Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
An individual can define a word, e.g., open source, as they wish, but that doesn't change the standard definition. It appears that the standard definition of open-source is that it must be free. Sounds silly to me, but I'm just saying.
I just checked another source, dictionary.com. The first & top most definition is,
"o·pen-source"
"Computers . pertaining to or denoting software whose source code is available free of charge to the public to use, copy, modify, sublicense, or distribute" http://dictionary.reference.com/browse/open-source
And where do I get charged when I want to use MySQL or the radeon driver on my Slackware system?
softwarelabus, you've asked for feedback about your idea, and you've received it. Whether you want to welcome other members' opinions or stick your head in the sand is your problem, but at this point I'm gonna ask you to keep things focused on technical issues related to your script (or script idea). You seem to be quite misinformed regarding open source software in general, which when combined with your rather extreme unwillingness to make any concessions, results in a situation where discussion is about as unproductive as can be. You're free to believe whatever you want (that open source software gives the bad guys an upper hand; that closed source software gives the good guys an upper hand; that your script will automagically make your box more secure; that a paid coder will necessarily produce better software than one who programs in his/her free time; that all open source coders program in their free time and don't get paid for it; that open source software is supposed to be free as in beer; etc.), but surely we can have a more beneficial thread if we stick to the technicalities of your script idea and stay away from the more general philosophical aspects.
@win32sux, I tried to get some details from you, but nothing. This thread was only asking for which folders to scan. Not a single answer yet. Anyhow, is it a forum rule that a thread can't branch off into other topics? I find the topic of open-source interesting. You want to suppress my opinions because you don't like them?
Of course. Again, I'm talking about *adding* security, not replacing it. That being said, win32sux and Hangdog42 have not pointed out any vulnerabilities in my method.
I pointed out the vulnerabilities in your method in my previous post.
Really, you should have IDP/IDS in place to know that someone has accessed your system. Use auditing, traffic monitoring, firewalls, logging, alerting etc...
The "scan it every so often" idea might work... but at what cost? If you scan it every hour, then someone could have already been in your system for 59 minutes. If you scan every 5 minutes you will kill your performance.
To me, its better to watch the gates and doors than spend time to count the money every 5 minutes.
You're suggesting that the purpose of my scan is to prevent a hacker from gaining access to the server. Again, the purpose of the scan is to detect *if* the server has *been* hacked. If the server becomes hacked, then it will be wiped and reinstalled.
As a reminder to people new to the thread who don't want to read it, I'm not suggesting to replace existing security. The script is just me *adding* some custom undisclosed source code security scans. It's not modifying existing security. It's just passive scans where I upload the script on the fly every time I want to run the scan. There will be a text field where I enter some text equations that I'll be expecting a certain message from the script encase a hacker tries to fake my scripts output. And each file checksum scan is randomly divided into multiple checksums.
To me, it's just weird how anyone could oppose that.
Last edited by softwarelabus; 06-16-2011 at 11:00 AM.
This thread was only asking for which folders to scan. Not a single answer yet.
Completely and totally untrue. You were told that the folders you need to scan are up to you depending upon your level of risk tolerance and your ability to deal with any given signal/noise ratio. If you have the SA experience you claim, you should already know what folders are critical to operations and which ones are likely to have a lot of file churn.
Quote:
Originally Posted by softwarelabus
Anyhow, is it a forum rule that a thread can't branch off into other topics? I find the topic of open-source interesting. You want to suppress my opinions because you don't like them?
As has been explained to you the Security forum operates on facts related to security. If you want to have a discussion on the nature of Open Source, feel free to start a thread in General, where it belongs. I'm sure you'll find it easy to get a very lively discussion there.
Quote:
Originally Posted by softwarelabus
To me, it's just weird how anyone could oppose that.
Nobody is opposed to the idea, as it has already been done in a variety of readily available programs. It is the details of your specific implementation that strike many of us as a waste of time. But hey, its your time to waste.
What is very clear is that you either have no intention of actually having a discussion about security procedures and policies, or you're just trolling. So let me wish you good luck with your project, because your going to need it.
The Linux Security forum deals with facts alone. Technical questions deserve technical answers. Answering questions well may involve asking more questions. Since answers here increasingly mismatch questions this thread no longer is of benefit to anyone. As such it is closed. Thanks all for taking part.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.