Linux

66037 readers

398 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 7 years ago

MODERATORS

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

File canary kill switch (gitlab.com)

submitted 3 days ago by lemmyuser@programming.dev to c/linux@lemmy.ml

8 comments fedilink hide all child comments

cross-posted from: https://programming.dev/post/52544724

I wrote a dead simple file canary tool that will install an eBPF program that drops all outgoing packets if a canary is touched. I wrote this in response to the current trend of supply chain attacks that try to harvest credentials

all 10 comments

sorted by: hot top controversial new old

[–] chicken@lemmy.dbzer0.com 9 points 3 days ago (2 children)

I wonder what the ideal placement or naming of such a file would be, where are credential scrapers going to check first?

[–] lemmyuser@programming.dev 14 points 3 days ago* (last edited 3 days ago)

I'm hesitant to share my list :)

I'd consider looking at recent attacks by TeamPCP and the recent AUR compromise for inspiration. Some obvious targets are fake SSH keys, cloud provider credentials that you don't use, package manager credentials that you don't use, etc. Also things that allow a configuration and accept a default value you can place a canary at the default value and configure for a different path.

[–] moonpiedumplings@programming.dev 6 points 3 days ago

TeamPCP is very interesting, since they actually reused an open source secrets scanner to find secrets:

https://github.com/trufflesecurity/trufflehog

So if you wanted to know, I'd start by looking there.

[–] corsicanguppy@lemmy.ca 4 points 3 days ago (1 children)

Have we ever considered not using really bad installer paradigms until they're fixed? It seems like alternatives are right there, but still people are choosing the worst idea and running with it.

I say this as someone who worked Unix and Linux security for an OS vendor -- better alternatives are there.

[–] umbrella@lemmy.ml 4 points 3 days ago

what better alternatives would you personally opt for instead?