Caluser2000
Member
Yip. And your ISP provided router has a hardware Firewall built in....No need to activate a secondary software one at all at all...
It's just another wasted process. A hang on from the old dial up dayz.
Last edited:
How do you know that your Linux system isn't infected?
- Thread starter Trynna3
- Start date
It's just another wasted process. A hang on from the old dial up dayz.
To be honest, I haven't had infection (that I would know of) in Windows for maybe longer than that. I do't really remember being infected, other than just tracking cookies. Before I reinstalled my recent Win10 because it was messed up, full scan by Norton or Malwarebytes found nothing. So I can safely assume it wasn't an infection that messed it up either.
Having a bit of time now, 'aide' is a completely new thing for me. I asked the bot. Does this sound right? Sorry if the text is long and maybe not quite what it should look like. It doesn't all fit into one screenshot to have it in the original view.
AIDE (Advanced Intrusion Detection Environment) is a tool used to monitor the integrity of files on a Unix-based system like Debian. It works by creating a database that contains information about the state of the files on your system at a given point in time. This database can then be used to detect unauthorized changes to your files, which could indicate a security breach.
Creating a database with AIDE involves the following steps:
- Install AIDE: First, you need to install the AIDE package on your Debian system.
sudo apt update
sudo apt install aide - Configure AIDE: The main configuration file for AIDE is usually located at /etc/aide/aide.conf. You may need to edit this file to specify which files and directories you want AIDE to monitor. The configuration file contains rules that define what file properties AIDE should check (e.g., file permissions, inode number, file contents).
sudo nano /etc/aide/aide.conf
Here's a basic example of what you might add to aide.conf:
# Directories to monitor
/etc p+i+n+u+g+s+b+m+c+md5+sha256
/bin p+i+n+u+g+s+b+m+c+md5+sha256
/sbin p+i+n+u+g+s+b+m+c+md5+sha256
/lib p+i+n+u+g+s+b+m+c+md5+sha256
This configuration will monitor the /etc, /bin, /sbin, and /lib directories and check for various file properties. - Initialize the AIDE Database: Once you have configured AIDE, you need to initialize the database. This step involves scanning the current state of the filesystem and creating the initial AIDE database.
sudo aideinit
This command will create a new database file, usually named aide.db.new. The exact location might depend on your distribution's configuration, but it's often found in /var/lib/aide. - Move the New Database to the Active Database: After creating the initial database, you need to move the newly created database file to the location where AIDE expects to find its active database.
sudo mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db - Set Up Regular Checks: To regularly check the integrity of your files against the AIDE database, you can set up a cron job. This will run AIDE at regular intervals (e.g., daily) and report any changes.
sudo nano /etc/cron.daily/aide
Add the following lines to the file:
#!/bin/sh
/usr/bin/aide --check
Make the script executable:
sudo chmod +x /etc/cron.daily/aide - Review AIDE Reports: AIDE will generate reports on any discrepancies it finds. You should regularly review these reports to ensure no unauthorized changes have occurred. Typically, the output of the AIDE check is sent to the system's mail or logged in a file.
My father still runs on Win7 on his dinosaur laptop, but he is now aware that he better upgrades his system. We had a chat and he is now aware he will be in for a shock over the new Windows. He isn't using it too much and I mentioned him the S mode, that should be super safe (assuming the MS store won't host a malware again).
I have become an advocate of switching to Linux, and last week I had this XZ thrown into my face from someone who probably won't switch ever. I learned about it about a month or two ago, watched a few channels and reading a couple articles explaining it so I have quite an insight what it was about. This could happen to anyone, in any software company giving privileges to strangers. It was a result of over 2 years of social engineering more than anything. Even in established companies like Microsoft, in the global world and international teams working on things, state agents (from China particularly) could infiltrate the team and push something sneaky into the code, any time. It is a jungle out there. CCP has time. A lot of it. And a lot of people to use and dispose of.
Will need to look closer to this one. Thanks.Firejail
Use your distribution's default configuration first. You can always customize it later.
That "S" mode is not for safety. it is for security of microsoft profit. It makes it impossible to install anything other than microsoft product from their store. NOTHING else will install or run. it is a poorly designed way to stop malware. It is much like driving you car only on the driveway so it doesn't get damaged. It does work but makes the car useless.
S mode is going to cause issues if he wants anything that microsoft doesn't approve. Elderly here hate it and I remove it often. Get him into linux, I have many seniors using it and they love it.
S mode is great for M$ profits but not for people.
It took me years of gradual learning of Microsoft, still not half way to an expert, so I will need a lot of advice how to do what in Linux as things are a bit different there. On the bright side, the company I queried about my lifelong Superantispyware licence about half year ago (could be just 4 months or so) just got back to me with the key... I will start believing in miracles. I thought they just pushed me aside and left forgotten. And yet, the email that came with a link to the website ending .exe sparked a suspicion in me... sounds dodgy. LOL. I will sandbox it first.
I see your point, but he is a senior and does little on his machine. The S mode would be just sufficient with all the apps in the MS app store. I explained it to him, that he won't be able to install anything from outside, I wrote a lengthy email and he said he will print it out and digest. We live half a continent apart and getting him on Linux is probably not an option.
Enabling the Firewall adds another layer of protection...which you don't seem to care about but I do.
My mother is on the other side of the continent and nearly exactly a continent apart, adjacent corners. She is a bit smarter than the average senior but she can run linux and has no problems. I wouldn't strand somebody with windows just because they are far away. remote support like anydesk might help. I just hate to see anybody go to M$ if it can be avoided.
You need to forget everything windoze and that means everything...otherwise you won't get anywhere with Linux. At the end of the day when you've been using Linux for a while...you'll know what some of us are saying is true.
In Linux you need a password and sudo to do nearly everything because Linux is all about security, which windoze is not.
I'm no expert...just an average user but I try to learn. You'd be surprised how many websites give you the wrong information when it comes to Linux especially when it comes to antivirus...cleaning tools and defragging.
I have set up my UAC in Win to the top level, so I had at least some control over what was happening in my PC. Some malware could be evasive though. You could install something you trusted by giving it access, that was logging your keys and from then on it would know your passwords. I have seen a malware purchased by an IT professional on the black market, he literally made an order for a malware that would escape WM in Windows. And the bastard delivered. For 5 grand. Sandbox can also leak.
I am not trying to disprove you guys, I am saying that nothing is impossible in the software world. Ever heard about the Pegasus spyware? That for mobile devices, but who knows?
Thanks for reminding me the defrag stuff. I now have mostly SSDs, but I am going to revive that Asus laptop, even fix the broken hinge, and maybe give it some light distro. That has a HDD. I could be tempted defragging, but will remember not to in Linux.
Linux doesn't spit out fragmented files as windoze does so there's no need to defrag anything and never defrag an SSD because it will kill it and we don't want that.
from what I read, Linux is intentionally fragmented on a mechanical drive. done to take advantage of the spinning and heads reading. If the file is properly fragmented it will read faster than a linear file. Of course on an SSD this is irrelevant. Bottom line is NEVER try to defrag a linux drive.
An APT is an Advanced Persistent Threat which is usually connected to a national government. ClamAV is anti-virus software that runs in Linux. ncat, pgrep, ps, and top are Linux programs in /usr/bin. sshd is the Secure Shell server daemon in /usr/sbin. Man pages are your friend. Don't be afraid to use them. nft is Network Filter Tables. The package uses the name nftables.
Signed,
Matthew Campbell
One of the big reasons why people attack Windows is because it is such a buggy mess. It has so many vulnerabilities.
Signed,
Matthew Campbell
This is not even close to true. Each host should have its own firewall. Your ISP router provides connections on a private local network so it must use Network Address Translation (NAT) to allow multiple hosts to access the Internet using a single public IPv4 address. See RFC 1918. Going inward into such a local network requires what is known as port forwarding or using what is known as a demilitarized zone (DMZ). Not all ISPs necessarily use the same hardware. Some ISPs may use their own firewall on their side of the demarc, the line that determines whose responsibility an issue is, while others may use something inside the hardware they rent to the customer. Some ISPs may allow a customer to buy their own equipment and thus may not have the same level of control over it. An APT has successfully hacked my ISP router and reflashed the firmware to do their bidding. Search for Project Cherry Blossom. They then went on to use that to run a Denial Of Service (DOS) attack on my computer, even though my computer was connecting to a different wifi on a different local network and using a different wifi channel. The thing is, it's better to be safe than sorry. A decent firewall really doesn't incur that much overhead and is certainly worth having. People with such an attitude about cybersecurity are what those in the business call low hanging fruit. Black hat hackers really love people like that since it makes their job so much easier.
Signed,
Matthew Campbell
The whole idea of disk defragmentation is about trying speed up hard drive access by keeping the whole file together so the hard drive doesn't have to seek around to look for the next chunk of the file. Hard drives are a lot faster than they used to be, a lot faster. It really makes me wonder if defraging on any OS would be helpful at this point. Since SSDs don't use heads that move around defragmentation becomes pointless and even harmful. I do try not to write to two different large files on the same Linux file system at the same time to try to avoid causing such an issue, but I really doubt it would significantly influence performance either way. @APTI looks like a pretty knowledgeable guy. I think it would be wise to listen to him.
Signed,
Matthew Campbell
Signed,
Matthew Campbell
Similar threads
Staff online
-
wizardfromozAdministrator
Latest posts
-
-
-
-
Solved Help Save My Hair_Speaker Ticking Sound_ Tick Tick Tick Tick.....
- Latest: Sherri is a Cat