You would be amazed at how many legacy systems are frozen in update time out of fear that running updates will break systems that no one remembers how to fix...
Mine keeps showing me propaganda about some "Wish Granter" in the center of The Zone. Screw that, I'm not going beyond Brain Scorcher for a fairy tale.
This is one of your better videos Chris. You going into the terminal and showing people what you mean and how to do things is what people want I think.
While it might be more complicated to use, I highly prefer iptables over uwf, it allows for better finetuning and mastery. The mean and short version: allow all "localhost traffic" allow outgoing traffic (mostly) log + allow incoming traffic only if you really use it (like your network printer, ...) preferably with its real IP address everything else, shoot on sight :-D (that includes forwarding traffic) TBH: if all you have is a desktop machine, you shouldn't have that much incoming traffic to begin with.
Regarding kernel version 3.7 or later...a lot of enterprise retail companies (Walmart, Ahold-Delhaize, etc) use much older kernels, such as 2.6, as they are unable (or unwilling) to update their systems past an ancient distro (something like RHEL 6.5). It's an unfortunate reality within larger organizations for us lowly engineers - one where the company refuses to upgrade because of the old "if it works, why fix it", and because there isn't really a single conglomerate like Microsoft forcing updates down their throats - thus allowing them to kinda just install it once and leave it alone for all of time and eternity.
Having done some Embedded Linux development, I have had to use an old version of the Linux Kernel that was from something like 2.x because the audio chip wouldn't run on later kernels. We were also running on a very low power microprocessor, something with 144 pins and DDR memory. It happens, but in my experience, things like that aren't internet connected and are used for stability in the given task. There are edge cases, and it does happen, but it probably isn't very common.
It’s extremely common. Most of the most important coms and military systems on earth are still on windows 98 or XP, as are many governments on earth still using ancient licenses for banking, and fax for communication, and floppy for cold storage. I think it’s actually very common
Secure boot is more of a last resort and can be a hassle. I'd say use a bios boot password, limit the media you can boot to by default, and encrypt your laptop instead in general.
Well I think it isn't meant for home users as much, but for enterprise users...I wouldn't be amazed if there are some small companies running an old application on CentOS 6 without any updates.
I find that the best way to avoid drovorub aside from making sure you have latest security updates and everything else is to act on internet like anybody else. Don't do anything that will make you stand out and you won't catch attention from bad guys since you won't be interesting to hackers and they won't attack your pc since you're basicaly nobody. Don't stand out on internet and you'll be safer than somebody who stands out for any reason.
Hey Chris. I want to thank you for all your Linux videos and windows videos, especially Linux they've helped me out greatly! I was wondering if you've ever used firejail? And regardless if you have or haven't, could you do a video on it?
Eventually I'll get there. However, I'm still working my day job and not exactly ready for it right now. I'd love to buy a split AC system so I don't have tons of background noise I have to fix in post or get a room larger than 8x10, but this is at least a year away.
I’m right with you in not using secureboot, every time I turn it on my Linux Razer laptop (whose motherboard isn’t inherently Linux-aware) fails to load the GUI since it fails to detect the GPU
Useful information! I run Ubuntu on ZFS and that is not an UEFI install. I'm afraid of crashing the system, changing it to UEFI install. I did run the checks and my unsigned modules are 3 from VBox :) I moved all my "work/hobby" to Virtual Machines and with one exception, the Host OS and the VMs are closed for inbound traffic. The Ubuntu 16.04 LTS Banking VM has Linux 4.15.0-112, so I'm safe there, beside it is the VM, whose virtual disk is encrypted by Virtualbox :). The only systems with some open ports are my backup server and my laptop and they are powered-on for 1 hour/week (back-up server) and say 3 hours/week (laptop). If I go on the road, my Host OS on the laptop will be closed for all inbound traffic too, its VMs are an up-to-date copy of the desktop VMs :)
Great video, as a newer user to Linux it's taking me awhile to review all terms mentioned, but I'm enjoying and learning from your videos. I have 116 (yeah that's right, 116) unsigned kernel modules in Linux Mint 19.3 Tricia. Wondering why?
I don't understand the Drovorub test. In Terminal: touch testfile; echo “ASDFZXCV:hf:testfile” > /dev/zero But I receive no answer from the Terminal...
Read Peter Riches comment on your web page and the following worked for me; "shortened the grep pattern: "signature" to "signat" and then none of them came up as unsigned." In Linux Mint 19.3, I now had only three; all Virtual Box related.
My kali usb is non writable so I'm assuming the only way for them to continue this is to make it to where the partition that contains the necessary files for this to work.
I've tried reinstalling kali but the /media partition won't unmount which I'll assume is where the module is located. Or some process that doesn't want the partition unmounted, especially when it will be formated during the kali installation.
Dear Mr. Titus, question about ufw ports. I use qBitTorrent and I'd like to know how to set "safely" the network tab. 1. Should I "allow" port 36013 in ufw? 2. Should I check "Use UPnP/NAP-PMP to open the router"? 3. Protocol: TCP & uTP, or TCP only? Should I set some server proxy? Many thanks in advance.
a good video chris one problem is that secure boot is not safe to use sens there has been vulnerability in it, don't know if microsft have patch it but.
It didn't surprise me about the kernel version. At least they know that the Internet is full of Linux machine still running kernel under v3.7 which is notoriously bad especially router and IoT devices.
Yeah I'm new to the whole Linux scene, but even I know there's some Linux users holding ancient kernels, just because they can. Probably Arch users. ;) lol
Hi. I just would like to ask should one who Linux Kernel 5.4.0-42Genric care about this Malware? I use FerenOS KDE with this Linux Kernel. If I understand correct support for this Kernel ends 2023. I have Clam on my Linux laptop computer. The version of FerenOS I use is 2020.07. I hope some would know about this. Yours Christer
Most of the people that need to worry are IoT devices and very old servers that were never updated. For most Linux Desktop users, this isn't something you need to worry about. However, I still recommend securing your box to the best of your ability.
I have a similar result. Mine is lkp_Ubuntu_5_4_0_42_46_generic_70. I don't know what to do with it. Chris said desktop users don't have to worry about it. Does it mean I don't have to worry about this specific kernel?
What should the output of the modinfo script be? I have 119 item list of "no signature" and the module_name on Mint 19.3 install, is that expected? You didn't talk about what output was to be expected from running that for script. I believe you might want to grep -q for "signat" instead of "signature" since that is the actual field name output for modinfo on Mint, please correct me if I'm wrong. Thanks for all your content.
well, YT decided to unsub me at some point so yeah... anyway another tip for SSH is changing the ssh port you use like instead of 22 use 9342, granted yes you have to change it on all of your stuff but how many ssh attackers are going to bother to go through every single port to see if ssh is on 5142 instead of 22. so I change ssh port, then deny 22, and ban all 22 requests and then limit the port I am actually using for ssh
Just learn iptables with a few simple commands you can do everything fail2ban does without installing anything. UFW is completely unnecessary. Also outbound traffic will use a random unprivileged port to connect to 80 or whatever on the server
Windows viruses are easy to get Linux viruses hard but not impossible. It's arrogant to think no one would care to make viruses for it. Especially if Google Chrome and Steam bother to make ports to Linux! I donwload a bunch of crazy weird stuff, when I was using Windows10 I'd get a virus 1-2 times a week and got really sick of it and after using Ubuntu for 6 months I got 1 and then freaked out and format my hard drive and had frustration getting past the debian install but 8 hours later I figured it out and, feels awesome.
Hi Chris Titus Tech, I want to know whether using echo is supposed to return something or not. I'm trying to determine whether my machine is infected with drovorub (woodcutter) and find a course of action to remove it, or reformat my machine. As I type touch testfile and echo the /dev/zero I don't get anything in the terminal, but as a matter of fact, echo doesn't return anything in the terminal for me no matter what it is. I'll try updating and upgrading all my applications and packages and see if that changes things. Is /dev/zero supposed to be a folder? It appears like a file reference (That everything in linux is a "file" or an "icon") and I'm not sure where to find the testfile referenced in the script on your site. I enabled other security features mentioned in your video and things seem the same, perhaps I am in fact more secure. My "listening ports" show the same connections, I don't have many connections either. I turn off my internet periodically out of paranoia, that if I disconnect my internet I'll also stop any potential bad actor connections to my machine, and just reconnect when I need to do something. After I got back from vacation, my machine had missing vectors, now there is an "unknown chip xid" something something. I tried restoring my machine with Timeshift from before vacation, but the problem persisted, although I have not experienced anything strange other than those CLI messages before Linux Mint (with GUI) boots and puts me at the login screen. I think I may have damaged the machine by turning it off, flipping the power on the power supply on the back of my PC, and unplugging it. Perhaps when plugging the machine back in, and turning on the supply, there was a surge of static, but the operating system boots fine. Timeshift didn't really fix those CLI "soft" errors which have me concerned.
"touch testfile" creates the file in your current directory. The echo command sends a request to part of the malware which resides in /dev/zero and mimics it's behavior until sent a specific string (ASDFZXCV:[command .. in this case, "hide file"]:[your file]). I'm guessing your eye glossed over the first command as mine did.
Please create a video with macOS in KVM/QEMU, the open core project isn't working for me , I even tried the foxlet project in GitHub but I was facing problems with VRAM.
I recently bought a MintBox Mini 2 Pro,that comes with Mint 19.* installed. Surfing news (really) I got a Full Screen Microsoft Screen,which gave me a phone number to call for the KEY to unlock my MS computer. Imagine my surprise. No mouse or keyboard. So I unplugged. After a week,I got a sfck to work,but now my password will not work for installing updates. I do not have to use it for restarts.??. I have visited the Mint Forums, techmint(Great) and u tube, I am getting up courage to follow up to reset the password. The more I read the more confused I get. There seems to be a root password,and a password. ???. I got the Linux command line and shell scripting Bible,also great , but conventional. Where do I go or what do I read to better understand the implications of what people are suggesting,as all are similar but different.Is it jus experience or writing programs?
are there any viruses out there for linux that can actually attack your bios ???? I had to actually pull my bios battery on my desktop to get it to boot up with a video card plugged in. system wouldnt even power on with a beep until i did that.
i am using brave for a month now i really like the brave's ad blocking shield and ram usage is little bit lower then chrome but since a week brave reward ads stooped i tried every setting in windows and in brave but nothing works, any suggestion ?
Hi! I moved from Windows to Linux recently and using through dual boot. I'm currently running Ubuntu DDE distro. When I'm shutting down the computer after using for a small time it is shutting down normally. But after using for a long time ,when I'm trying to reboot or shutdown I'm getting the following message on blank screen, and I had to shut down using the power button. [5170.345535] nouveau 0000:01:00.0: bus: MMIO read of 00000000 FAULT at 6013d4 [IBUS] Is there any solution for this? Is there any possible reason for this problem? If I delete the Ubuntu and reinstall it will it be solved?
just a warning, you need a huge range of open ports for Discord since Discord is dumb like that... i do love it as an application but i already block all non essential ports in UDP and TCP but have to disable the firewall for Discord when using it... i wish i could force Discord to use certain ports... (like a 2000 port range instead of the default 50000 one...)
For this command (for mod in $(lsmod | tail -n +2 | cut -d' ' -f1); do modinfo ${mod} | grep -q "signature" || echo "no signature for module: ${mod}" ; done) I am getting this output: no signature for module: rtl8821ce no signature for module: system76_io no signature for module: system76_acpi
You don't get the point, a Kernel Module can do anything! With other kernel modules too! Can hijack the "System API", and basically make anything from "ls, lsmod , ps ..." to the bare bones system functions that list stuff to you lie , your hole system will lie to you all the time :) [ yorks for any OS] Once they are there you can only have trust in static analysis but since linux is open source we can know which system files are not right even from simple md5sums :D
I think linux might be easier to breach.. systemd, sudo, Webrtc, browsers , xdg-open, gio fuse, grub efi boots, it's all very insecure and your average linux user is not able to secure themselves.
Lots of big head, give a hand will ya, let me know if anything i could to revive(firmwire update ,etc) my flashdrive. They pretty much dead, help really appreciated.
Summary: Don't do something weird with something from a dubious website. Is that it? Would this exploit be feasible for someone who had access to some system? Then it makes sense in the war of the spies. Of course the NSA isn't going to publish their version.
You need to configure fail2ban for it to do anything. sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local sudo nano /etc/fail2ban/jail.local sudo systemctl restart fail2ban
> Let's run this script with sudo This is one of the most common mistakes. DO NOT run unknown scripts, especially as root. At least check the source before running.
chrootkit and rkhunter, debian, freebsd, Mac os big sur, beginner advanced C/C++, better openbsd, aix, debian hurd. Make laboratory in free time with 26 computers. Will write 13 Unix system V and BSD. So talking you, I know. Like learn general medecine. Dragon 64k with Unix and spectrum 128k. 46/M/Barcelona.
Enter the third letter of your password? My password is stored in sequential access muscle memory. I legit cannot even find a letter on the keyboard unless I type a word that includes it. Sounds like a massive pain in the ass.