[ubuntu-uk] Security on Ubuntu

Tony Travis ajt at rri.sari.ac.uk
Sun Mar 4 20:10:05 GMT 2007 

Adam McMaster wrote:
> [...]
> Installing a rootkit would require the attacker to already have
> access, or to have some way of running arbitrary code. No-one's saying
> this is impossible under Linux, but rootkits aren't anything special
> and their existence doesn't make Linux "as vulnerable" as Windows.
> Having said that, I do recommend rkhunter for anyone wanting to check
> for rootkits -- I use it on my servers.
> 
> As for being attacked by botnets, what in the default Ubuntu install
> would they be attacking? There are no services running...

Hello, Adam.

There's a balance to be struck between scaremongering and complacency in 
the realm of computer security. What concerned me about the discussion 
going on here was the impression I got from reading it that some people 
think Unix/Linux is not vulnerable to attack because it's not vulnerable 
to Windows viruses etc. All you have to do is run a java-enabled web 
browser on your Linux box and be tricked into downloading a malicious 
Java applet or application to expose your system to platform-independent 
attack. For example:

	http://www.tenebril.com/src/spyware/malicious-java.php

It's common sense that as Linux increases in popularity it will be 
targeted more and more by cross-platform virus and Trojan writers. Many 
attacks exploit known weaknesses in software such as buffer overflows 
etc. to gain root access. In my own recent(!) experience, a security 
weakness in PHP resulted in a botnet attack penetrating my defences. All 
I was doing was running a website using the TikiWiki PHP-based CMS...

Security gaps plugged now, but I can tell you it pays to be vigilant!

A good way to attack your own defences is to run a port scan using 
Gibson Research's ShieldsUP!:

	http://www.grc.com/

I think it's a mistake to suggest that Ubuntu is 'safe' because there 
are 'no' services running on it by default. What you probably mean is 
there are no externally accessible services. All you have to do is use 
an insecure IRC client to expose your system to attack by botnets, In 
the end, the simplest thing to do is use a router with a firewall to 
connect to the internet. It's people who make computers insecure by the 
way they use them and I'm as guilty of that as anyone else. However, it 
does help me to know that if I accidentally expose my system to attack 
there are some defences in place to minimise the damage to my system.

	Tony.
-- 
Dr. A.J.Travis,                     |  mailto:ajt at rri.sari.ac.uk
Rowett Research Institute,          |    http://www.rri.sari.ac.uk/~ajt
Greenburn Road, Bucksburn,          |   phone:+44 (0)1224 712751
Aberdeen AB21 9SB, Scotland, UK.    |     fax:+44 (0)1224 716687

More information about the ubuntu-uk mailing list