Off-topic, slightly - Hand of Thief Linux Virus
Alchemist
raimiiic at gmail.com
Sat Aug 10 15:55:19 UTC 2013
..2013/8/10 <linuxnutster at videotron.ca>
> I was just reading about this new malware threat. I'm not clear on how
> exactly this thing can get installed on a Linux system. Would it require
> 100% social engineering? I installed Fedora on my elderly mother's last two
> laptops so she can do her banking without being paranoid about keyloggers,
> trojans, etc... She is a news hound, so it's only a matter of time before
> she comes flying at me demanding reassurances.
> --
>
Mini gude how Fedora can protect You:
1. Use only official repos/strict package signing, no untrusted package
sources.
2. Update browser scope threats, Iced-Tea, Flash-plugin. (whole system,
whuh!)
3. Better create two browser profiles, one for everyday usage with Iced-Tea
disabled, other one ONLY for internet-banking with Iced-Tea enabled, and
tell your mother about the value of such security solution.
4. Disable autorun
http://blogs.iss.net/archive/papers/ShmooCon2011-USB_Autorun_attacks_against_Linux.pdf
5. Use SELinux shield:
# setsebool -P allow_execstack=0
# setsebool -P allow_execheap=0
# setsebool -P allow_execmod=0 (may break some buggy apps)
6. Set umask 077 in ~/.bashrc (and if needed ~/.gnomerc) to locally or
globally(/etc/profile,/etc/bashrc) prevent new planted executables of being
execuded. Of course if only system is not for multiuser, and there is no
need for binary execution ~/
7. HoT runs without root, so primary impact will be taking over control of
user evironment. Protect important config files from modification, by
setting chattr +i.(remove when needed)
.bashrc
.bash_profile
.bash_logout
.pam_environment
.xinitrc
.gnomerc
.config/autostart/*
and so on
8. Configure firewall, but this is different story, as I know from
experience, this is difficult to fit any user browsing desires. But it's worth
a try :)
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.**org/mailman/listinfo/users<https://admin.fedoraproject.org/mailman/listinfo/users>
> Fedora Code of Conduct: http://fedoraproject.org/code-**of-conduct<http://fedoraproject.org/code-of-conduct>
> Guidelines: http://fedoraproject.org/wiki/**Mailing_list_guidelines<http://fedoraproject.org/wiki/Mailing_list_guidelines>
> Have a question? Ask away: http://ask.fedoraproject.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130810/76ddfdc8/attachment.html>
More information about the users
mailing list