Page 3 of 7
Posted: Fri 06 Jan 2006, 14:20
by BarryK
Yes, I have stealthed ports on my pc.
For dialup, shieldsup shows them as all stealthed, but when I go to my friend's place and connect to Internet via router modem, the ports show as all closed, except telnet port is open.
...I guess though, my pc is still safe.
Posted: Fri 06 Jan 2006, 22:19
by jmarsden
This post is probably overkill,but:
BarryK wrote:Yes, I have stealthed ports on my pc.
For dialup, shieldsup shows them as all stealthed, but when I go to my friend's place and connect to Internet via router modem, the ports show as all closed, except telnet port is open.
...I guess though, my pc is still safe.
Yes. But your friend's "router modem" is probably
not safe -- it leaves its telnet port open to the public Internet. That is what "shieldsup" found, almost certainly.
I suggest that your friend may want to reconfigure his router not to allow incoming telnet, unless there is truly a very good reason for him providing telnet access to his router (and so probably to his entire network, if someone guesses a router login/password!) to the entire Internet world!
BTW, in my view those Internet-based "security checkers" are generally not all that good at their job, and they allow anyone watching your traffic to/from them to see exactly what holes they find on your machine. In my view, it's better by far to use a local tool running on a second local machine on your (protected) local LAN to check host security and firewalls. That way, noone but you knows what the host's weaknesses are -- so you can fix them before anyone else exploits them! Try
nmap and (if desired)
Nessus to get started. Of course, if you only *have* a single PC available to you, and still need to do network-based security checking of it, something like "shieldsup" could be an appropriate solution.
Of course, before you even bother running "shieldsup" or setting up nmap on a second PC for checking a machine's network security, a quick
on the machine under test will tell you if you actually have anything listening on Internet sockets that might actually be worth firewalling
[[ I'm not running Puppy right now so I'm not sure if its netstat has those options... adjust as necessary, those are the common Linux ones for checking out server and desktop machines. On *BSD boxes, it would be closer to
but then you nede to readthe output more carefully, because it will contain established connections as well as listeners (network daemons/services). ]]
Jonathan
Posted: Sat 07 Jan 2006, 02:32
by GuestToo
i don't think a router or modem should have a telnet port open either
the thing is, a router or modem is usually a little computer, with a cpu and ram and flash memory instead of a hard drive ... or it might have a hard drive ... so it is potentially as vulnerable as a computer is ... if a cracker can hack into your router, he can potentially gain full access to all the machines on your network
though why a router/modem would be running a web server or ftp server i don't know ... that is why i wondered if it was another computer on your network with the open ports
my grc test results
i don't really care about "stealth" ... closed ports are good enough for me ... though i have noticed that when you run completely "stealthed", there does seem to be a little less trafffic trying to worm into your system
Posted: Sat 07 Jan 2006, 02:38
by GuestToo
by the way, the forum seems to imply that i started this thread Why I like running as root (in Puppy)
i did not ... i do not like running as root at all
the reason my name is attached to the thread is because the thread was moved, and it probably used my name because i was the last one that posted to the thread before it was moved
Posted: Wed 11 Jan 2006, 20:13
by jmarsden
GuestToo wrote:though why a router/modem would be running a web server or ftp server i don't know ...
Well, most consumer routers use a web server to provide their easy-to-use administration interface. By default they only serve web pages on their
internal (LAN) interface, but often you can enable the web service (either http or https or both) on the external (WAN) side too if you so choose. It does sound as though this particular router may not be configured optimally, and I'd definitely encourage BarryK to let his friend know of this, and (if necessary) suggest that his friend seeks help in getting it more securely configured.
Jonathan
Posted: Tue 17 Jan 2006, 15:23
by muskrat
Ok I see your logic, and aggree somewhat to what your saying about root not being any worse danger than a normal user. Except for some programs such as Xchat.
In Windows you can issue a command in chat and crash all windows systems on that channel. Now if I'm running root, is it possable to run commands that will effect me as Root reading these bits of script with a chat program?
As you said, your personal data is what's important, because Puppy is protected on CD, but lets say I get compromised, just for aguements sake. Is my pup001 file then contaminated?
Posted: Tue 17 Jan 2006, 17:28
by Flash
muskrat wrote:... lets say I get compromised, just for aguements sake. Is my pup001 file then contaminated?
If you are running Puppy from the live CD, the hard drive is the only thing that
could be contaminated. Probably the contamination would be limited to the pup001 file but as far as I can see there is nothing stopping Puppy from writing to the hard drive outside the pup001 file. In that case it would most likely just screw up your hard drive rather than install a rootkit or something like that, which would require the attacker to have intimate knowlege of your OS and configuration. I think.
It seems to me that the best solution is to back up your pup001 file, or at least the bits that are important to you, in an isolated repository on a regular schedule. And always wear your mittens.
Posted: Wed 18 Jan 2006, 01:14
by muskrat
Ok, here's the humdinger then, my pup002 file is in the home directory/partion of a duel install of slackware and debian, which both use the same partion for home. Puppy doesn't mount the root nor boot partions of ether of these. So I'm assuming that they are safe. Am I right in this asumtion?
Posted: Wed 18 Jan 2006, 02:21
by GuestToo
a rootkit would allow people to connect to your operating system as user "root", which would enable them to do anything that you can do (look at any of your files, delete files, change files, reconfigure anything, install programs, install keyloggers, install password sniffers, download, upload, surf to web sites, etc etc) ... they would probably be doing this from a text console, but it's also possible for them to see what you are seeing on the screen
a rootkit not only sets up your system so they can connect to it, it changes some of the system files so you don't notice anyone is connected ... it might change ls so you don't see the rootkit files, it might change md5sum so you don't know that certain files have been changed, ps and top so you don't see the rootkit programs running, ifconfig and netstat so you don't see that they are connected to you ... etc etc
one advantage to running Puppy, is that any changes to /bin, /sbin, /lib will be gone when you reboot ... and any changes to /usr will be visible if you look in /root/.usr (unless you have an option 2 install, in which case, you don't have most of the advantages of running Puppy anyway)
if you have a rootkit, anyone can use your operating system to mount/unmount any drives they like, snoop in them, install rootkits on those drives if they like
Posted: Wed 18 Jan 2006, 03:48
by Flash
muskrat wrote:Ok, here's the humdinger then, my pup002 file is in the home directory/partion of a duel install of slackware and debian, which both use the same partion for home. Puppy doesn't mount the root nor boot partions of ether of these. So I'm assuming that they are safe. Am I right in this asumtion?
I only run puppy from the live CD. I have a dual-boot computer with Windows 2000(NTFS)/Mandrake Linux(ext3) on the hard drive. The Puppy live CD sees the Mandrake ext3 Home partition and puts the pupxxx file there. As far as I can tell, Puppy has never written anything anywhere else to the hard drive except the pup001 file. The "Only Possible Screwup"
that I can see is if you try to enlarge the pup001 file when there's not enough room in the partition. For all I know, even that possibility is accounted for. I've enlarged my pup001 file to about 2 GB with no problems.
Posted: Wed 18 Jan 2006, 04:51
by muskrat
So I guess in all reality it's not a good idea to run Puppy as root with a drive you value, that has another linux instalation on it. It could be compromised along with puppy. Even though puppy reboots and all is well your native linux might not be.
Is the any way to convert puppy to using a normal user, and su to do root. Just like a native install of linux?
Or an after thought, could I remove the root and boot partions from my Puppy fstab file? Would that help in making them unseen/unaccessable? Kind of out of site out of mind.
I like puppy and would like to experment some more with it. But realy don't like the idea of root kits getting placed in my native installations.
Posted: Wed 18 Jan 2006, 07:33
by GuestToo
It could be compromised along with puppy
well, the potential is there
you can run X as user "spot" ... it isn't hard to do, though there are problems, like permissions, and mounting/unmounting and accessing drives, etc etc
running as spot would not prevent someone logging onto your system as root ... if he could do it when you run as root, he can do it when you run as spot
realy don't like the idea of root kits getting placed in my native installations
it's not impossible, no matter what you do ... there are hardened Linux distros and BSD "distros", if you are paranoid ... maybe someone could make a hardened version of Puppy
i run Puppy most of the time, and i don't feel really unsafe
Posted: Wed 18 Jan 2006, 17:00
by muskrat
I'm not parinod, I just believe internet security is up to each indavidual. It's also a on going campaign.
it's not impossible, no matter what you do ... there are hardened Linux distros and BSD "distros", if you are paranoid ... maybe someone could make a hardened version of Puppy
Maybe somebody ought to build a hardened version of Puppy, espiacally since it runs as root all the time. Since I'm running just a desktop with no local network, I don't believe I'm much of an atracktion for hackers. But like you said no computor is hack proof, some are just harder than others.
I've also found the harder your system is the more diffacult it is to use. Puppy is easy to use because it doesn't restrick the user he can mount, unmount, change system config files and any other items normally only root is allowed to do.
To be totally honest, since I've gone to linux 100% for my personal use I've relaxed somewhat about security. My wife still uses windoze, and it's aa never ending battle keeping out intruders. Even with firewalls and a wadfull of anti-software, they still get in and trash the system every couple of months or so.
Posted: Wed 18 Jan 2006, 17:47
by Lobster
muskrat wrote:
To be totally honest, since I've gone to linux 100% for my personal use I've relaxed somewhat about security. My wife still uses windoze, and it's aa never ending battle keeping out intruders. Even with firewalls and a wadfull of anti-software, they still get in and trash the system every couple of months or so.
Very interesting what you say Steve,
I too have relaxed. I had to be so vigilant (I did not use a virus protection package in Windoesn't - just care). Virus protection in my view is more of a menace than most viruses I have encountered. However key loggers and trojans and phishers and all sorts are rife on Windows - it is the main reason I changed - I was losing the battle.
Running from CD is so hot! (or is that cool) - Programs are safe. What about the data?
I get my data onto the web as soon as possible - let some server with BSD and all sorts, protect my data. All my secret data (mostly secret fish sauce recipes) is probably of little interest - though Tux has expressed an interest . . . he likes fish too . . .
Posted: Wed 18 Jan 2006, 22:04
by ezeze5000
jmarsden wrote:This post is probably overkill,but:
BarryK wrote:Yes, I have stealthed ports on my pc.
For dialup, shieldsup shows them as all stealthed, but when I go to my friend's place and connect to Internet via router modem, the ports show as all closed, except telnet port is open.
...I guess though, my pc is still safe.
Yes. But your friend's "router modem" is probably
not safe -- it leaves its telnet port open to the public Internet. That is what "shieldsup" found, almost certainly.
I suggest that your friend may want to reconfigure his router not to allow incoming telnet, unless there is truly a very good reason for him providing telnet access to his router (and so probably to his entire network, if someone guesses a router login/password!) to the entire Internet world!
BTW, in my view those Internet-based "security checkers" are generally not all that good at their job, and they allow anyone watching your traffic to/from them to see exactly what holes they find on your machine. In my view, it's better by far to use a local tool running on a second local machine on your (protected) local LAN to check host security and firewalls. That way, noone but you knows what the host's weaknesses are -- so you can fix them before anyone else exploits them! Try
nmap and (if desired)
Nessus to get started. Of course, if you only *have* a single PC available to you, and still need to do network-based security checking of it, something like "shieldsup" could be an appropriate solution.
Of course, before you even bother running "shieldsup" or setting up nmap on a second PC for checking a machine's network security, a quick
on the machine under test will tell you if you actually have anything listening on Internet sockets that might actually be worth firewalling
[[ I'm not running Puppy right now so I'm not sure if its netstat has those options... adjust as necessary, those are the common Linux ones for checking out server and desktop machines. On *BSD boxes, it would be closer to
but then you nede to readthe output more carefully, because it will contain established connections as well as listeners (network daemons/services). ]]
Jonathan
I tried this code on my puppy:
Code: Select all
# netsat -na -f inet
But it worked better this way:
[code] #netsat -na -F inet
I got a good readout with this.
am I correct?
in principle better
Posted: Wed 18 Jan 2006, 23:24
by Lobster
or better still
('t' missing) but in principle better
Posted: Thu 19 Jan 2006, 05:25
by Guest
According to
this, (second entry;
WMF vulnerability) running as a user with limited NTFS rights doesn't prevent execution of malware. I don't really understand the explanation though.
Posted: Mon 27 Feb 2006, 18:43
by wayover13
This discussion seems to sort of miss an essential point (the poster observes, not having read the whole thread). Sure, someone should be able to operate as root on their own computer. Just as someone can drive their own car however they want, shoot their own gun, etc. Of course it should be borne in mind that people are expected to demonstrate a certain degree of mastery in those things before they can legally do them, and so a person running as root should have a certain degree of mastery (read: solid knowledge of how their computer works and, especially if they are on a network, what the vulnerabilites and dangers are). But again, this is a bit beside the point. The problem with Puppy is not that it runs as root by default: it obviously does that just fine. The problem is there is no way for users who do not want to run as root to do so: just as someone should be able to run as root if they choose (and hopefully they will have the necessary understanding to do so safely), so the user should have the choice of not running as root. The problem here is that Puppy provides no easy and effective way of doing so. That is a shortcoming of the distro, no matter how you cut it: it should be there for those who want it. The question of whether you should be "allowed" as a matter of principle to run as root is rather irrelevant to answering to the fact that Puppy has no easy and effective way to set up non-root users. Is any work being done on this?
James
Posted: Mon 27 Feb 2006, 20:36
by flavour
the user should have the choice of not running as root. The problem here is that Puppy provides no easy and effective way of doing so. That is a shortcoming of the distro, no matter how you cut it: it should be there for those who want it. The question of whether you should be "allowed" as a matter of principle to run as root is rather irrelevant to answering to the fact that Puppy has no easy and effective way to set up non-root users.
This sums it up perfectly for me
Whilst many (or even most) users are happy with the current approach, there are many others who would really like to widen the Puppy audience, but need RunAsNonRoot to be in-place first.
Is any work being done on this?
I am little by little & some of this is being passed upstream into the main distro (e.g. it now includes sudo by default)
This, I believe, is how to start tackling it - fix the little errors in the system scripts which hardcode /root instead of $HOME
Include this in the guidelines on 3rd party packages.
Then get an option in the Universal Installer to RunAsNonRoot.
- liveCD can be left as-is (to now annoy those that like the current system), but an *option* in the installed versions (where it matters more)
Would be *great* to see this in the first release of Puppy2
F
Posted: Mon 27 Feb 2006, 20:41
by flavour
My work-in-progress HowTo is here:
http://wiki.inveneo.org/index.php/RunAsNonRoot
I got quite far in 1.07 but got stumped by SegFaults which I didn't manage to track down (happened just after running xorgwizard - whether selecting xvesa or xorg).
I will try again with 1.08 & be more persistent with tracking down the source of any SegFaults by putting debug statements into various possible files:
.xinitrc
xwin
xrdb -merge -nocpp ~/.Xresources
/usr/bin/autocutsel
F
