Apr 14

Checklist for securing the Asus Eee PC

Category: Linux,Xandros / ASUS Eee PC   — Published by tengo on April 14, 2008 at 3:24 pm

Over time, even an ambitious project like the ASUS EeePC will run into first problems. Its growing userbase also means more focus from the black hat community. An important measure to keep a system healthy and secure is updating and other common linux security measures.

Here is my growing/work-in-progress checklist for making the ASUS Eee PC more secure:

  • Run the "Install/Remove Software" tool and install available updates from ASUS/Xandros.or go to console and enter: "sudo apt-get update && sudo apt-get upgrade"
  • Disable unused services, a good security measure on any linux like OS.
  • Stupid tip 1: Choose strong passwords whenever you are asked to. Strong means have numbers and special chars in them, and longer than 8, better 12 chars
  • Stupid tip 2: Try securing the system by physical isolation: switch off WLAN whenever you don't need it, use encrypted access-points, do not leave the system unattended

Closing the SAMBA hole

1. You could use an iptables ruleset to block access and close the smbd security hole, but Xandros doesn't have iptables loaded.

2. You could stop the service. Go to console and type:

/etc/init.d/portmap stop
/etc/init.d/samba stop

this will just stop the services for this session as the system is kind of frozen to keep users from messing things.
3. Another measure would be to edit /etc/hosts.deny and add a line like:

portmap:ALL

to close access to the portmap service

4. or edit /usr/sbin/services.sh to deactivate unused services

5. or just update samba (more on system updates here)

sudo apt-get update
sudo apt-get install samba

6. or remove samba altogether if you do not need it

sudo apt-get remove samba