5

I have a Ubuntu 14.10 machine and I would like to check if my security is OK. I doubt that some one accessed my machine from internet and remotely controlled it. so what are the suitable tools I need to use to see if that really had happen and what are the logs related to this issue I can check for history ?

Fat Mind
  • 2,445
  • 4
  • 25
  • 41
  • 4
    -1 This is far too vague, what makes you think you are "hacked" ? this is unlikely, do you mean you have a virus, here's some reading on basic security, including vulnerability and how to improve your security https://wiki.ubuntu.com/BasicSecurity, but we need more info on your specific issue to help you, do you use a firewall or anti-virus, how/when/where were you "hacked" – Mark Kirby Apr 12 '15 at 05:59
  • WOW , all this down votes and close requests for a question i see normal that's strange anyhow i was just looking for a guidance of a some linux tools or how to check my logs to check if my machine had been accessed from internet or by some people – Fat Mind Apr 12 '15 at 12:08
  • 1
    I don't know why this got flanged, it shouldn't of, but I down voted because of a lack of detail, I told you what areas were lacking, don't take it personally, how can anyone tell if your computer was hacked without access to it or at least a good explanation of how you use it and what you mean by hacked, you say "i was just looking for a guidance of a some linux tools or how to check my logs" Your question in no way says this, please update it so we can help, and I will change my vote. – Mark Kirby Apr 12 '15 at 14:08
  • 1
    If by hacked you mean someone tried to get access to your pc remotely, this may be what you need http://askubuntu.com/questions/178016/how-do-i-keep-track-of-failed-ssh-log-in-attempts – Mark Kirby Apr 12 '15 at 14:19
  • hope the new edit make the question more clear – Fat Mind Apr 15 '15 at 12:14

1 Answers1

8

It is a very vague question because Ubuntu Security is pretty good out of the box, and if I would have hacked your computer, you would not be able to actually check that you were hacked as I would have installed a rootkit, and the only way to get me out of your computer would be by restoring a back-up since before you were hacked…

The best way not to get hacked is to prevent it.

  • Turn off all hardware you don't need in the BIOS (this includes: microphones & speakers as they have been shown in the past to be used as communication channels once the PC was hacked, printer ports, USB ports, WiFi, etc)
  • Don't install Ubuntu in an Internet café, but at a secure Internet behind a NAT router.
  • Install RKHunter just after installing from DVD
  • Black-list all hardware you don't need and that cannot be disabled in the BIOS
  • Secure your system
  • Always install all updates
  • Don't let anyone physically touch your computer
  • Use encrypted communications
  • Install as little software as needed (and uninstall software you don't use any more)
  • Don't install software known to track you (flash, silverlight)
  • Use Firefox with the noscript and modify headers plugins
  • Disable all cookies. Only allow cookies per site and only for the session.
  • Make system back-ups so you can roll back to previous versions
  • Use full disk encryption
  • Only use the Ubuntu official repositories as Linux isn't invulnerable

and then you'll get rid of 99.9999% of hackers.

Fair warning: I didn't do all of the above (just some) but I use the most important security rule of all: Use common sense!

Community
  • 1
Fabby
  • 34,259
  • 1
    Everyday is not sunday, It might not get 23 upvotes like previous similar question – Faizan Akram Dar Apr 15 '15 at 01:54
  • 1
    I think It was simple for some one to tell me to check /var/log/auth.log ... where I found some evidence for trying to access my machine from china – Fat Mind May 06 '15 at 09:14
  • If any decent cracker would have cracked you machine, there would have been no way for you to find them back in any of your logs, as the first thing a cracker does is cover his/her/its tracks. If you're looking for more information on how to interpret log files, here's where you need to look. – Fabby May 06 '15 at 10:51
  • If you like the answer, just click the little grey of the left hand side of the answer now turning it into beautiful green. If you do not like the answer, click on the little grey down-arrow below the 0, and if you really like my answer, click on the little grey checkmark and the little up-arrow... If you have any further questions, go to http://askubuntu.com/questions/ask – A.B. Aug 13 '15 at 14:17
  • 1
    @FatMind traces of a user in /var/log/auth.log are evidence of you NOT being hacked, not of someone hacking you. 1st thing I would do is remove the lines in there showing I was on your system. – Rinzwind Aug 13 '15 at 14:25
  • @Fabby rkhunter ... it has so many false positives it is useless on its own. If you want protection with rkhunter you need to install 2 or more of those rootkit softwares and match the results. – Rinzwind Aug 13 '15 at 14:28
  • @Rinzwind: I know... This was at the time Paranoid Panda was installing it, so I have some knowledge... ;-) – Fabby Aug 13 '15 at 14:32