why would a general-purpose distro not add users to sudoers file?
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I used fail2ban on my work machines and on a home server I had available on the internet so I could access it from work.
At one point I had blocked addresses or subnets comprising 72% of China, 22% of Africa, half of South America, half of Russia, 10% of North America (mostly USA domains), and a scattering of sites on various islands.
I built scripts to grab data from the logs and generate nice pictures and a daily report.
It never failed me. Not once.
I even moved my home SSH all to non-standard ports and put a immutable honeypot on port 22 so I would know ALL traffic hitting that port could add IP addresses to my block list for the entire network. Lots of fun, but I doubt it made anything more secure. I hope I drove some of the worms crazy! ;-)
Surely a better way to do that would be with OpenPVN or WireGuard using UDP on a high numbered port?
Oh absolutely! But I was a network administrator following the corporate rules about the corporate network. Breaking those rules would be a great way to get fired! As it was they were giving me the side eye for running Linux on my Corp laptop and creating web pages and documents in LibreOffice!
I also helped one of the C#/.NET developers package and distribute our client software using FOSS tools. That impressed the customers and made life far easier for them, but I am not sure management ever did figure out what we did to make the magic happen.
I run sshd on a non-standard port. I only get a bot every few months. It'll make a few attempts before getting temporarily banned, usually giving up afterwards. I've only had one bot that was persistent for about 2 weeks.
This is interesting. You make me suppose that anything we do on the internet attracts bots. What software can I use to see if bots are after me?
Going to request the mods to make a new thread of that.
When I ran the honeypot operation I started getting hits about 20-30 minutes after bringing it up on a new IP address. Some others reported less than 5 minutes before getting a hit. I think it depends upon your ISP, subnet, and how many "good targets" appear (to the attackers) to exist on your network vicinity.
I would say that if you can run while giving your existence away as little as possible is an advantage. Blocking (a firewall at the gate) is an advantage. Running as secure as you can with process and authority segregation is an advantage. Running something "bulletproof" (like immutable) is an advantage. Using all of those at once may be being bloody-minded paranoid! Pick the level of risk you can accept and have some fun. If you let the worms ruin your fun it does not matter if it is ruined because you so focused on the threat that you forgot to play, or if they zombified your machine and you had no backups: your day is still ruined! Prepare, take reasonable precautions, and don't go all DEFCON-I about it.
Or, if you are like me, go hunting and set traps and enjoy tracking and blocking the worms and ruining THEIR day. ;-)
-------------
How can you tell? #1 Things like fail2ban log hits, and that gives you some data. #2 If you bock echo at the gateway device (modem, router, or firewall) and record dropped echo hits it can be instructive, but you have to filter that data since many ISPs ping-poll their subnets to detect active clients: those may be bots but not (we hope) attack bots. #3 IF you run something at the gateway with Intrusion Detection features it may do all of that and more, and generate nice logs or reports (possibly wiht pretty pictures!) for you to enjoy.
This is interesting. You make me suppose that anything we do on the internet attracts bots. What software can I use to see if bots are after me?
You only have to worry about this if your machine is running any Internet-facing services. If it's a desktop machine connected to a router, you have nothing to worry about... bots aren't coming after your web browser. Just keep your distro updated.
You only have to worry about this if your machine is running any Internet-facing services. If it's a desktop machine connected to a router, you have nothing to worry about... bots aren't coming after your web browser. Just keep your distro updated.
Thanks, that particularly answers my question: because "desktop machine connected to a router" describes me exactly.
Distribution: ChromeOS,SlackWare,Android and Lubuntu
Posts: 68
Rep:
In my 23 + years of using the Unix-Workalike operating systems including GNU/Linux and practically every flavor of modern BSD. As a measure of security, I try to either use sudo on the Linux side or do as on the BSD side of things, although I migrated to sudo on the BSDs as well because I feel more at home with the syntax of the sudoers file.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.