Vote Up
6
Votes
Vote Down

Let’s compare the suggestions for securing Linux to various criticisms against Windows.

  • SJVN: “If you haven’t updated your system with the latest security patches…then you can’t trust your system today.”
  • LinuxSpin “A working Windows computer requires constant patches and security updates to keep it safe.”
  • SJVN: “If you have any suspicion that your system has been compromised Kroah-Hartman suggests that you need a clean install of your operating system.”
  • LinuxSpin “If You Have to Reinstall Your OS to Keep Your PC Running, Install GNU/Linux.”
  • SJVN: “You should also get into the habit of not just glancing over your startup scripts and system logs from inside your operating system–You are already doing that right? Right!?”
  • LinuxSpin “I would take GNU/Linux any day because if you don’t want to manage it the darned thing just keeps running.”
  • SJVN: “...taking your system down, rebooting it with a live CD Linux distribution, and checking for rogue start-up scripts and odd log entries.”
  • LinuxSpin “I have set up machines that ran years without an update. Others have reported that forgotten machines kept running for many years.”
#1 Posted by ChrisTX on Oct 3, 2011 9:49 PM

“To do this on a rpm-based system, [such as Red Hat or openSUSE] run the following command:

rpm —verify -all

“Please read the rpm man page for information on how to interpret the output of this command.” On Debian-Linux based systems, such as Mint or Ubuntu, it’s more complicated. From a Bash shell you need to run the following:

dpkg -l \*|while read s n rest; do if [ “$s” == “ii” ]; then echo $n; fi; done > ~/tmp.txt for f in `cat ~/tmp.txt`; do debsums -s -a $f; done”

LOL.
RTFM,
Clusterf*ckDistoSystem™,
EsotericWorkarounds™, CopyThisInYourTerminal™..

#2 Posted by kurkosdr on Oct 4, 2011 5:55 AM

Reminds me of mac users who think their computer is invulnerable to trojans because of Steve Jobs magic or something (and no, not all mac users think that, only a few do, for example I am a mac user and never claimed a trojan couldn’t be written for Mac OS X).

The truth is, ALL operating systems today are so good in terms of security that the only way to get malware is to purposely run a trojan, or to forget to update the OS, the flash player, the PDF reader or the browser.

Now, on the topic of which operating system makes updates easier… Hmm… MacOS X and Windows are on the “very easy” scale, Linux is on “are you freaking kidding me?” scale. No wonder even big corps leave their Linux systems unpatched, and hence subjectible to attacks by LulzSec script kiddies. Meanwhile, I challenge AdamBeFree to find me a Windows Server system that got hacked during the last 3 years. No seriously I am waiting.

#3 Posted by imgx64 on Oct 4, 2011 9:53 AM

“Now, on the topic of which operating system makes updates easier… Hmm… MacOS X and Windows are on the “very easy” scale, Linux is on “are you freaking kidding me?” scale.”

Question mark, question mark, question mark.

I don’t want to sound defensive, but, umm… What is this “Linux” you are talking about? In Ubuntu at least, you can easily run Update Manager, click “Settings…”, and select “Install security updates without confirmation”. What am I missing?

Also, there is no default centralized way to update third party software in Windows (although there are third party solutions like Npackd). I think something is coming in Windows 8, but I’m not sure.

——
“No wonder even big corps leave their Linux systems unpatched”

Which ones?

#4 Posted by Linsuxoid on Oct 4, 2011 2:09 PM

@Kurkos
Here is relatively big WinServer breakin: http://en.wikipedia.org/wiki/Anonymous_(group)#Attack_on_HBGary_Federal – it runs Asp.Net on IIS 7.5 but it’s unrelated, because applications are to blame here (“Using a variety of techniques, including social engineering and SQL injection”) – winservers are not magically invulnerable.
On the other hand, nothing even close to getting full access to whole Sony debacle, kernel.org repository servers, redhat internal infrastructure (twice), savannah.gnu.org, MySql sql injection, apache.org defacement and so on. No high profile breaks in last 10 years.

#5 Posted by Linsuxoid on Oct 4, 2011 2:11 PM

> “to getting full access to whole Sony debacle, kernel.org

Read as: “to whole Sony debacle, getting full access to kernel.org

#6 Posted by Linsuxoid on Oct 4, 2011 2:14 PM

@imgx64
> What am I missing?
Manual reboot? Because as we all know, DoesntNeetToReboot™ actually means DoesntAskForRebootEvenIfNeeds™

#7 Posted by ChrisTX on Oct 4, 2011 8:45 PM

“it runs Asp.Net on IIS 7.5 but it’s unrelated”

According to the source on Wikipedia:
“The exact URL used to break into hbgaryfederal.com was http://www.hbgaryfederal.com/pages.php?pageNav=2&page=27. The URL has two parameters named pageNav and page, set to the values 2 and 27, respectively. One or other or both of these was handled incorrectly by the CMS, allowing the hackers to retrieve data from the database that they shouldn’t have been able to get.”

Also, you can’t blame it purely on the CMS (although that apparently used unsalted MD5s):

“Along with its webserver, HBGary had a Linux machine, support.hbgary.com, on which many HBGary employees had shell accounts with ssh access, each with a password used to authenticate the user. One of these employees was Ted Vera, and his ssh password was identical to the cracked password he used in the CMS. This gave the hackers immediate access to the support machine.”

Doesn’t matter though, nobody would claim Windows to be unhackable. However, it is stunning that so many high profile sites achieve so poor security measures.

#8 Posted by Linsuxoid on Oct 4, 2011 11:18 PM

@ChrisTX
Wow. Thanks for correction. I checked hbgary.com before and it still runs IIS 7.5
It appears that hbgaryfederal.com runs Apache (who would expect?) and it tells that it’s down.
Wordpress, Gawker, TJX (TJ Maxx, Marshals etc) – all run Linux.

So we have more than a half of Fortune 1000 companies running IIS and still high profile “hack share” is totally dominated by Linux.

#9 Posted by JoeMonco on Oct 5, 2011 5:41 AM

“So we have more than a half of Fortune 1000 companies running IIS and still high profile 'hack share’ is totally dominated by Linux.”

That’s kind of like any other New Age quackery, doesn’t it.

And, yes, I am comparing Linux to tarot card reading and the likes, so bite me.

You must be signed in to leave comments.