Keep Your Unix-Based System Safe This Summer (Part1)

Protecting your systems against all manner of intrusions will provide more safety for your virtual life, by using complex passwords and a regular file check against changes, plus restricting anything and everything will keep these threats away.

Computersremain the easiest point to compromise if there is a physical access. At schools, universities, cafes or the airport many people use their computers without locking the session.

Lock screen comes as the first and most important reflex to protect your machines physically. Locking the screen is possible over a keyboard combination:

Ctrl+Alt+L (KDE and Gnome) and Ctrl+Alt+Del (Xfce). The same can be done from the command line: KDE $ qdbus org.freedesktop.

ScreenSaver / ScreenSaver Lock
Gnome $ gnome-screensaver-command-l
Xfce $ xflock

For other cases, you can use the command:

$ Xscreensaver-command-lock

Or you can install program from xlock, xscreensaver if not activated. The console is an analog vlock. This will help in Locking Popular text window managers, such as GNU Screen and Tmux that we mentioned on a previous post.

Locking the screen will not bring much benefit if we are keeping the Boot from CD/USB on Bios level enabled, because there are many Linux Live CD that can help in removing different session passwords.

Booting from any media except from the hard disc should be disabled, and set a password on the CMOS setup. For better reliability, reset the file/etc/security where entry is possible under the account root.

If a person managed to steal your password, you can use command last to display a list of all users logged in (and out) since that file was created or check file (~ /. history, ~ /. bash_history) for logs.

Then there are some important things to do while Installing or using the system:

1 – Do not click on icons that you do not know, as various malicious commands UNIX-shell that can be masked.

2 – Do not use the configuration files without reading them.

3 – Do not install software patches without reading their contents, or at least make sure that they were obtained from reliable sources. There is no guarantee that the patch does not contain backdoors, malicious code.

4 – Do not install packages manually from other websites. All normal distribution has a remote repository, in which all packages have a verification hash code. In an extreme case, download the package from sites that identify themselves using certificates.

5 – Always download into a temporary subdirectory of your home directory and check their content before unpacking.

6 – Create a file «-i» in the root directory (touch /-i). This will make as user permission before deleting each file in the root directory.

In next part we will be looking further for different configuration to make your Unix-Based system safe this summer.

make sure you subscribe to my RSS feed!