IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [debian]

One of the earliest Linux distros and officially consist of only free software. Many distros has been derived from the Debian codebase, like Ubuntu and Knoppix.

91 questions
33
votes
2 answers

Is having a hidden directory under /etc safe?

On Debian 9, installing default-jre creates a hidden directory /etc/.java. This is flagged as a warning while I run rkhunter. Looking up online, I found an old bug report against Debian. The bug was closed stating the sysadmin could configure…
eternaltyro
  • 817
  • 7
  • 16
18
votes
5 answers

Is it really safe to pass sensitive data to another script via stdin, compared to passing via arguments (Linux)

Yes, the transfer to the script via arguments is visible through ps -ax, /proc//cmdline etc., BUT if someone has already gained access to your account from the outside (e.g. by hacking your browser) he will have no trouble looking not only ps…
NewLinux
  • 625
  • 3
  • 8
9
votes
2 answers

Remote Code Execution in apt/apt-get

Recently, a vulnerability has been found in apt that allows arbitrary code execution, see here. Is it reasonable just to update the system? Or we should be worried that this has been used and so probably reinstall? Note that debian suggest to update…
Ricky
  • 216
  • 1
  • 4
9
votes
2 answers

Hardening SSH security on a Debian 9 server

I am running the following version of GNU/Linux Debian: cat /etc/issue says: Debian GNU/Linux 9 Using the following kernel: uname -r says: 4.9.0-2-amd64 And running the following version of OpenSSH: apt-cache policy openssh-server | grep…
LinuxSecurityFreak
  • 1,562
  • 2
  • 18
  • 32
8
votes
2 answers

Prevent ARP spoofing with dynamic static entry on Linux

ARP spoofing detection/prevention seems to be quite popular here. With other techniques like port stealing aside, I'm wondering if the following could work to prevent it: Whenever my Linux workstation gets network connection, I could auto-add a…
K3---rnc
  • 181
  • 1
  • 4
6
votes
1 answer

I have a process called “watchbog” that is completely hogging my CPU and I don't know what it is

This process that has come out of nowhere is hogging my CPU and I have no clue what it is or how to get rid of it. You can see in the image below what it's doing: What is this process? How can I get rid of it? Every time I kill the process, it…
Anthony Frizalone
  • 61
  • 2
5
votes
2 answers

MongoDB/Debian server successfully attacked - reason for public ip to get to mongodb server?

I got a mongodb server which from the logfiles got a connection from a remote ip address, though its obviously not allowed (or to be more precise: the mongod is not bound to any public interface) due to the mongodb configuration file as shown…
Techradar
  • 177
  • 5
5
votes
1 answer

Apache naming for TLS_RSA_WITH_3DES_EDE_CBC_SHA

According to NIST and HIPAA guidance, I miss one cipher on a new web server: TLS_RSA_WITH_3DES_EDE_CBC_SHA Despite I read this one is discouraged, I am curious as to how do I add it? I am on Linux Debian 9 with Apache. Currently I have set up…
LinuxSecurityFreak
  • 1,562
  • 2
  • 18
  • 32
5
votes
1 answer

All weak Debian openssl DSA keys

More weak keys? 32768 weak keys can be downloaded for analysis, but are there more? Three times as many? There is much information about DSA-1571-1 openssl -- predictable random number generator. There are even several websites to download weak…
rickhg12hs
  • 163
  • 6
4
votes
3 answers

Security of decompression tools

How safe is it to decompress untrusted files with unrar-free? With unzip? I'm using debian jessie. What steps can be taken to minimize the threat while extracting the file's contents?
Aryeh Leib Taurog
  • 143
  • 1
  • 4
3
votes
1 answer

How to list all of the known root keys in docker (Docker Content Trust)

How can I list all of the Docker Content Trust root keys on my system? I am setting up a CI process that will use the debian:stable-latest docker image to build my application's releases in ephemeral cloud instances. I want to make sure that every…
Michael Altfield
  • 826
  • 4
  • 19
3
votes
0 answers

Version earlier than 0 in Debian OVAL feeds

I'm trying to parse Debian OVAL feeds to establish if some packages are vulnerable or not. I'm using criterions to establish what's the vulnerable version for a package, however often there are entries saying that "version is earlier than 0", e.g. …
Любомир Райков
  • 31
  • 1
3
votes
1 answer

the state of ASLR, PIE, SSP on Debian in 2018?

As far as I remember, most Debian Wheezy packages were not compiled with those useful security flags (ASLR, PIE, SSP, and more). Did the situation improve with Debian Squeeze or the upcoming Debian Buster ? By comparison, Ubuntu and Fedora have a…
puzzle
  • 81
  • 6
3
votes
2 answers

Detect and remove rootkit from Debian 8.5 (x64)

My Debian 8.5 (x64) server is infected with a rootkit, which I have detected by using a live CD to display the contents of /tmp and /var/tmp. I found out about the infection by seeing high CPU loads due to a cryptominer. The above directories…
Shuzheng
  • 1,097
  • 4
  • 22
  • 37
3
votes
1 answer

Is there a security tracker aggregated file for Ubuntu server like Debian has?

Debian has a JSON file containing all CVE<->Fixed package versions map. Link: https://security-tracker.debian.org/tracker/data/json Does Ubuntu have something similar?
drdrek
  • 165
  • 4
1
2 3 4 5 6 7