Hackers

[InvaderSumo]

So how exactly would someone go about making sure their newly installed Debian 12 install remains secure and "unhackable"
what are some things a new user should do to maintain privacy. besides making sure all things in my router are secured which i'm not worried about that considering the person who set up my wifi was an IT professional that worked for the government.

 

[CaffeineAddict]

So how exactly would someone go about making sure their newly installed Debian 12 install remains secure and "unhackable"

If you're not running any services on your system and if your NAT router blocks all by default you're pretty much "un-hackable" from the outisde.

The time when that stops being true is when you install software you do not trust, or use software sources that are not trusted or verified, as this way malware will simply bypass your entire firewall even if all blocking or what ever setup you configure.

So the answer is, it's all about you and your computing habits in that case.
When it comes to home users, hackers don't succeed hacking due to their skills but due to user mistakes.

I suggest googling about "safe computing" and read several articles about this topic, then adopt and practice as many advices as possible (most advices mean less enjoyment of using a computer but get used to it).

Here are 2 examples I keep in bookmarks:

Cybersecurity & Safe Computing | Information Technology

Safe Computing

informationsecurity.princeton.edu

But don't stop here, search for more and you'll find unique advices not mentioend on one site that exist on another.

 

[The Duck]

First and off keep it updated.

Enable the firewall.

sudo ufw enable

sudo ufw status verbose

A good read.

Security in Linux Mint and Ubuntu: an Explanation and Some Tips

Easy tips, tweaks and tricks for Linux Mint and Ubuntu, both for beginners and for advanced users. Complete starter's guide with simple how-to's.

easylinuxtipsproject.blogspot.com

The most import part of security is common sense web habits.

Rough duty for some users.

No there ain't a download for common sense.

 

[Terminal Velocity]

I trust the guys who maintain Debian 11, Firewall is a good idea at any case

 

[GatorsFan]

Most hackers do not go after the individual there is not much of a payout there, usually it is some kind of business or government agency. A hacker's main objective is usually to make money. Certain kinds of stolen data can get cyber-criminals billions of dollars globally each year. They are constantly looking for websites with easily exploitable security gaps. And ideally, websites that hold valuable lists of data such as names, Social Security numbers and financial information.

So if a hacker encrypts my drive (which has never happened) I just reformat and reload since I do not keep any important stuff on my internal drive anyway - I do not save any password in my browsers either, but use an encrypted password manager

 

[CaffeineAddict]

Most hackers do not go after the individual there is not much of a payout there, usually it is some kind of business or government agency. A hacker's main objective is usually to make money.

This is unfortunately not entirely true...
If one wonders what makes one hacker better than some other then it all boils down to how many zombies one collected or does have at their disposal.

What is a zombie?

Hackers who don't target companies are those who collect zombies usually with the aim for DDOS attack or email spam.
A hacker cannot do this from his own single machine, they needs 100's or 1000's of zombies for such activities.

You guess who those zombies are?
It's regular home users who will never guess their system is a zombie.

Even if such users have something of value (ex. steam account etc.) a hacker might not want to be detected by stealing users data, accounts or passwords to sell it, because having control of their machine alone if of far grater value to them to perform before mentioned things for which they'll be paid much more than what user's steam account is worth.

 

[GatorsFan]

This is unfortunately not entirely true...

The key word being most hackers not all - plus a zombie is usually a trojan, worm or virus infected machine coordinated in a botnet, usually Windows, not Linux
In the world of Linux, a zombie process refers to any process that is essentially removed from the system as ‘defunct’, but still somehow resides in the processor’s memory as a ‘zombie’.
Also sometimes referred to as a process in a ‘terminated state,’ a Zombie process is usually cleaned from the memory system through a parent process. But when the parent process isn’t notified of the change, the child process (zombie) doesn’t get the signal to leave the memory.

There is a difference between the two Zombies

 

[Alexzee]

So how exactly would someone go about making sure their newly installed Debian 12 install remains secure and "unhackable"
what are some things a new user should do to maintain privacy. besides making sure all things in my router are secured which i'm not worried about that considering the person who set up my wifi was an IT professional that worked for the government.

One of the things you can do is to ensure that your sources list is correct.

SourcesList - Debian Wiki

wiki.debian.org

Create a BIOS password and if need be: encrypt your HDD.

 

[InvaderSumo]

This is unfortunately not entirely true...
If one wonders what makes one hacker better than some other then it all boils down to how many zombies one collected or does have at their disposal.

What is a zombie?

Hackers who don't target companies are those who collect zombies usually with the aim for DDOS attack or email spam.
A hacker cannot do this from his own single machine, they needs 100's or 1000's of zombies for such activities.

You guess who those zombies are?
It's regular home users who will never guess their system is a zombie.

Even if such users have something of value (ex. steam account etc.) a hacker might not want to be detected by stealing users data, accounts or passwords to sell it, because having control of their machine alone if of far grater value to them to perform before mentioned things for which they'll be paid much more than what user's steam account is w

This is unfortunately not entirely true...
If one wonders what makes one hacker better than some other then it all boils down to how many zombies one collected or does have at their disposal.

What is a zombie?

Hackers who don't target companies are those who collect zombies usually with the aim for DDOS attack or email spam.
A hacker cannot do this from his own single machine, they needs 100's or 1000's of zombies for such activities.

You guess who those zombies are?
It's regular home users who will never guess their system is a zombie.

Even if such users have something of value (ex. steam account etc.) a hacker might not want to be detected by stealing users data, accounts or passwords to sell it, because having control of their machine alone if of far grater value to them to perform before mentioned things for which they'll be paid much more than what user's steam account is worth.

HEY HEY HEY! lmao...... we FOR SURE dont need people looking up what botnets are and getting any crazy idea -______-

 

[CaffeineAddict]

@GatorsFan
Zombie is a system that has been compromised, no root\Administrator access is required,
unprivileged malware will do the job as well.

For instance if you install some software that you'll run as regular user without root privileges that's already enough to turn your system into a zombie, it's not needed for seemingly trusted software to gain root access.

Folks think that their system is secure if they don't run something as root because no root access = not compromised, but that's just false because a hacker doesn't require root access to use someones system as zombie.

The only defense against this is carefully crafted outbound blocking firewall and monitoring logs.

 

[InvaderSumo]

Its best to just stay away from botnets & "zombie" machines unless apart of a big company. A single person at home could ONLY be doing bad things with such a thing. Unless that person is a professional penetration tester.

 

[GatorsFan]

Certainly! Here's an example code that demonstrates the creation of a zombie process and how it works in Linux:

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>

int main() {
pid_t child_pid;

child_pid = fork(); // Create a child process

if (child_pid < 0) {
fprintf(stderr, "Fork failed\n");
return 1;
} else if (child_pid == 0) {
// Child process
printf("Child process executing\n");
exit(0);
} else {
// Parent process
sleep(2); // Parent process waits for 2 seconds

// The parent process does not handle the termination of the child process
// It does not invoke wait() or waitpid() to collect the exit status

printf("Parent process executing\n");
printf("Zombie process created\n");
}

return 0;
}

In this code, a parent process creates a child process using the fork() system call. The child process executes a simple task and then exits using exit(0). Meanwhile, the parent process waits for 2 seconds using sleep(2) without collecting the child process's exit status.

The ps command is a versatile utility for process monitoring in Linux. By combining it with specific flags, you can filter and identify zombie processes. One common flag is -e (or -A), which displays information about all processes, including zombies. To specifically identify zombie processes, you can search for the 'Z' state in the STAT column.

Example:

$ ps ux

Output:

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND

webmast+ 162519 0.3 0.0 4624 3740 pts/346 Ss+ 11:54 0:00 bash
webmast+ 162597 0.3 0.0 4756 3960 pts/347 Ss+ 11:54 0:00 bash
webmast+ 162659 0.0 0.0 0 0 pts/288 Z 11:54 0:00 [zombie] <defunct>
webmast+ 162691 0.8 0.0 4756 3872 pts/315 Ss 11:54 0:00 bash
webmast+ 162699 0.6 0.0 4756 3816 pts/351 Ss+ 11:54 0:00 bash

This is what I meant by two different zombies - a Linux zombie is a process not a malware infection associated to Windows

 

[CaffeineAddict]

Certainly! Here's an example code that demonstrates the creation of a zombie process and how it works in Linux:

fork() is Linux specific function, not sure how it works but for Windows there is CreateProcess(), what this sample code does is similar to process hollowing, it basically creates a child process which runs shellcode locally that is usually encrypted on Windows machines and then decrypted in memory to avoid AV detection.

All clear, any piece of software can do this with or without root privileges.

But this is not "zombie", it's just malware which is most commonly found on torrent sites packed into "free to download" games and software which people download without realizing what they download is not really free but comes at heavy cost lol

 

[GatorsFan]

fork() is Linux specific function, not sure how it works but for Windows there is CreateProcess(), what this sample code does is similar to process hollowing, it basically creates a child process which runs shellcode locally that is usually encrypted on Windows machines and then decrypted in memory to avoid AV detection.

All clear, any piece of software can do this with or without root privileges.

But this is not "zombie", it's just malware which is most commonly found on torrent sites packed into "free to download" games and software which people download without realizing what they download is not really free but comes at heavy cost lol

It is called a zombie process not zombie

 

[CaffeineAddict]

It is called a zombie process not zombie

OK, seems this term applies to Linux only so I was not aware of it, thanks for letting me know!

 

[GatorsFan]

OK, seems this term applies to Linux only so I was not aware of it, thanks for letting me know!

No problem, that was my whole point, guess I did not explain very good earlier

 

[blunix]

So how exactly would someone go about making sure their newly installed Debian 12 install remains secure and "unhackable"

If workstation: unhackable isn't really a thing. Depends on who the adversary is. If you want to be reasonably paranoid, use Debian VMs in Qubes-OS. Its honestly easier than it looks and if you have a powerful box, you should try it.

If server: By following and help us update the The ULTIMATE Guide to Reasonable Security for your Debian/Ubuntu Linux Server for new Linux Admins.

what are some things a new user should do to maintain privacy.

Can you explain in detail how you percieve privacy? Google not tracking you? Your ISP not tracking you? Everyone else not tracking you?
There are certain levels to privacy. One simple step is a to use a more privacy friendly browser like librewolf, which doesn't save cookies, has an ad blocker build in and so on.
One more advanced step is to use whonix in qubes to browse the web through the tor browser.

besides making sure all things in my router are secured which i'm not worried about that considering the person who set up my wifi was an IT professional that worked for the government.

Congrats, you have just made yourself an attractive target Rule #1: Don't be an attractive target (as in dont run windows, always patch everything, don't tell the internet that you are in a position of power that makes it interesting to get r00t on your box).

Each device is responsible for its own security. Having a funky router doesnt help you when you click on a link in a well crafted phishing mail - but for example qubes OS can

 

[blunix]

Enable the firewall.

sudo ufw enable

sudo ufw status verbose

Please explain how enabling a firewall (following the example you gave sudo ufw enable) without configuring it (and then configuring it how?) does anything at all.

I am not against firewalls on workstations, but if you use one you have to open outgoing http, https, ntp, dhcp, smtp submission, imap, this, that, foo, bar, qux.
So if someone r00ts your box they can call upload your data / control your b0x via 443. smooth.
Why the firewall then?
On qubes-OS the firewall makes sense, as you have one VM for "email" and that email VM can talk to mail.gmail.com 465 and 993 and thats it. If someone r00ts that VM the attacker can still send out data by just sending mails with his own gmail. But if they try another port, you can log that. Its much more likely that they will try 443 first, so you could script sth to just stop the network in this case so you can investigate.

Why do we even need firewalls, on servers as well?

Lets say I install a new debian on a server. Then I apt install apache2 mariadb-server php-fpm and setup wordpress.

By default mariadb (for whatever dumb reason) listens on 0.0.0.0. If I don't notice that, THATS what a firewall is for.

Other than that you can filter outgoing traffic, and hope that the r00tkit tries to go out via IPs / ports that you blocked. In this case this will show up in the logs IF you configured your firewall to log rejected packets. Then you can feed that to a SIEM.

Anyone doing that on Mint?

Imho firewalls on workstations are total nonsense unless you run qubes, because iptables/nftables can't firewall based on processes (as in let thunderbird only talk to gmail.com 465 993.
So firewall on Mint is kinda. meh.
Just portscan your own box every now and then. Helps more in my opinion.

On the other hand if you play around a lot and install mariadb-server on your workstation, and then forget to configure it to listen on 127.0.01, ok, then maybe install a firewall. Set it up to block everything incoming. That doesnt hurt, granted. If you hang out in untrusted networks a lot I mean. For regular browsing from your apartment where you live with your gf, not to much gain.

Had to rant a bit when I read "firewall" in a workstation security thread I think oftentimes people misunderstand what firewalls are actually for. If traffic is incoming, but there are no open ports to the world, you don't need a firewall. If you filter outgoing, its kinda nonsense as on your workstation you DO allow outgoing 22, 443 and all of the other stuff, so exfiltration and c&c (command and control server communication) is not a problem, with or without firewalls.

 

[CaffeineAddict]

don't tell the internet that you are in a position of power that makes it interesting to get r00t on your box

That's great advice, don't share on internet anything about you, especially not your computer configuration, be careful what you share on forums too.

If you have to share computer config or logs, anonymize it with LLM such as private IP addresses or usernames.

 

[blunix]

PS: Privacy and security are two totally different things. The best way to be private online is to buy a second hand laptop in some alleyway, glue over the camera, go to a coffee shop that doesnt have cameras, use the box to do what you want to do and then sell it again.
This way you will look like everyone else. Security != privacy.
If you install qubes, and invest month into building the total overlord system, you will be FAR from private, as you will have a very unique fingerprint.
This is 2024, privacy is dead. Deal with it Install qubes, then you at least have security