What are the security measures to protect an MX Linux machine from Ransomware?

[joejac]

Hello,

I appreciate some information on hardening MX Linux security and specially: what are the security measures to protect an MX Linux machine from Ransomware?

Thank you and regards
joejac

[Gordon Cooper]

In that the recent world-wide Ransomware episode happened because of (1) a deficiency in Windows system coding and (2) the failure by many users to install the manufacturer's patch to repair that deficiency (users had about two months to do this before the episode), Linux overall was immune.

However, this may not be a permanent immunity, so all users need to take some responsibility for keeping their equipment free from malware. Be careful what you download and open. Some related reading is at: https://en.wikipedia.org/wiki/Computer_worm, with links to related pages about virus etc.

[joejac]

Thank you Gordon.
Regards
joejac

[rokytnji.1]

Well, wine does not come as a default install when you install MX. I call that a plus and a preventive measure. It is up to the user/option to run Windows stuff in MX.

All I can say as a AntiX long time user and team member. Plus a Mepis/MX user since version 6.0. Nobody has hijacked/pwnd my gear in all these years.
But I now know how to drive these things a little better than when I 1st started.

I wonder though. Because I don't really know. If users running XP,Vista, 7, 8, 10 in VM can say the same I just said. I mentioned wine because of this.

2. Can I get affected by using Wine?

Short answer: Yes. Since Wine emulates almost every behavior of the Windows environment, the worm can actually try to find ways on how it can affect you. The worst case scenario is that depending on the direct access wine has to your Ubuntu system, some or all parts of your home will be affected (Did not fully test this. See answer 4 below), although I see a lot of roadblocks here for how the worm behaves and how it would try to encrypt a non ntfs/fat partition/files and what non-super admin permission would it need to do this, even coming from Wine, so it does not have full powers like on Windows. In any case, it's better to play on the safe side for this.

Source: https://askubuntu.com/questions/914623/ ... inux-users

[skidoo]

hardening:
Do not autostart unneeded services. Disable any pre-installed services you don't plan to use. Blacklist any unneed/unwanted kernel modules.
References, for study:
https://github.com/fcaviggia/hardening- ... acklist.sh
https://linux-audit.com/kernel-hardenin ... x-modules/
http://bookofzeus.com/harden-ubuntu/
http://bastille-linux.sourceforge.net/R ... eport.html
https://linux-audit.com/linux-server-ha ... e-systems/
https://www.cyberciti.biz/tips/linux-security.html

=====================

employ a reasonably-configured firewall (and,whenever possible, connect your system from behind a NAT router)

=====================

(read about and) apt-get install firejail
so that you can run individual programs in a sandbox

=====================

To prevent accidental launching of root-permissioned firefox, you can create an empty, read-only file /root/.mozilla
Accidental? Yeah, like if you've launched `gksu thunar` for instance...
if you click its "about} Help" button, it might (I don't recall) open a browser and attempt to retrieve the online docs from hzzp://xfce.org
Quite a few programs nowadays rig the Help button to load online docs.

=====================

"hardening" is only half a solution.
Here are a few "common sense" BestPractices:

Be mindful when running 'code found online'
and
Never copy/paste web-snipped code directly into terminal !
ref: https://nakedsecurity.sophos.com/2016/0 ... web-pages/
ref: http://thejh.net/misc/website-terminal-copy-paste
ref: https://news.ycombinator.com/item?id=5508225
ref: https://www.reddit.com/r/netsec/comment ... inal_demo/

Similarly, I would never (but it's becoming an increasingly common practice)
paste a found-on-the-web commandline involving curl (or wget) ...and sudo (and/or `sh` or `bash`)
curl http:/gitmeuptodate/iwantapony .......... | sudo -h somescript.sh
(Same goes for blindly performing `git clone hzzp:/zingerbuster ... | sudo makemeasandwich)

=====================

Install & use defensive browser extensions, like: uBlock, RequestPolicy, AdblockPlusMinusSquared...
(to marshal which 3rd-party sites your browser interacts with)

Educate yourself:
Decide which "default, as-shipped" browser preferences are "sane" (vs not)
https://www.ghacks.net/2017/04/30/firef ... s-changes/
https://github.com/ghacksuserjs/ghacks-user.js

[joejac]

Hello and thanks a lot to all for this valuable information.
Best regards
joejac

[seco]

The No. 1 rule for protecting Linux in general is updating!
However, I review this list when creating a new node
I love paranoid security tools which send a mail for every change happened.
Regards,

[Jerry3904]

Great for servers, though I doubt about its relevancy for our users. We have sysadmins using MX, but I can't remember anyone running MX on a server (except for personal use).

BTW: this is an old thread, and it is usually better to start a clean thread in such a case.

[rokytnji.1]

I've been through a past experience where I used these tools to check certain things out.

https://haveibeenpwned.com/Passwords
https://haveibeenpwned.com/

Edit: Just saw the necro reference. I can delete my post if you wish.

[Jan K.]

Unless there's something wrong with Lynis... Security Auditing Tool https://cisofy.com/lynis/

Looks nice to me, have no experience with it, but have planned to use it on "the upcoming install" (tm)...

Anyone with experience of it?