[ubuntu-uk] Security on Ubuntu
ajt at rri.sari.ac.uk
Sun Mar 4 20:10:05 GMT 2007
Adam McMaster wrote:
> Installing a rootkit would require the attacker to already have
> access, or to have some way of running arbitrary code. No-one's saying
> this is impossible under Linux, but rootkits aren't anything special
> and their existence doesn't make Linux "as vulnerable" as Windows.
> Having said that, I do recommend rkhunter for anyone wanting to check
> for rootkits -- I use it on my servers.
> As for being attacked by botnets, what in the default Ubuntu install
> would they be attacking? There are no services running...
There's a balance to be struck between scaremongering and complacency in
the realm of computer security. What concerned me about the discussion
going on here was the impression I got from reading it that some people
think Unix/Linux is not vulnerable to attack because it's not vulnerable
to Windows viruses etc. All you have to do is run a java-enabled web
browser on your Linux box and be tricked into downloading a malicious
Java applet or application to expose your system to platform-independent
attack. For example:
It's common sense that as Linux increases in popularity it will be
targeted more and more by cross-platform virus and Trojan writers. Many
attacks exploit known weaknesses in software such as buffer overflows
etc. to gain root access. In my own recent(!) experience, a security
weakness in PHP resulted in a botnet attack penetrating my defences. All
I was doing was running a website using the TikiWiki PHP-based CMS...
Security gaps plugged now, but I can tell you it pays to be vigilant!
A good way to attack your own defences is to run a port scan using
Gibson Research's ShieldsUP!:
I think it's a mistake to suggest that Ubuntu is 'safe' because there
are 'no' services running on it by default. What you probably mean is
there are no externally accessible services. All you have to do is use
an insecure IRC client to expose your system to attack by botnets, In
the end, the simplest thing to do is use a router with a firewall to
connect to the internet. It's people who make computers insecure by the
way they use them and I'm as guilty of that as anyone else. However, it
does help me to know that if I accidentally expose my system to attack
there are some defences in place to minimise the damage to my system.
Dr. A.J.Travis, | mailto:ajt at rri.sari.ac.uk
Rowett Research Institute, | http://www.rri.sari.ac.uk/~ajt
Greenburn Road, Bucksburn, | phone:+44 (0)1224 712751
Aberdeen AB21 9SB, Scotland, UK. | fax:+44 (0)1224 716687
More information about the ubuntu-uk