backup to another server through FTP, save it to a local folder, or set a custom location. After determining the optimal location of the backup file, click Folders to select the content to be backed up. There are two options: Folders to back up and Folders to ignore. You can add or delete any folders from each column.
Click Schedule to notify Deja Dup of the backup running frequency and retention time. You can back up data every day, every week, every week, or every month. These backups can be stored for at least one week to at least one year, or even permanently.
Now, return to Overview and slide the Automatic backups to On. This is all the operations of the software. To Restore a file, click Restore. Deja Dup will ask you where you want to Restore the file, which date you want to Restore, and where you want to Restore the file. It is a good idea to restore files from time to ensure that your backup works properly.
Install Updates
Many attacks on computers are initiated when a malicious attacker finds a vulnerability in the operating system software or another software. Security experts will find these vulnerabilities and create software patches and updates to fix them.
Keep your software up to date. Most operating systems have a built-in feature to notify you when updates are available. Many GNU/Linux releases contain this type of feature. Click the gear icon on the desktop menu bar, and then click Software Up to Date to start Update Manager. Update Manager is usually enabled when updates are available.
In the Update Manager window, click Install Updates. You can also click Settings to select the update frequency and software you want to update. As long as the Important security updates check box is selected and the When there are security updates option is set to Download and install automatically, the default option should be enough.
Password-protected Boot Loader
When using GNU/Linux, you can guide the computer to change the root password without entering a password. This method is called single-user mode. To protect this feature with a password, you have two boot loader options: GRUB and LILO. If GRUB is used, you can encrypt the password to make the information more secure. LILO users do not have this option. If GRUB is used, perform the following steps:
- 1. Start the terminal.
- 2. Enter grub at the prompt.
- 3. To ensure that the password to be created is not stored as a plaintext, enter md5crypt.
- 4. Enter the password you want to use in single-user mode at the prompt. Then you will get an encrypted password version. Do not close this terminal window-use this encrypted password in subsequent steps.
Now, you need to edit the GRUB configuration file. Of course, first back up it:
1. Enter the following command:
sudo cp /boot/grub/menu.lst /boot/grub/menu.lst-backup
2. enter your password when the system prompts you.
3. Enter the following command:
- gedit /boot/grub/menu.lst
This will call up the GRUB configuration file.
4. Find the line shown as password-md5 in the file and replace the existing password with the encrypted password you created earlier.
Listing 1 shows what the GRUB configuration file should look like when the password is changed:
GRUB configuration file after Password Change
- # Set a timeout, in SEC seconds before
- automatically booting the default entry # (normally the first entry
- defined). timeout 3 ## hiddenmenu # Hides the menu by default (press ESC
- to see the menu) hiddenmenu # Pretty colours #color cyan/blue while/blue
- ## password ['--md5'] passwd # If used in the first section of the menu
- file, disable all interactive editing # control (menu entry editor and
- command-line) and entries protected by the # command 'lock' # e.g.
- password topsecret # password --md5 $1$jLhUO/$aW78kHK1QfV3P2b2znUoe/ #
- password topsecret # # examples # # title Windows 95/98/NT/2000
Unlike GRUB, LILO does not allow encrypted passwords. If you use the LILO boot loader, perform the following steps:
- 1. Start the terminal.
- 2. Enter edit cat/etc/lilo. conf at the prompt.
- 3. When the Editor opens, search for the password section and create a new password in it.
Conclusion
This article describes some tools that can help you enhance the security of GNU/Linux desktops. Even if you have installed all the available tools to protect your computer and the data stored in it, you should also master the use of these tools.
Set a timetable to check ClamAV and rkhunter updates. Run these utilities weekly and when new software is installed. It is most important to set a backup schedule for your data and follow the latest trends in the computer security field ). New vulnerabilities are constantly discovered. You must keep pace with the times and take appropriate actions to keep your computer secure.