need to check if my ubuntu 14.10 has been hacked
It is a very vague question because Ubuntu Security is pretty good out of the box, and if I would have hacked your computer, you would not be able to actually check that you were hacked as I would have installed a rootkit, and the only way to get me out of your computer would be by restoring a back-up since before you were hacked…
The best way not to get hacked is to prevent it.
- Turn off all hardware you don't need in the BIOS (this includes: microphones & speakers as they have been shown in the past to be used as communication channels once the PC was hacked, printer ports, USB ports, WiFi, etc)
- Don't install Ubuntu in an Internet café, but at a secure Internet behind a NAT router.
- Install RKHunter just after installing from DVD
- Black-list all hardware you don't need and that cannot be disabled in the BIOS
- Secure your system
- Always install all updates
- Don't let anyone physically touch your computer
- Use encrypted communications
- Install as little software as needed (and uninstall software you don't use any more)
- Don't install software known to track you (flash, silverlight)
- Use Firefox with the noscript and modify headers plugins
- Disable all cookies. Only allow cookies per site and only for the session.
- Make system back-ups so you can roll back to previous versions
- Use full disk encryption
- Only use the Ubuntu official repositories as Linux isn't invulnerable
- …
and then you'll get rid of 99.9999% of hackers.
Fair warning: I didn't do all of the above (just some) but I use the most important security rule of all: Use common sense!
Related videos on Youtube
Fat Mind
Updated on September 18, 2022Comments
-
Fat Mind over 1 year
I have a Ubuntu 14.10 machine and I would like to check if my security is OK. I doubt that some one accessed my machine from internet and remotely controlled it. so what are the suitable tools I need to use to see if that really had happen and what are the logs related to this issue I can check for history ?
-
Mark Kirby about 9 years-1 This is far too vague, what makes you think you are "hacked" ? this is unlikely, do you mean you have a virus, here's some reading on basic security, including vulnerability and how to improve your security wiki.ubuntu.com/BasicSecurity, but we need more info on your specific issue to help you, do you use a firewall or anti-virus, how/when/where were you "hacked"
-
Fat Mind about 9 yearsWOW , all this down votes and close requests for a question i see normal that's strange anyhow i was just looking for a guidance of a some linux tools or how to check my logs to check if my machine had been accessed from internet or by some people
-
Mark Kirby about 9 yearsI don't know why this got flanged, it shouldn't of, but I down voted because of a lack of detail, I told you what areas were lacking, don't take it personally, how can anyone tell if your computer was hacked without access to it or at least a good explanation of how you use it and what you mean by hacked, you say "i was just looking for a guidance of a some linux tools or how to check my logs" Your question in no way says this, please update it so we can help, and I will change my vote.
-
Mark Kirby about 9 yearsIf by hacked you mean someone tried to get access to your pc remotely, this may be what you need askubuntu.com/questions/178016/…
-
Fat Mind about 9 yearshope the new edit make the question more clear
-
-
Faizan Akram Dar about 9 yearsEveryday is not sunday, It might not get 23 upvotes like previous similar question
-
Fat Mind about 9 yearsI think It was simple for some one to tell me to check /var/log/auth.log ... where I found some evidence for trying to access my machine from china
-
Fabby about 9 yearsIf any decent cracker would have cracked you machine, there would have been no way for you to find them back in any of your logs, as the first thing a cracker does is cover his/her/its tracks. If you're looking for more information on how to interpret log files, here's where you need to look.
-
A.B. almost 9 yearsIf you like the answer, just click the little grey ☑ of the left hand side of the answer now turning it into beautiful green. If you do not like the answer, click on the little grey down-arrow below the 0, and if you really like my answer, click on the little grey checkmark and the little up-arrow... If you have any further questions, go to askubuntu.com/questions/ask
-
Rinzwind almost 9 years@FatMind traces of a user in /var/log/auth.log are evidence of you NOT being hacked, not of someone hacking you. 1st thing I would do is remove the lines in there showing I was on your system.
-
Rinzwind almost 9 years@Fabby rkhunter ... it has so many false positives it is useless on its own. If you want protection with rkhunter you need to install 2 or more of those rootkit softwares and match the results.
-
Fabby almost 9 years@Rinzwind: I know... This was at the time Paranoid Panda was installing it, so I have some knowledge... ;-)