Securing my/our computer systems

GlennW · 2024-02-09 01:48:02

Securing my computer system.

Hi, at the risk of being attacked, I'd like to talk about securing our systems from outside attacks.

My biggest concern now-a-days is securing my system from being hacked, facebook I think...(and maybe forums like this one, LQ the only other forum I use)...

To help others and maybe get some advice as well, but it seems that when I ask, something is knocking on the doors... testing me.

Like all my fans shut off yesterday just after I refused a so called friend of a friend a senseless conversation, that I think was meant to enable them/it to distract me while they mined my account and system.

My cpu overheated and auto shutdown was initiated, thankfully that was immediate, but when I rebooted the bios reported overheating... and all the fan-settings were OFF!.

I'm not sure how to ask or how to compose the statement/question appropriately.

At the risk of being subverted, I'll show a bit of personal vulnerability anyhow.

some history... I began using a pc with a 486dx, running win95 bought second had from a (my now exwife's) friend.

Win95 was too much for this little pc, and we had to revert back to win3.11 and dos to get it working reliably due to memory and graphics workload.
This is where I began hacking (white/grey hat) electronics to make it work, the motive was a stable system my wife could use for her University studies.
This is where my nick name "GlennsPref" came to be. It was a way for my wife to have the desktop look she liked and for myself to have mine (which she found completely un-usable).

That was in 1996/7. In 2002/3 I did a A+ course with a very well known provider, and began learning the insides of configuring a pc for everyday use.

I read lots of PC magazines back then, Boot mag from the US and Atomic PC, later known as Maximum computing from Australian Journalists, among other magazines. My first experiences were with Knoppix, and Redhat (i still have that cd-rom).
The young guys in the workshop (An unnamed international security electronics maint and repair company, they may not be pleased I used their name, so I left it out.) would let me know what was current at that time... like my children these days with securing my phone, they seem to know everything about apps and are really helpful.

I don't share files, like they did with pirating software in the old days (share-warez), but still hold on to the tenets of making my system as invisible as possible just for privacy reasons.

From Atomic PC I followed a tute "Uber-Linux box guide: The full monty" that introduced me to Mandrake, But Mandriva had just begun as a replacement distro,. and I stuck with it for a long time. Mageia was next but began to go the bling look like ubuntu was doing, PClinux was next, but my system was shutting down un-expectedly and I was suss about that and began a search for something else that was more transparent (no systemd, journalling in jibberish and machine language) to debug when a console was all I had access to view.

Back to the current times... I discovered a Devuan release that had some choice! ;-) I was so happy even though I had to learn new distro specific tools.

So, now I don't use M$win for anything. My phone is apple... but I use it mostly as a "personal organiser" and use the web apps rarely, although I do use it to tether my laptop when required as a modem. With the help and support from this very forum, I humbly thank you! I stand on the shoulders of giants!

Let me state, I am not an expert! I do not use this for for personal profit.

I try to reduce my bandwidth, historically broadband providers were really expensive as you could easily use more data than paid for and quite often my monthly bill was over $300, very often!

With my current system I "think" i have secured it to the best of my knowledge and research with...
nftables, kernel restrictions, a vpn, ptunnel and I used to use squid as a web proxy (not anymore).

I don't serve any web-pages/sites from here or anywhere else, although I have tinkered... and had to develop a website for University studies (i did not complete due to mental health problems at that time)

I employ some tricky stuff, like privoxy and tor... but haven't really finished researching the best use of those.

I use nmap to check backdoor open ports, but I'm still figuring out just what I need to look for and lynis hardening check.
Like this youtube tute... "Nmap Tutorial to find Network Vulnerabilities"

I'd really like to stop people/systems messing with my hardware, at the bios level.

Apart from bios level password protection, and grub sec, which is a pain in the ass putting in a password at that level each time I reboot (up to 10 times a day sometimes). My bios settings are backed up to a profile, and that makes it easy to reset when I need to.

Anyone want to talk about this?

I'll share what techniques I can where and when I can.

Thank you for reading.

Sincerely, Regards Glenn

aluma · 2024-02-09 08:46:21

I also started with 486, dos and Win 3.1.

On the Internet exclusively under Linux since the days of dial-up. Because even without the Internet, two schoolchildren’s sons managed to bring viruses into Win through their friends’ floppy disks.

And for more than 20 years, I have not come across a single mention that any Linux user’s computer was hacked from the network.
Maybe someone knows such cases?

But you can hack anything, including any smartphone.
It’s really expensive and in the case of an ordinary user I’m afraid the cost of hacking won’t pay off.
https://blog.talosintelligence.com/inte … e-spyware/

P.S. I really don’t want to bring up this topic, but there’s no getting around it.
Let me remind you, there is a war going on right now. And if Shahed haven’t fallen on your head yet, a war in cyberspace will definitely hit you. The search for useful idiots never ends.

Last edited by aluma (2024-02-09 09:17:17)

Camtaf · 2024-02-09 10:06:13

Best security option that I can offer is a separate computer, running from live media, no internal drive.

Work on your 'good' computer offline only.

Not very practical these days I'll admit, but anything connected to the internet could be at risk.

Personally, I have had no problems; I have back ups of my personal data, should anything happen, I'll just wipe my disk & reinstall.

stultumanto · 2024-02-09 10:52:42

It's impossible to damage a modern CPU by disabling the fan. They have built-in thermal protection that will immediately throttle or completely shut down the device if a safe operating temperature is exceeded. It's one of the upsides of the spooky "management engine" they put in processors now. I've seen videos where people forget to apply thermal compound, a mistake that would have instantly killed older CPUs, but the only sign was that the system booted and ran extremely slowly. There is no known exploit that can disable this feature; it's beyond the control of the OS or BIOS, for good or ill.

I've never heard of a Linux remote exploit that could corrupt the NVRAM, but I suppose it's possible. However, anyone with sufficient knowledge to deploy such a sophisticated attack would almost certainly be aware that simply disabling the CPU fan would not cause any permanent damage. I would expect them to go after a softer target, like the hard disk.

I have had systems where the NVRAM because inexplicably corrupted, sometimes repeatedly and seemingly at random. In at least one instance, I'm positive it wasn't due to a remote exploit, as the machine had never been connected to the network. A power surge, static discharge, or bad motherboard component could be to blame. Intermittent BIOS faults are the worst, and almost impossible to diagnose. Often it's easier to just replace the motherboard. And I say that as someone who hates giving up!

GlennW · 2024-02-09 12:08:47

Hi, Thank you for your replies.

aluma: I too have experienced windows based trojans and virii, and helped my friends and family clean up their hardrives to get their systems back up cleanly.
They were busy and quite exciting days, not so much these days.

Camtaf: When I began using Linux, I had 2 boxes, and eventually had vbox with winxp for windows games as well.

When my working life stopped due to my back injury, and the ensuing depression and then anxiety, I slowly stripped the second box for parts for my main machine (GamesBox).

One thing I know, nobody but me uses this keyboard or can login if they did, I don't know any other Linux users except online.

stultumanto: I haven't looked into NVRAM as yet, I've seen talk about clearing nvram, but I have more to do in that area.

I have 4 different distros on this computer, each have their own ssd. I often use one of them to transfer files when I stuff something up.

All my personal files are on a separate 4Tb sata hdd, and when required I do a clean install, like you have described.

I have a feeling the hack was delivered through a firefox session with facebook. I am looking into selinux sandboxing for firefox... but I'm just starting to look there, my todo list.

tbh, the shutdown may have been caused by my new nvme ssd, it may need some heatsink compound, and/or better securing with a screw.

It does not explain the case and cpu fans being changed to off in the bios screens, the date was differnt too, had advanced 6 or 7 hours.

Thanks again, this is a work in progress. And now I have started, I'll report back with any findings.

p.s. I have also tried to find in the system logs any errors or warnings that may have been written just before shutdown, but found none.(maybe because of the time change, I was looking for the wrong thing) I'm generally not a suspicious person...

Cheers, Regards Glenn

alexkemp · 2024-02-09 13:20:44

aluma wrote:

I have not come across a single mention that any Linux user’s computer was hacked from the network

This memory is from years ago... server hack via the internet. Discovery tool dropped to report back distro details. Then binary compiled by attack server to match profile discovered by discovery tool. Finally, attack binary dropped to carry out hack.

...and sorry, cannot recall any further details to allow you to read further. I think it may have been to expand net of compromised servers.

aluma · 2024-02-09 13:45:12

@alexkemp
Thank you.

Yes, there were such messages. Once upon a time I came across notes from a hacker who hacked the site because there were “./” characters in the page code.

I am an ordinary user, it is difficult for me to judge who can and will hack a home computer with a dynamic IP.

Regards.

chris2be8 · 2024-02-09 17:15:08

One security resource I follow is https://www.schneier.com (Bruce Schneier's web site). It's one of the more trustworthy sites.

Another is https://www.hackinglinuxexposed.com/ (I learnt a lot about Linux security from the book).

stargate-sg1-cheyenne-mtn · 2024-02-09 20:44:47

another resource are the FeistyDuck Newsletters

ttps://www.feistyduck.com/

GlennW · 2024-02-10 23:55:48

Hi, all this is very interesting... thank you for the tips.

I thought I knew what I was doing, but all of these replies suggest I haven't even started.

I, like most am just a general user who tries to keep the screen door shut, But I also like to have the lights off so I can't be seen too easily from outside to begin with.

I'm going to be busy... If I want to do this properly and not just blindly hacking away at configs in hope it might help or work better than a clean install.

I was trying to follow this guide, but my system either won't boot or blocks social websites... I can listen to web-radio stations but not get facebook to load. Firefox-latest...

I put this here as a warning, because it seems incomplete or not for a system connected to the www. (no offence intended, )
ref. https://madaidans-insecurities.github.i … el-modules

It seems some of the kernel commands I used from there to my grub config were stopping that social webpage connections.

this is the grub edits I had made, but restored my backup today...
/etc/default/grub

# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
# GlennsPref 20230920 ipv6
# GlennsPref 20240209 hardening-tips

GRUB_DEFAULT=0
GRUB_TIMEOUT=4
GRUB_DISTRIBUTOR=`lsb_release -i -s`
GRUB_CMDLINE_LINUX_DEFAULT="console=tty12 vga=794 modeset.nouveau=0 nokmsboot ipv6.disable=1 security=none apparmor=0 amd_iommu=on slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on oops=panic mce=0 page_poison=1"

# discover other os's
GRUB_DISABLE_OS_PROBER=false

GRUB_GFXMODE=1920x1080

GRUB_INIT_TUNE="400 440 1"
# resume=uuid errors... noresume "we don't susspend"
GRUB_CMDLINE_LINUX="noresume idle=nomwait"

GRUB_THEME=/usr/share/desktop-base/grub-themes/desktop-grub-theme/theme.txt

This morning I reverted to this... to get the system up.

GRUB_CMDLINE_LINUX_DEFAULT="console=tty12 vga=794 modeset.nouveau=0 nokmsboot ipv6.disable=1 security=none apparmor=0 amd_iommu=on slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on oops=panic mce=0 page_poison=1"

btw, that enabled me to boot, but not connect to social pages. I had a longer version the day before, but I haven't got a copy of it to show you.

this is what I have now... wip,

GRUB_CMDLINE_LINUX_DEFAULT="console=tty12 vga=794 modeset.nouveau=0 nokmsboot ipv6.disable=1 security=none apparmor=0 amd_iommu=on"

amd_iommu is the only edit I have kept for today.

I also made a list of changes to /etc/sysctl.conf, but just "net.ipv4.icmp_echo_ignore_broadcasts=1 # Ignore broadcast pings"

and to /etc/modules, a large list of /bin/false for unnecessary modules.

But, neither of the last 2 file edits stopped my boot or connection to the home wifi and social pages.

Anyhow, that's my observation so far.

I'll move on to the pages suggested here and take notes for my future research and actions.

Thank you again, bye for now.

Last edited by GlennW (2024-02-10 23:56:36)

zapper · 2024-02-11 00:04:09

I will add myself to the list of "I started with DOS"

Although for me, I was a 5 year old kid playing games on it

I love how unreal the graphics looked then.

Compare that to now where everything looks like it is straight from reality...

That's not why I ever played them games. It was to escape reality. But that's neither here nor there.

I currently use devuan on one of my devices due to my other OS Hyperbola, not supporting ARM64.

(Rockpro64)

aluma · 2024-02-11 12:40:19

2-3 months ago I had a situation with my laptop heating up.

It was configured in such a way that when the lid was closed it should turn off.
This worked every other time, sometimes with the lid closed, it stopped on the terminal screen and continued the shutdown process when the lid was opened.

One day, after viewing public FB pages in a Chrome-like browser (Iridium or Brave, I don’t remember), I closed the lid and put the laptop away. After about 15 minutes I noticed that the LEDs were glowing, the fan was running full blast, the screen was black, and the case was heating up.

The thermal interface of the processor was previously tested with a Lenovo test disk; the processor temperature under 10 minutes of stress remained at 72 degrees.

I took out the battery, waited until it cooled down, and deleted everything from this browser.
No consequences, everything works.
I don’t know, in my opinion the reason is more likely in the browser, a Java script or something similar.

GlennW · 2024-02-11 23:40:46

Hi, thanks for the info, Zapper and aluma.

I also play games as a type of escape... I call it, "Possitive Distraction(s)".

Like those old games, I have OpenTTD, My last map was huge, I had 2300 trains.
But I changed the config so I am the only human (supposed to be on-line multiplayer competition) and some bots when I have setup my virtual trainset. lol

It's a lot of fun, and challenging logistics, and better than a win98(plus?) screen saver.

I spent all day yesterday & this morning trying to install and configure selinux to get a sandbox play-area for firefox,
but even after I get selinux to load it won't boot through to a login-gui (sddm in my case).

Still a work in progress... I guess if it was easy everybody would be doing it.

I also have to watch out not to share too much info, because of those data mining... for details I may inadvertently reveal.

My pc shutdown again last night just after a movie finished... I had no browsers open then, but had just cleared the cache.

I use about 5 different browsers... for different things. I guess that just makes it more complicated.

I haven't had any consequences either. I have to consider the global authorities... I use rumble for news programs, not the TV.

I may be considered a deviate dissident... linux user. I don't think I am, just wanting some truth and freedom.

Anyhow, it's still a work in progress (I'm not giving up yet).

pcalvert · 2024-02-12 01:18:20

This post may be helpful:

Linux Hardening Guide

The information on this website may also be helpful:

PRISM Break

Last edited by pcalvert (2024-02-14 13:01:12)

zapper · 2024-02-12 02:10:45

If you want to use win3.0 or as new as winME or anything in between, dosbox-x is perfect for that.

I have used it before, you install win95 for example into dosbox-x hdd.img.

I followed the dosbox-x guide.

As an obvious statement though, I keep that image from having network connections.

Because it would be downright insane not to...

You can also build dosbox-x to not be connected to the internet. And, the image itself, can be installed without the network features.

Done that with win95.

Only really do that to play arcane games that have no new variants or have bad ones. Westwood monopoly is a good example as is the cheesy yet silly SORRY! game. both are good, but the latter is more fun than the board game itself due to extra cards being added.

If you use dosbox-x and want to keep your system secure, though.

A: only mount ISOs you know are not malware because I don't know if its possible for them to escape into linuxland
B: as previously stated keep disconnected from the internet
C: preferably Both and more

On a final note, be careful with putting files in via nbd if you try to. Been there myself.

Anyways though, getting off topic yet again.

Privoxy is a good use, but tblock is also a good use.

tblock changes your /etc/hosts

and adds stuff that will be blocked, such as ads, trackers, etc...

If you curious whether I use tblock or privoxy, the answer is simple.

I use both.

aluma · 2024-02-12 08:45:10

A slightly more radical method if you have a desktop.

Usually there are free sata ports on its motherboard.
Used hard drives don't cost much and are often just lying around on a shelf. We install this disk, further as desired.

I did just that, the computer is old, the virtual machines on it are slow.

GlennW · 2024-02-13 00:05:42

pcalvert: I tried madaiden's tips, but he stops explaining and just lists lots of stuff...

I looked at so many web-pages now with little progress, I ordered a decent book (recent and GNU/Linux orientated), should be here soon. ;-)

I am considering switching facebook to a different browser, instead of the most convenient ff-latest,

Like flashpeak-slimjet, it's a pain to setup because I don't use sudo, but it has it's own sandbox...

I used to use it a while ago for surfing entertainment sites when I was really bored and depressed.

Thanks for the tips, Zapper. I have privoxy... and http://winhelp2002.mvps.org/ (now updated 2012 https://www.putorius.net/block-unwanted … s-on.html) for blocking addverts to reduce bandwidth.

ptunnel gets the udp packets sent through tcp, so are picked up by the vpn leaving little trace afaik.

I ran halflife and counterstrike off a winxp install in vbox for ages... testing hardware, but also for fun.

Thanks aluma, I also have done just that... especially when I had win10 running, I used to disconnect hdds not required for the session.

Thanks everyone. I have a lot less trouble when I don't have FB sitting there open and logged in.

But my family and friends like to use it to talk, and show off.

For the love of life!

Talk soon...

Last edited by GlennW (2024-02-13 00:07:28)

golinux · 2024-02-13 00:31:23

I don't understand why anyone with connected brain-cells would touch facebook. IOW the problem isn't Facebook because it is a CHOICE to use or not to use it.

But then . . . humans are egregiously lacking in self control and all too often end up screwing themselves by indulging in things they think they have to have . . .

The solution is to just say NO!

Thoughts from an old and cranky observer of human behavior . . .

GlennW · 2024-02-13 02:50:14

Thank you golinux, you are not wrong!

aluma · 2024-02-13 06:15:04

“God gave prime numbers, the rest was invented by people” (C) There was a mathematician who called for using only arithmetic.

No matter how much we grumble, FB is the largest social network and sometimes the only place where you can find and communicate with a specific person, find out the very latest news, a momentary message from the mayor of your city, and so on and so forth...

It happened.

Camtaf · 2024-02-13 10:03:52

Web site forums have died a death in the main, so FB Groups is the only place to converse with other like minded people - in private groups, I hasten to add.

bai4Iej2need · 2024-02-13 11:18:08

so FB Groups is the only place to converse with other like minded people - in private groups, I hasten to add. wink

There are still people around who refuse to contribute to FB/instapound/wazzapp, and promote their refusal to those who invite to these groups

Last edited by bai4Iej2need (2024-02-13 11:18:25)

bilhook · 2024-02-13 14:46:05

Resetting the BIOS is essential sometimes, get into BIOS & F9 F10 is sufficient most of the time.

Recently I was at home and there was a bad storm and thunder & lightning & flash bang power cut.
That computer I could remove the CMOS battery for a while.

Also I have a small sized PC which has some kind of CMOS power supply inside but I suspect it is not removable, I have been reluctant to open it because I need to remove some stuck on rubber feet, but I think I will do.

Modern laptops usually don't have a separate CMOS battery but power from the main lithium battery and if you run that flat will reset BIOS but if you leave that lithium battery flat you will destroy it.
It is not difficult to carefully open a laptop and disconnect the battery.

Firstly, vulnerabilities is perpetual routine engineering.
I think browsers are quite questionable, personally I keyboard shortcut a password from a text editor.
For donkeys years I have a happy hobby of looking at Debian homepage Security Updates.
openssl is quite routine, even if you do not have openssl installed, you will definately have libssl3, and what else SSL and TLS?
What about frequently, libc6, libc-bin, libc-l10n, locales, tzdata etc?
I suppose that bandits can automatically (AI,) grab data on a colossal scale when openssl is perhaps significantly leaky.
I guess I could setup an e-mail alert for security updates and pipe a text message to my mobile phone.

pcalvert · 2024-02-13 23:17:16

Glenn,

I recommend downloading the most recent BIOS update for your computer and saving it in a safe place (preferably multiple places). Does your computer use UEFI or the old-style BIOS?

Then become very familiar with how to use flashrom.

Website: https://www.flashrom.org/
Package: flashrom

Very important: Always make a backup copy of your current BIOS before using flashrom to flash it with a new (or clean) version. Do it even if you suspect that your BIOS has been corrupted or maliciously modified.

The first time I used flashrom to update my computer's BIOS to the last available version, I lost internet after rebooting. After a considerable amount of research, I learned that the chip that holds the BIOS, also holds something called the SMBIOS. On my computer's motherboard, the SMBIOS contains the MAC address for the network card, the motherboard serial number, and some other information. Flashrom had overwritten the SMBIOS with zeroes, so that info was gone. That's why networking was no longer working. Fortunately, I had the sense to make a backup of the BIOS before I flashed it, so I just restored that and I was back in business.

For years I felt frustrated that there seemed to be no easy way to restore my computer's BIOS to a pristine state. Recently, I resumed my research on this problem and discovered that there are DOS utilities that allow one to edit the SMBIOS. I downloaded one of them but haven't tested it yet. If it works, I'll be able to insert the missing SMBIOS data after using flashrom to flash the chip holding the BIOS with the last available update.

GlennW · 2024-02-13 23:46:49

Hi, my bios ver is up-to-date as of checking just this week.

for my mobo... 2 gen old, last 2023/10/31 I have it and have also configured some profiles as well.

I use legacy boot, and have bios-grub as first partition at 2Mb on each ssd.

Thanks for the tips on SMBIOS.

My wifi is a pcie card, so no danger of borking the MAC address (I switch off all onboard chips not in use or required, sound and ethernet, irq reservation for LP)

It is time I opened the box and cleaned all the fans, reseated the heatsink and checked the fan cabling, a bit late for spring, but a dusty environment shortens the yearly maintenance.

Back with the overclocking AV7 mobos (last century) with a soldering iron and box-cutter, I have had to remove the cmos chip, take it into work (like on a sunday...) and reflash it from a floppy disk because I had ruined the bits... lol Dual bios too... (not required lately)

I had 4 of those asus mobo of slightly differing configs.

Thank you for the tips. I will reflash, reset to defaults, attach a ssd, and then turn off what I don't want (mostly just wasted resources), rebooting at each change increment) I leave the dvd burner disconnected as well, unless I really need it (i think it attracts trouble, like flys to putrid rubbish, polite way to say...).

This is my entertainment system these days, no tv, stereo system or vcr/dvd, my PC is all of that.

I'll post back with any progress, thank you.

The officially official Devuan Forum!

#1 2024-02-09 01:48:02

Securing my/our computer systems

#2 2024-02-09 08:46:21

Re: Securing my/our computer systems

#3 2024-02-09 10:06:13

Re: Securing my/our computer systems

#4 2024-02-09 10:52:42

Re: Securing my/our computer systems

#5 2024-02-09 12:08:47

Re: Securing my/our computer systems

#6 2024-02-09 13:20:44

Re: Securing my/our computer systems

#7 2024-02-09 13:45:12

Re: Securing my/our computer systems

#8 2024-02-09 17:15:08

Re: Securing my/our computer systems

#9 2024-02-09 20:44:47

Re: Securing my/our computer systems

#10 2024-02-10 23:55:48

Re: Securing my/our computer systems

#11 2024-02-11 00:04:09

Re: Securing my/our computer systems

#12 2024-02-11 12:40:19

Re: Securing my/our computer systems

#13 2024-02-11 23:40:46

Re: Securing my/our computer systems

#14 2024-02-12 01:18:20

Re: Securing my/our computer systems

#15 2024-02-12 02:10:45

Re: Securing my/our computer systems

#16 2024-02-12 08:45:10

Re: Securing my/our computer systems

#17 2024-02-13 00:05:42

Re: Securing my/our computer systems

#18 2024-02-13 00:31:23

Re: Securing my/our computer systems

#19 2024-02-13 02:50:14

Re: Securing my/our computer systems

#20 2024-02-13 06:15:04

Re: Securing my/our computer systems

#21 2024-02-13 10:03:52

Re: Securing my/our computer systems

#22 2024-02-13 11:18:08

Re: Securing my/our computer systems

#23 2024-02-13 14:46:05

Re: Securing my/our computer systems

#24 2024-02-13 23:17:16

Re: Securing my/our computer systems

#25 2024-02-13 23:46:49

Re: Securing my/our computer systems

Board footer