[ubuntu-uk] linux & viruses
Tony Travis
a.travis at abdn.ac.uk
Wed Oct 21 13:18:20 BST 2009
Tony Arnold wrote:
> [...]
> Having said, that Linux is not immune from the hackers. My experience is
> that most incidents with Linux machines have been down to week or
> default passwords. Hackers can then get in and use the machine to scan
> other machines for weaknesses. My guess is if you put a machine on the
> netork with an ssh daemon running and a user name of david and password
> of david (for example), then it will be compromised within 24 hours or
> less. (I know someone who did exactly this).
Hello, Tony.
I second that: We got hit because a user with a dictionary name set a
password of 12345 ...
You can slow down 'brute-force' attacks using IP-tables with, for
example, "fail2ban", which is in the Ubuntu repo's. This 'bans' an IP
after a configurable number of failed login attempts.
However, it's not just SSH that you have to worry about: One of my
servers was recently caught sending 100,000 SPAM emails because it had
been compromised using a PHP exploit via port 80.
I've previously used "Nikto" to check web servers for vulnerabilities:
http://www.cirt.net/nikto2
I've used "nessus":
http://www.nessus.org/nessus/
In the good old days, "nessus" was GPL. Unfortunately, "nessus" is no
longer FLOSS and requires a paid for subscription for 'professional'
use. However, there is now a FLOSS fork of the previously GPL "nessus"
code called OpenVAS:
http://www.openvas.org/
I've been trying this out recently, and it looks very good!
Bye,
Tony.
--
Dr. A.J.Travis, University of Aberdeen, Rowett Institute of Nutrition
and Health, Greenburn Road, Bucksburn, Aberdeen AB21 9SB, Scotland, UK
tel +44(0)1224 712751, fax +44(0)1224 716687, http://www.rowett.ac.uk
mailto:a.travis at abdn.ac.uk, http://bioinformatics.rri.sari.ac.uk/~ajt
More information about the ubuntu-uk
mailing list