Page 2 of 2

Re: Dangerous updates?

Posted: Fri Mar 15, 2019 2:26 pm
by jonetsu
I must add that the Speck cipher by the NSA in the current Linux kernels was not shown to have a backdoor. I'm sorry to have have mislead. OTOH, as I mentioned a previous cipher from a government agency did have a backdoor, so the reputation is not very good. Also, Speck will be seemingly dropped in kernel 4.20 not because of the NSA's bad reputation but because Google has decided to drop its uses for Android.

Now, if you want to secure just a little bit more your box, look at the networked processes that are running and look at the firewall.

For instance, running as root :

% netstat -ntulp

I get the following networked processes, and only those (I have no printer connected) :

Code: Select all

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1285/lighttpd       
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      998/systemd-resolve 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1258/sshd           
tcp6       0      0 :::22                   :::*                    LISTEN      1258/sshd           
udp        0      0 127.0.0.53:53           0.0.0.0:*                           998/systemd-resolve 
udp        0      0 0.0.0.0:68              0.0.0.0:*                           1460/dhclient       
(lighttpd and sshd do not get any incoming requests from outside)

For starters, why would you need rpcbind and NFS-related processes running when you do not use NFS ?

Then a basic firewall (if none was installed by the distro) should be good. To check your firewall, as root (w/o the mangle table) :

% iptables -nvL

The output here would be way too long and no so much important to post here.

To check if there's anything in the NAT dept.:

% iptables -t nat -L