On Wed, 13 Jan 2021 02:17:35 +0100, Per Christensen wrote:
> And when using a maintained and regularly updated Slackware 14.2 the big
> question is - is a basic Linux home office system these days (e.g with
> telnet, database, web-server uninstalled etc.) and running Firefox and
> Thunderbird as secure as, or perhaps even to prefer over other operating
> systems when "working from home"?
Simply running a stock Slackware system connected directly to the
internet will not be secure as by default Slackware will have a lot of
ports open including ssh. It is prepared to become secure by adding some
kind of /etc/rc.d/rc.firewall and, as you say, you will need to keep it
updated with security patches.
Another, for most but not all obvious, thing to do is to add one or more
ordinary user accounts to the system for your everyday work. If such a
user account gets compromised the malware or intruder will only be able
to affect files which that user has access to. A normal user will not be
able to do things like wiping out traces in the log files or overwrite
system binaries like /bin/ls with malware versions.
But just running a stock Slackware will not make you safe just because it
is Linux. In my firewall I have done a port forward of the somewhat
customized port 2222 to the ssh port 22 to a machine in my DMZ network.
Even though I have ssh on a non standard port this is what comes into my
log files:
-8<--------------------------------------------------------------------
...
Jan 13 07:40:37 igor sshd[8241]: Failed password for invalid user atom
from 47.241.11.61 port 54948 ssh2
Jan 13 07:40:37 igor sshd[8243]: Failed password for invalid user ts3
from 208.109.11.24 port 51198 ssh2
Jan 13 07:40:56 igor sshd[8245]: Failed password for root from
202.73.13.139 port 53520 ssh2
Jan 13 07:41:24 igor sshd[8247]: Failed password for root from
121.54.189.15 port 38664 ssh2
Jan 13 07:41:53 igor sshd[8249]: Failed password for invalid user
q3server from 115.159.200.183 port 40402 ssh2
Jan 13 07:42:09 igor sshd[8253]: Failed password for invalid user rust
from 202.73.13.139 port 41648 ssh2
Jan 13 07:42:38 igor sshd[8255]: Failed password for invalid user ntps
from 47.241.11.61 port 58024 ssh2
Jan 13 07:42:42 igor sshd[8257]: Failed password for invalid user user001
from 180.76.61.29 port 37338 ssh2
Jan 13 07:43:11 igor sshd[8259]: Failed password for invalid user
ftp_test from 115.159.200.183 port 52232 ssh2
Jan 13 07:43:12 igor sshd[8261]: Failed password for invalid user
postgres from 159.203.37.91 port 49854 ssh2
Jan 13 07:43:21 igor sshd[8263]: Failed password for invalid user irina
from 202.73.13.139 port 58002 ssh2
Jan 13 07:43:28 igor sshd[8265]: Failed password for root from
121.54.189.15 port 48279 ssh2
Jan 13 07:44:29 igor sshd[8269]: Failed password for invalid user dev
from 115.159.200.183 port 35834 ssh2
Jan 13 07:44:32 igor sshd[8271]: Failed password for invalid user ftp
from 202.73.13.139 port 46124 ssh2
Jan 13 07:44:32 igor sshd[8274]: Failed password for invalid user
testuser from 173.24.113.136 port 41062 ssh2
Jan 13 07:44:36 igor sshd[8273]: Failed password for invalid user csgo
from 47.241.11.61 port 32874 ssh2
Jan 13 07:45:36 igor sshd[8279]: Failed password for root from
121.54.189.15 port 57897 ssh2
Jan 13 07:45:46 igor sshd[8281]: Failed password for invalid user user
from 202.73.13.139 port 34242 ssh2
Jan 13 07:45:58 igor sshd[8285]: Failed password for invalid user test
from 173.24.113.136 port 34248 ssh2
Jan 13 07:46:02 igor sshd[8283]: Failed password for daemon from
115.159.200.183 port 47664 ssh2
Jan 13 07:46:12 igor sshd[8287]: Failed password for invalid user
postgres from 159.203.37.91 port 40130 ssh2
Jan 13 07:46:37 igor sshd[8289]: Failed password for invalid user hadoop
from 47.241.11.61 port 35958 ssh2
Jan 13 07:47:02 igor sshd[8293]: Failed password for invalid user steve
from 202.73.13.139 port 50600 ssh2
Jan 13 07:47:02 igor sshd[8291]: Failed password for root from
192.144.167.212 port 55884 ssh2
Jan 13 07:47:21 igor sshd[8296]: Failed password for root from
173.24.113.136 port 56514 ssh2
Jan 13 07:47:44 igor sshd[8298]: Failed password for invalid user vijay
from 121.54.189.15 port 39283 ssh2
Jan 13 07:48:15 igor sshd[8300]: Failed password for invalid user tom
from 202.73.13.139 port 38722 ssh2
Jan 13 07:48:34 igor sshd[8325]: Failed password for invalid user ftpuser
from 208.109.11.24 port 64419 ssh2
Jan 13 07:48:35 igor sshd[8319]: Failed password for invalid user butter
from 47.241.11.61 port 39040 ssh2
Jan 13 07:48:41 igor sshd[8329]: Failed password for root from
173.24.113.136 port 49956 ssh2
Jan 13 07:48:45 igor sshd[8327]: Failed password for invalid user git
from 192.144.167.212 port 45760 ssh2
Jan 13 07:49:25 igor sshd[8350]: Failed password for invalid user tmpuser
from 159.203.37.91 port 58638 ssh2
Jan 13 07:49:29 igor sshd[8356]: Failed password for invalid user cesar
from 202.73.13.139 port 55080 ssh2
...
-8<-------------------------------------------------------------------
I have a cron job running every hour which parses the log file for IP
addresses failing too many times and routing those IP addresses to /dev/
null. The list of IP addresses being routed to /dev/null at the time of
this writing contains 30840 entries.
An unprotected Slackware machine with ssh open to internet will get
broken in to with root access within minutes, hours or days by brute
force depending upon the strength of the password. It is a rather good
idea to add the line "PermitRootLogin no" to /etc/ssh/sshd_config.
regards Henrik