Re: Question about log in system

With all due respect, The weakest part of any secure system is the user. Keep that information safe. Is your system in a place that would make it a likely target for a hacker to even want to waste the time of trying to gain access to your personal machine?

Re: Question about log in system

It is still weak security, and yes, I get dozens of attempts at infiltrating my machines every week.

Security through obscurity is an oxymoron.

What is scarier is that while having physical access, any one can get root access without a password via the recovery mode in the boot loader.

The only reason I am trying FF is because a guy at school with the same laptop as mine gets the important features working, and I was having trouble in openSuSE. My home PC will NOT ever use Kubuntu.

So can some who understands security let me know what I am missing?

Re: Question about log in system

more than likely it is not an actual intrusion attempt and probably just a passive port scan you are picking up. I may be wrong, but that is more than likely it. In my opinion it is secure enough for what you need. But then, that's just my opinion.

Re: Question about log in system

Some are passive port scans some are not. That people are ignoring the question speaks volumes.

Its funny, in its quest to make Linux more user friendly, K/Ubuntu is actually less user friendly then a "normal" distro like openSuSE. They really need to stop with the "we think you are a retard" installer and find a reliable and logical package manager.

Re: Question about log in system

So you're offering remote logins? If you haven't installed a server that listens to remote logins (like an ssh-server), then remote login attempts are in vain.

If you actually use remote logins, you can fortify your system by disabling password logins and use host key based authentication.

If you're worried about port scan, the default installation of (k)ubuntu doesn't listen to any ports for outside connection, so you're closed up. If you want to run servers or just wish to stealth your computer, you can install and use software like guarddog to configure the built-in firewall.

With physical access to the machine, everyone can get root access to the machine, regardless of the OS, or security measures you've taken. The simplest way is to put in a LiveCD...and you're root. (one can also give grub boot options to get root access without a password, for example). Physical access = No security. Of course most security concerns are about remote security/vulnerability.

It just tells you that these questions have been brought up before, and have been discussed at length on other threads. If you wish to dive into security, search the forums for more information.

Re: Question about log in system

Man, where is this coming from?

First of all, how are you determining that your ports are being "scanned"? Are you behind a router, or are you running something on your system that has open ports? I have a server at my home running Slackware Linux. I run a small development Apache server on it. I have sshd and ftpd running for my convenience. It's behind a router, and the active listening ports are forwarded to the system by the router. I can scan my logs and see literally dozens of probe attempts against both the ssh and ftp ports. I don't have any particularly heavy additional security, because I've taken enough basic precautions regarding passwords, account names and file permissions to keep the wolves at bay. If I get a sense that something is weak, I can easily fix it or add any additional layers of protection i want...yes, even through obscurity (like utilizing different listening ports for the daemons). Sometimes, that's all one needs.

So, what is specifically happening to your system that indicates "passive" versus non-"passive" scans?

As for security in general, go Google "linux network security," and you'll find a ton of useful information about why security on this (and other Unix and *nix) type systems have always been light years ahead of Windows, long before attacks on remote systems became so common.

As for "any one [sic] can get root access without a password via the recovery mode in the boot loader", sure, anyone can hack your system if they can get their hands on it, physically. I know a couple of guys who can steal your car in about 30 seconds. I've heard of high-quality home security systems being bypassed, too. Generally, every one of these things happened because the owner of the property did something stupid: pared in a bad neighborhood; left the keys in the ignition; forgot to set the alarm; saved a few bucks by not adding certain windows to the alarm system; writing down their ATM PIN and leaving it in their wallet...you want me to go on?

Actually, Ubuntu and Kubuntu do something very interesting with the root account...they don't set a password. In order to do anything administratively, you have to use sudo and be part of a certain group (admin). You can't log in as root. You can't su to the root account. Yes, you can set a root password, but you have to be authorized to do so (logged in and using sudo). Adding users doesn't make them an automatic sudoer, either...you (as an admin) have to physically add them to that group for sudoers to work.

So, what is it specifically you're having such issues about? If you want to come in here and troll, or complain about this distro versus that one, don't waste your time or ours. You like SUSE better? Fine, go use it.

If you have a constructive, specific, detailed question to ask, ask it.

Re: Question about log in system

Oh, I forgot something else you said...

First of all, what's so "abnormal" about this distro? I first began playing Linux beck in 1992, when the kernel was at version 0.12 and you had to download the "install" archives from the Helsinki ftp server to diskettes. Since the advent of the GUI in Linux, and especially since GNOME and KDE were introduced, I've seen far more "normalization" among distros.

As for the "installer," you apparently have no idea how this is supposed to work. The Ubuntus install a fairly basic desktop system, and that install includes what most people want in a client system: network capability, an office suite, a decent browser (you get at least two), a variety of system management tools, and some extras. Once the system is running, you can then use one of the very capable package front ends to search for, install and update anything you like.

I've used both Synapic and Adept, and find neither designed for "retards." They're easy to use but include a number of extra features for the experienced user. Lots of use even use apt from the command line!

But with the GUI tools mentioned, I don't see how it gets any easier than this:
1. Start tool.
2. Provide password for sudo (there's that pesky system security again!)
3. Search package database for application/tool/library/whatever.
4. Click app name to set install.
5. Click apply.

Damn, that's tough.

Re: Question about log in system

Wow, lots of mindless fan boy replies. given that cds/dvds do not automatically boot and my bios is password protected, yet canonical in its stupidity allows anyone root access. So no, no one can access root if they have physical access to my machine, except that Kubuntu left the door open. Is this a representative comment on the ubuntu user abilities?
You forgot to add

6. wait for gui app to crash because feisty was rushed out the door
7. restart and pray
8. Dig through poorly written kubuntu wiki and pray that wireless will work
9. cheer when wireless finally works
10. curse the idiots working on kubuntu when your wireless card can't connect to a different network
11. look through the crappy docs again and find nothing
12. reinstall openSuSE and get a system that doesn't crash, can easily move from network to network
13. even though the updater in suse sucks it is years ahead of the dog crap in kubuntu, and it is very easy to switch to better repositories via smart(smart core dumps in krapbuntu)
14 cry when you realize that canonical is severely damaging linux adoption on the desktop

Re: Question about log in system

I don't want to get into a spitting contest with a troll, but you leave me no choice:

Kubuntu doesn't "allow anyone root access." When the system is installed, you are asked to create a user account. That account is given certain administrative privileges, provided the user calls commands using sudo. For GUI apps, the user has to press an "administrative mode" button and provide a password via kdesu (which calls sudo). You cannot routinely perform root tasks with this user account from the command line.

As I mentioned before, you can "activate" the root account for direct access by creating a password for it using sudo, as that administrative user. This is no different from any other distro that offers you the chance to create a root account during the system install.

I don't understand that "cd/dvds do not automatically boot." Sure they do, if you set the BIOS to allow it. Apparently, you have this feature turned off and you require a BIOS password. So what? These are operating choices you make. I still fail to understand what any of this has to do with "security" and why you believe that this version is any less secure than any before it.

Feisty was rushed out the door? Hmmm, let's see...the Herd 1 alpha release came out on December 2. I installed Herd 3 on a production system in February. Today is April 24, the release date was five days ago. That's four-and-a-half months. Doesn't sound "rushed" to me. I have experienced very few "GUI app crashes," and the ones I did experience were usually caused by other external issues. My wireless (Intel on an HP laptop) worked out of the box from day one of the herd install.

I travel extensively and have found only one network to which I had connection issues...at the Fort Lauderdale airport...which I discovered was not because of Feisty, but because of the weak signal in the Southwest terminal (where I heard plenty of griping Windows users, too). Since February, I've connected to at least six "private" ntworks in people's homes using various (or no) encryption, and at least three "public" networks in airports. Never had a problem.

Look, if openSUSE is so much better than this, why are you hanging around in this forum, on this site, which was a Kubuntu site last time I looked? If you're happy with your distro of choice, fine, have fun. But don't come in here to pick a fight with anyone over your perceptions of what Linux should be.

Just STFU and go away, okay, troll?

Re: Question about log in system

What does this have to do with security?

<gets out some crayons>

1. The earlier claim that anyone with physical access can easily get around root with an live CD, therefore the fact that anyone with physical access can do anything in recovery mode, easily accessed, was throughly disproved.

So, let's see...

2. No one can get around root on my systems, so can't gain root.

3. Except when krapbuntu is installed because it has easy front door access.

Now, are you so ignorant as to say this is not a security problem? I thought windoze fanboys were dumb.

Secondly, the single password system is absolutely retarded.

Most dumb people(windows and k/x/ubuntu users) use simple dictionary based passwords. Guess what happens with krapbuntu when an attaker finds that password? HE OWNS YOUR ENTIRE SYSTEM. He can install rootkits, add it to his burgening array of bots made up of windows and ubuntu machines, can use your system as a platform to launch mrore attacks(guess who gets a little visit?). In short, he owns you, totally. This is the exact opposite of good security.

Now, I don't use dictionary based passwords, but lets say that an attacker guesses it on my machine running suse. Now what? He can't access root so can do very little. Unless he was very very lucky, it would take him weeks if not longer to break into my user account, now double that for root access. hmm, why bother when Windows and Ubuntu is much easier?

I was talking about this with the system administrator at school where he is forced to run Ubuntu, he laughed, but is stuck with it. Anyway, he showed me a way to seperate them and make this POS more secure.

It really is sad that in its quest to make it "easier", they worsened the security. That is the same thing MS did and see where it got them. The problem with Ubuntu doing this is that the legitimate distros gets tarred because of Cannonical. Open source as a whole suffers.

openSuse is more secure, has a better installer, is easier to configure and update, in other words the exact opposite of Ubuntu. Ironic that OSes specifically designed for technically inept people are the hardest ones for them to use.

Anyway, no one was able to answer a simple question, except by a few fan boys who seem to no nothing about security. I would seriously love a legitimate answer to my question and an educated reply why this is not a security hole of epic proportions.

PLEASE

Re: Question about log in system

Heh, your attitude is quite amusing. FYI I don't think (k)ubuntu is technically the best distro around, so calling me a fanboy is stretching it more than a bit

If you're concerned about security, you must know that a BIOS password won't protect your computer, all one needs is a screwdriver to open the case and plug out the CMOS battery to reset the password. Or they could just take the computer with them.

If one absolutely needs security, encrypting all disks and locking the computer in a vault, setting a root password for recovery mode is a menial task compared to other measures that needs be taken.

There is no such thing as software local security, be it a grub password, bios password or recovery mode password.

Once again, remote users can attempt a login only if you offer remote logins...and if you choose to offer remote logins for admin accounts (the accounts that can use sudo to become root) you can set them to ask a different 'root' password if you wish. (But like I said, passwords aren't a good method of authentication anyway)

Just search the forums, you'll find your 'questions' answered in detail in a multitude of threads. As you seem to be more interested in bashing than legitimate discussion/questions, I'll spend my time on other threads where people actually want help.