Ceci est une ancienne révision du document !
Don't kernel panic! Gord will be back shortly for more of your questions.
In this new section Michael Boelen (creator of Lynis) will answer your Linux security questions. Do you have a question on Linux/Ubuntu security for Michael? Please email it to: misc@fullcirclemagazine.org.
From Ben McTee: I’m currently running Xubuntu 13.04 as a music, video, and file server for my home and abroad. I have an SSH server set up with key authentication only (password is disabled). In order to access my server remotely, port forwarding is enabled on my Airport Extreme router, forwarding all port 80 traffic to my server. I have Plex Server installed and set up to allow streaming of videos to my devices while I am away from home. Additionally, I use Webmin to manage services, servers, SAMBA, and other tasks on the Xubuntu machine. Are there checks I can perform, either locally or remotely, to ensure an attacker is not able to gain access to my system from outside the network? I have read of security flaws in Webmin, but at the same time love it for its convenience.
MB: If a malicious person (or script) would like to enter your network, it’s a matter of finding the weakest link. One way to find this is using a well-known network port (like port 80) combined with a piece of easy identifiable software (e.g. Webmin). There are few things which can be done to strengthen the weakest links: use a non-standard port to thwart most malicious scripts, encrypt data if possible, limit access by using an IP filter or an additional layer of authentication. In your case, you already applied several of these methods. One way to test them is to check what ports are open from “outside”, and check if others can determine what you are running. As always, apply security patches to those packages with known vulnerabilities, especially if they listen on the network.
From Ben McTee: What is the best method of automatically notifying me if an attack is being attempted on my network (port scanning, for example).
MB: One should first know the definition of an attack. Unfortunately this differs for every individual or company. In the field of security incident response, we consider mainly any events which are outside normal behavior, and with a clear malicious intent. Port scanning would therefore not be an attack or a trigger for security incident response. It’s simply a common thing on the internet, similar to brute forcing accounts via SSH. But performing a distributed denial of service on your system is considered malicious and not a daily event. So my advice is to decide first what you want to protect and what you would do with events occurring. Would you investigate each port scan attempt and would it be worth the time?
To test your PCs security, see Michael's HowTo article earlier in this issue on Lynis.