I frequently hear that weak configurations, insecure software, and lack of timely updates pose significant risks in Linus systems. I have also heard of privilege escalation and kernel vulnerabilities, however, I do not know what these are. can anyone shed some light on some of the common vulnerabilities associated with Linux systems?
Brute forcing is one. But from my experience, the majority of vulnerabilities come from apps/software that isn’t continuously patched and updated.
I am still learning so much about Linux but one thing I have learned a lot about is vulnerabilities and how to prevent them.
In most cases, anything you use on the system should always be updated and regularly as this will protect you from vulnerabilities but I feel that is the same on any OS and is standard.
One major vulnerability that I have really found in Linux is errors in the Kernel. When there is a flaw in the kernel, it is always a tad difficult to patch. Most times, it always requires a whole update of the kernel. Linux users always procrastinate with these updates and leave their systems vulnerable.
To avoid vulnerabilities, it is best to minimize the attack surface. For example,
- Use a firewall to prevent public connections from accessing internal ports
- Do not make internal resources such as databases accessible to the public
- Change SSH port to uncommon one, avoid root login, and close password login (use SSH key instead)
- If multiple users use the system, separate their privileges and don’t give them full sudo privilege
- Be cautious about using SMB, FTP, NFS, Telnet, etc. Unless you really need them, do not use them.
- Update your packages periodically and check your public applications (such as websites) for vulnerabilities.
One of the vulnerabilities with Linux networks is remote code execution vulnerabilities. This exists like a backdoor in the network and attackers often use it to run dangerous codes and takeover the entire network remotely.
Some webhosters like 000webhost are using plain text FTP and then it could be dangerous process to still using them to transfer your files from Linux to 000webhost using FileZilla so an attack is possible from this end point.