Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A main reason for me to try Linux was to get as far away as possible from the massive metadata collection that Windows and data brokers are known for. I understand the very basics of the kernel and it's advantages but what seems to be the majority opinion after spending 30+ hours reading forums is that people think they are 100% immune from anything bad simply by using Linux. That simply can't be true. I know a lot about Win, but new to Linux and I see almost no talk about the browser, security settings, firewall(some) or other software/hardware choices to harden your system. I know different distro's offer different things but a daily driver like LM or others I think may be tweak'd or made better maybe.
Also something that seems ignored is that Linux represents such a small % of overall individual users that the majority of bad actor's are being smart and fishing the large pond of Win user's but should they ever use their talent to target Linux, I fear that many would find that Linux is not as 100% secure as they believe?
Last edited by WhyLinux0; 11-18-2022 at 10:43 PM.
Reason: Linux and metada/privacy
Any system is pretty secure if the user isn't a total idiot. That being said the default security model on linux does make it a bit more protected from the unknown. But not immune.
Last edited by jmgibson1981; 11-18-2022 at 11:07 PM.
Any system is pretty secure if the user isn't a total idiot.
Ask any professional SysAdmin: "total idiot" is, in fact, the base assumption one should use as a working assumption about your average user.
Quote:
That being said the default security model on Linux does make it a bit more protected from the unknown. But not immune.
True.
Windows and Mac assumption is that you are not only a total idiot, but that you will gladly pay them big bucks to have them provide the brains behind your security.
The Linux assumption is that you want a base level of security by default, will take it the rest of the way yourself if you need to, will use FOSS solutions wherever they will serve, and if you do not know what you are doing on day one you WILL figure it out or get help. (I apologize for what that appalling sentence did to your brain!)
LQ is one place to get help.
Linux IS more secure, but nothing is secure against users who insist on doing dangerous things that "seemed convenient at the time" or that they "saw in this great magazine...".
Browsers shed a ton of data about every connection, and the server collects much of that and generates more. All Google tools and services dummp into that great honking database and they KNOW you!
Using a browser that provide some kind of "privacy tab", "Privacy window", or "Secure mode" helps but as soon as you log in or identify yourself you have given away data about yourself and your hardware, software, and behaviors.
Using a browser that LIES in the data it sheds can help a bit.
Using a VPN CAN help a bit. (But if it is a commercial VPN, assume they may be collecting that data!)
Running a Firewall can protect you from incoming threats, but not the ones you invite into your home network.
Running intrusion protection MAY help against anything that get past the firewall.
Running a honeypot with network blocking can add a layer of protection.
Encrypting traffic as much as possible may help, as will avoiding obsolete protocols that use unencrypted authentications.
Avoiding allowing software (or users) to use uncontrolled or automated authority escalation tools helps protect against errors or sabotage.
Rootkit detection and change detection can be useful.
Or you can just back everything important up with rotating generational backups and plan on reloading and restoring if things go south because of hacking, malware, hardware failures, or geothermonuclear war.
Most people learn all of that and decide it is too much to worry about, and pretty much ignore it all. I have fun with it.
You decide what your risk level is, what risk you are willing to allow, and adjust your security plan (including all of the above, none, or some different plan or tool I have not mentioned) as the owner of that risk.
BTW: I routinely put a small honeypot (AC or virtual machine running services that look vulnerable just to get people to attack it) and monitor the attacks on it. I load it from read-only media (Generally a mini-CD) so the attacks can succeed but a simple reboot puts it back to original state.
I automated a monitor of every connection to the honeypot, transfer the connection information to my network firewall device for blacklisting. I also generate a report every day of the IP address added along with the WHOIS information I can scrape about them. Ten years ago I was blockin most of China and certain subnets in South America, Europe, and Russia. These days it is all of that, half of the middle east, and dozens of threat subnets in North American, including some owned by my own ISP! Darned if I know what is going on or why, but it looks mostly like scripted network scanning of standard ports (a lot on port 22).
I do not recommend that level. If you do not find it fun, it could drive you crazy.
Also something that seems ignored is that Linux represents such a small % of overall individual users that the majority of bad actor's are being smart and fishing the large pond of Win user's but should they ever use their talent to target Linux, I fear that many would find that Linux is not as 100% secure as they believe?
That canard is not ignored, it is just that it has been debunked again and again and again, going back decades. m$ boosters pretend not to hear and trot it out every few months. Notice that counting either by number of hardware devices or by number of services or by number of users, the majority of the world's servers are GNU/Linux and the servers are where the valuable resources, bandwidth and data, reside. Yet Windows is the domain of malware, especially ransomware.
The weak point on all desktop systems will be the steaming pile of legacy spaghetti code known as the web browser or the mess of X11. Yet, the underlying system design differences carry GNU/Linux far in regards to security. There are three reasons for that. On is a much more appropriate, modular design which has been oriented towards multiple concurrent users since day one. The other is quality workmanship, at least prior to systemd that is. The last is the theoretical foundation. Being Free Software, a subset of Open Source Software, is not magic. However, it is a necessary first step and that has been known all the way around since before the 1980s. Here's why that theory matters:
it is never the OS itself, but the maintainer (admin) who can secure the system and keep it secure.
Security is not a software, but an activity that should not be abandoned
I would agree that the user is the key to privacy/security, but can't be all of it. We still have to use a browser, connect to the internet and wherever there is a financial incentive for people's data, someone will try to get it. So which browser is most aligned with the culture of Linux, which VPN and which add-ons/extensions/programs? Anonymity doesn't exist today in the daily driver category, but in the quest for privacy in a non-private world there has to be good options.
I've been messing around with the Privacy Badger and Ublock Origin system installs as well as PortMaster, Privoxy and dnss.
I think they're worth looking into for desktop use privacy and security.
Yeah they are some of the ones I heard of most often, but the Linux attitude is mostly that nothing can get to Linux, which falls under the stupid user category mentioned. Not every one wants to run several distro's but mainly just stay with one as a daily driver and make it as secure as possible. What no one on Linux ever mentions is metadata collection. Every site you visit is trying to get it. Linux users don't seem to understand that. Doesn't mean Linux is not safer than Windows, it is, but if your on the internet and there is the incentive for some one to sell your data, they will. Ubuntu had a small issue years ago but it was more Ubuntu collecting your data and I don't think they were selling it so not the same thing. Many programs will show you who all is trying to get data on you on every site, no info that I can find say's Linux protects you from that. I will look into the programs you mentioned, thanks.
Yeah they are some of the ones I heard of most often, but the Linux attitude is mostly that nothing can get to Linux, which falls under the stupid user category mentioned. Not every one wants to run several distro's but mainly just stay with one as a daily driver and make it as secure as possible. What no one on Linux ever mentions is metadata collection. Every site you visit is trying to get it. Linux users don't seem to understand that. Doesn't mean Linux is not safer than Windows, it is, but if your on the internet and there is the incentive for some one to sell your data, they will. Ubuntu had a small issue years ago but it was more Ubuntu collecting your data and I don't think they were selling it so not the same thing. Many programs will show you who all is trying to get data on you on every site, no info that I can find say's Linux protects you from that. I will look into the programs you mentioned, thanks.
This is just wrong. Browser vulnerabilities are largely independent of the operating system itself (not to speak about the fact that you can install the same adblock and similar plugins)
Quote:
Originally Posted by WhyLinux0
Linux users don't seem to understand that.
And again, this is just nonsense. How do you know that?
Let's use the full quote for clarity: "What no one on Linux ever mentions is metadata collection. Every site you visit is trying to get it. Linux users don't seem to understand that." That is absolutely true on both counts.
If browser vulnerabilities are "largely independent of the operating system" as you say, how exactly do you connect to the internet?
Let's use the full quote for clarity: "What no one on Linux ever mentions is metadata collection. Every site you visit is trying to get it. Linux users don't seem to understand that." That is absolutely true on both counts.
How do you know that? it is still just wrong.
Quote:
Originally Posted by WhyLinux0
If browser vulnerabilities are "largely independent of the operating system" as you say, how exactly do you connect to the internet?
There are several different ways, currently it is a mac, using vpn. But sometimes I use ubuntu or debian, sometimes MS Windows. Not to speak about android and other devices...
By the way, am I a linux user and I don't understand that or am I a windows user and I understand that?
it is never the OS itself, but the maintainer (admin) who can secure the system and keep it secure.
Security is not a software, but an activity that should not be abandoned
If you honestly believe that when you are connected to the internet and visit websites that no one is tracking your activities or collecting data about you...then you should follow your own advice above and simply not connect/browse as you will be the problem.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.