[HacktionLab] Basic security practice for Ubuntu

Garcon du Monde gdm at fifthhorseman.net
Thu May 9 16:27:31 UTC 2013 

hi,

On Wed, May 08, 2013 at 02:39:07AM +0100, johnc wrote:
> * As regards having an encrypted hard drive, hopefully that includes
> swap, root and home .... and the rest just excluding /boot. The last
> time I checked you couldn't do a fully encrypted install with the
> Ubuntu installer. It was one of the many reasons I changed to Debian.
> (This fact may be out of date though?!). To see why this is important
> do the following to your swap partition ( replace /dev/sda3 as
> appropriate).

as charlie said, this is now included in ubuntu: i recently talked
someone (remotely) through her first installation, at which she was
successful!! for additional security, you may also like to consider
using ecryptfs as well.

> strings /dev/sda3 >dump.txt
> This is mostly rubbish but I found wifi passwords in here before!

thanks john, i didn't know about that before (well, knew that it was
theoretically possible, but didn't know how...)!

> There's no shortage of key loggers though: lkl, uberkey, THC-vlogger,
> PyKeylogger, logkeys etc.

ditto i didn't know about these (again, never researched it but was
aware of the theory).

> I like RKhunter :-). I don't think there is a quick way to tell if
> reported file changes are bad but you could diff the file with the
> original.

yeah, rkhunter is good, particularly if you install it at the same time
you install your o/s on the machine - as then, you know that the machine
is definitely clean (well, you should do!!)

if you do this, then apt *should* check files (using rkhunter) to see if
they have been tampered with... although in my experience this didn't
always happen and sometimes i'd have to go back and do it manually....

[snip some interesting code for checking your file integrity]

wow, that was good! you are way more thorough than i am, and have taught
me some new methods for checking :) previously, i just looked if the
file time matched the times when i had upgraded it using apt (which of
course has some cryptographic checks built in) - but you've gone the
extra step and made sure that the package is exactly how you'd currently
expect.

i guess one flaw with your method is that you might miss 'hidden' files
- can't remember if rkhunter looks for them, or if it's other tools
(e.g. i often use 'tiger' i think it's called alongside).

solidarity,

	--gdm

-- 
GPG: 5607 E4BC C6B6 90F4 5EBC  B348 D01B 9D77 912F 963C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.aktivix.org/pipermail/hacktionlab/attachments/20130509/55e0b72d/attachment.pgp>

More information about the HacktionLab mailing list