Mine keeps showing me propaganda about some "Wish Granter" in the center of The Zone. Screw that, I'm not going beyond Brain Scorcher for a fairy tale.
You would be amazed at how many legacy systems are frozen in update time out of fear that running updates will break systems that no one remembers how to fix...
AFAIK, ufw allow 80 and 443 are only necessary if you are running a web server. The "default allow outgoing" will allow you to initiate connections on those ports to remote websites and receive their responses on the appropriate ports just fine. By including those allow rules, you're opening the ports for outsiders to _initiate_ incoming connections into your box on those ports. (Inconsequential if you don't have anything actually listening on them, but still important to understand.)
This is one of your better videos Chris. You going into the terminal and showing people what you mean and how to do things is what people want I think.
While it might be more complicated to use, I highly prefer iptables over uwf, it allows for better finetuning and mastery. The mean and short version: allow all "localhost traffic" allow outgoing traffic (mostly) log + allow incoming traffic only if you really use it (like your network printer, ...) preferably with its real IP address everything else, shoot on sight :-D (that includes forwarding traffic) TBH: if all you have is a desktop machine, you shouldn't have that much incoming traffic to begin with.
I've set my fail2ban to ban for 300days after 2 failed attempts (excluded localhost and white listed ip's) as well as enabling Apache2 , phpmyadmin and sendmail modules. Also i've noticed a few "embedded" systems using VERY old Linux kernels, they tend to be heavly proprietary devices that official support has lapsed and tend to be "set up and forgoten". So I'm not too surprised they needed to specify updating very old kernels (Heck 747 aircraft still use 3.25 floppy disks to update internal firmware!)
There is also some IoT devices, which can fit into this category. They tend to never see updates and use old kernels in some instances. I get it, but it was just how things were worded.
Thank you Chris for another great video! The latest Kernel on Arch is 5.8.1,if you use Tails OS from a USB or even know how to use an Arch/Fedora even a simple Debian install with all the stuff that you need you are safe from this vulnerability, it's mostly made for ancient IoT devices and old servers as for Windows latest systems they have backdoors upon a fresh install,which are exploited constantly. If we are talking about live sample things I would say that running a Windows 10 with outlook account today is a lot less secure, than running any Linux OS,on Windows 10 you just need latest updates for another backdoor from MS to be installed on your machine. Majority of cybercrime targets Windows as main OS platform,on Windows all you have to do is hijack a browser by sending a link ot making an extension for crypto-mining or gathering data it is a much easier cyber attack pattern and much more profitable than to do a much more complex attack on a Kernel level on any Linux OS.
Good stuff! A quick suggestion for your script would be to add comments to the UFW lines so that it's easier to remember what a rule does later on. Also there are certain presers for certain applications like ssh. So for example: ### ufw allow ssh comment 'Allows ssh on port 22' ufw allow http comment 'Allows http on port 80' ufw allow from 192.168.1.0/24 to any port 32400 comment 'Allows LAN connections to Plex server' #Which equals: ufw allow from any to any port 22 proto tcp comment 'Allows ssh on port 22' ufw allow from any to any port 80 proto tcp comment 'Allows http on port 80' ufw allow from 192.168.1.0/24 to any port 32400 comment 'Allows LAN connections to Plex server' ### Finally: ufw will ask for user input when enabling the firewall. You could automate (be careful to not lock yourself out!) the step with: ### echo y | ufw enable ### To view your rules you can: ### ufw status ufw status numbered ufw status verbose
Regarding kernel version 3.7 or later...a lot of enterprise retail companies (Walmart, Ahold-Delhaize, etc) use much older kernels, such as 2.6, as they are unable (or unwilling) to update their systems past an ancient distro (something like RHEL 6.5). It's an unfortunate reality within larger organizations for us lowly engineers - one where the company refuses to upgrade because of the old "if it works, why fix it", and because there isn't really a single conglomerate like Microsoft forcing updates down their throats - thus allowing them to kinda just install it once and leave it alone for all of time and eternity.
Having done some Embedded Linux development, I have had to use an old version of the Linux Kernel that was from something like 2.x because the audio chip wouldn't run on later kernels. We were also running on a very low power microprocessor, something with 144 pins and DDR memory. It happens, but in my experience, things like that aren't internet connected and are used for stability in the given task. There are edge cases, and it does happen, but it probably isn't very common.
It’s extremely common. Most of the most important coms and military systems on earth are still on windows 98 or XP, as are many governments on earth still using ancient licenses for banking, and fax for communication, and floppy for cold storage. I think it’s actually very common
I’m right with you in not using secureboot, every time I turn it on my Linux Razer laptop (whose motherboard isn’t inherently Linux-aware) fails to load the GUI since it fails to detect the GPU
Secure boot is more of a last resort and can be a hassle. I'd say use a bios boot password, limit the media you can boot to by default, and encrypt your laptop instead in general.
Well I think it isn't meant for home users as much, but for enterprise users...I wouldn't be amazed if there are some small companies running an old application on CentOS 6 without any updates.
Useful information! I run Ubuntu on ZFS and that is not an UEFI install. I'm afraid of crashing the system, changing it to UEFI install. I did run the checks and my unsigned modules are 3 from VBox :) I moved all my "work/hobby" to Virtual Machines and with one exception, the Host OS and the VMs are closed for inbound traffic. The Ubuntu 16.04 LTS Banking VM has Linux 4.15.0-112, so I'm safe there, beside it is the VM, whose virtual disk is encrypted by Virtualbox :). The only systems with some open ports are my backup server and my laptop and they are powered-on for 1 hour/week (back-up server) and say 3 hours/week (laptop). If I go on the road, my Host OS on the laptop will be closed for all inbound traffic too, its VMs are an up-to-date copy of the desktop VMs :)
I let closed all ports. Just as the default ufw does. I dont run any service here that needs some ports to be open. When there exist a port open, its because I have opened It due to some program using It (most apps does It automaticaly).
I find that the best way to avoid drovorub aside from making sure you have latest security updates and everything else is to act on internet like anybody else. Don't do anything that will make you stand out and you won't catch attention from bad guys since you won't be interesting to hackers and they won't attack your pc since you're basicaly nobody. Don't stand out on internet and you'll be safer than somebody who stands out for any reason.
I don't understand the Drovorub test. In Terminal: touch testfile; echo “ASDFZXCV:hf:testfile” > /dev/zero But I receive no answer from the Terminal...
I've tried reinstalling kali but the /media partition won't unmount which I'll assume is where the module is located. Or some process that doesn't want the partition unmounted, especially when it will be formated during the kali installation.
My kali usb is non writable so I'm assuming the only way for them to continue this is to make it to where the partition that contains the necessary files for this to work.
Read Peter Riches comment on your web page and the following worked for me; "shortened the grep pattern: "signature" to "signat" and then none of them came up as unsigned." In Linux Mint 19.3, I now had only three; all Virtual Box related.
So what does the 'sudo sysctl mib' command do? Even in the video after you ran the script, the output read 'sysctl: cannot stat /proc/sys/mib: No such file or directory'.
Dear Mr. Titus, question about ufw ports. I use qBitTorrent and I'd like to know how to set "safely" the network tab. 1. Should I "allow" port 36013 in ufw? 2. Should I check "Use UPnP/NAP-PMP to open the router"? 3. Protocol: TCP & uTP, or TCP only? Should I set some server proxy? Many thanks in advance.
Hey Chris. I want to thank you for all your Linux videos and windows videos, especially Linux they've helped me out greatly! I was wondering if you've ever used firejail? And regardless if you have or haven't, could you do a video on it?
Eventually I'll get there. However, I'm still working my day job and not exactly ready for it right now. I'd love to buy a split AC system so I don't have tons of background noise I have to fix in post or get a room larger than 8x10, but this is at least a year away.
It didn't surprise me about the kernel version. At least they know that the Internet is full of Linux machine still running kernel under v3.7 which is notoriously bad especially router and IoT devices.
well, YT decided to unsub me at some point so yeah... anyway another tip for SSH is changing the ssh port you use like instead of 22 use 9342, granted yes you have to change it on all of your stuff but how many ssh attackers are going to bother to go through every single port to see if ssh is on 5142 instead of 22. so I change ssh port, then deny 22, and ban all 22 requests and then limit the port I am actually using for ssh
Great video, as a newer user to Linux it's taking me awhile to review all terms mentioned, but I'm enjoying and learning from your videos. I have 116 (yeah that's right, 116) unsigned kernel modules in Linux Mint 19.3 Tricia. Wondering why?
a good video chris one problem is that secure boot is not safe to use sens there has been vulnerability in it, don't know if microsft have patch it but.
I recently bought a MintBox Mini 2 Pro,that comes with Mint 19.* installed. Surfing news (really) I got a Full Screen Microsoft Screen,which gave me a phone number to call for the KEY to unlock my MS computer. Imagine my surprise. No mouse or keyboard. So I unplugged. After a week,I got a sfck to work,but now my password will not work for installing updates. I do not have to use it for restarts.??. I have visited the Mint Forums, techmint(Great) and u tube, I am getting up courage to follow up to reset the password. The more I read the more confused I get. There seems to be a root password,and a password. ???. I got the Linux command line and shell scripting Bible,also great , but conventional. Where do I go or what do I read to better understand the implications of what people are suggesting,as all are similar but different.Is it jus experience or writing programs?
Windows viruses are easy to get Linux viruses hard but not impossible. It's arrogant to think no one would care to make viruses for it. Especially if Google Chrome and Steam bother to make ports to Linux! I donwload a bunch of crazy weird stuff, when I was using Windows10 I'd get a virus 1-2 times a week and got really sick of it and after using Ubuntu for 6 months I got 1 and then freaked out and format my hard drive and had frustration getting past the debian install but 8 hours later I figured it out and, feels awesome.
Yeah I'm new to the whole Linux scene, but even I know there's some Linux users holding ancient kernels, just because they can. Probably Arch users. ;) lol
Please create a video with macOS in KVM/QEMU, the open core project isn't working for me , I even tried the foxlet project in GitHub but I was facing problems with VRAM.
Question - using a bootable flash drive loaded with linux mint using rufus on your computer ... is that safe to use, even when you connect it to the internet?
are there any viruses out there for linux that can actually attack your bios ???? I had to actually pull my bios battery on my desktop to get it to boot up with a video card plugged in. system wouldnt even power on with a beep until i did that.
What should the output of the modinfo script be? I have 119 item list of "no signature" and the module_name on Mint 19.3 install, is that expected? You didn't talk about what output was to be expected from running that for script. I believe you might want to grep -q for "signat" instead of "signature" since that is the actual field name output for modinfo on Mint, please correct me if I'm wrong. Thanks for all your content.
i am using brave for a month now i really like the brave's ad blocking shield and ram usage is little bit lower then chrome but since a week brave reward ads stooped i tried every setting in windows and in brave but nothing works, any suggestion ?
I'm from the Government, and I'm here to help. The 9 most scariest words in the English Dictionary. According to President Ronald Reagan. As a former worker for a U.S. government agency, I can completely understand why the report is this far outdated on systems information.
Just learn iptables with a few simple commands you can do everything fail2ban does without installing anything. UFW is completely unnecessary. Also outbound traffic will use a random unprivileged port to connect to 80 or whatever on the server
Hi. I just would like to ask should one who Linux Kernel 5.4.0-42Genric care about this Malware? I use FerenOS KDE with this Linux Kernel. If I understand correct support for this Kernel ends 2023. I have Clam on my Linux laptop computer. The version of FerenOS I use is 2020.07. I hope some would know about this. Yours Christer
Most of the people that need to worry are IoT devices and very old servers that were never updated. For most Linux Desktop users, this isn't something you need to worry about. However, I still recommend securing your box to the best of your ability.
I have a similar result. Mine is lkp_Ubuntu_5_4_0_42_46_generic_70. I don't know what to do with it. Chris said desktop users don't have to worry about it. Does it mean I don't have to worry about this specific kernel?
For this command (for mod in $(lsmod | tail -n +2 | cut -d' ' -f1); do modinfo ${mod} | grep -q "signature" || echo "no signature for module: ${mod}" ; done) I am getting this output: no signature for module: rtl8821ce no signature for module: system76_io no signature for module: system76_acpi
Cheatsheet: christitus.com/secure-linux/
hey how about fedora user? firewalld so that first step sudo ufw.... , what are the alternative commands for firewalld users ??
Hey Chris Titus Tech, you didn't demonstrate checking for testfile before checking unsigned packages. What is that supposed to look like?
I positive that I have this or something similar on my Kali OS
I was wondering why my pinephone kept playing hardbass, now I know...
lol
ROFL good one LOL
lol
Mine keeps showing me propaganda about some "Wish Granter" in the center of The Zone. Screw that, I'm not going beyond Brain Scorcher for a fairy tale.
@@mythos5202 Get out of here
You would be amazed at how many legacy systems are frozen in update time out of fear that running updates will break systems that no one remembers how to fix...
Windows update breaking Windows
AFAIK, ufw allow 80 and 443 are only necessary if you are running a web server. The "default allow outgoing" will allow you to initiate connections on those ports to remote websites and receive their responses on the appropriate ports just fine. By including those allow rules, you're opening the ports for outsiders to _initiate_ incoming connections into your box on those ports. (Inconsequential if you don't have anything actually listening on them, but still important to understand.)
You have 200k subscribers already?! I remember back when it was like 10k! Keep up the great vids
Thanks Ocarina! I cringe on some of my old videos and salute you that have stuck with me this long.
Kernel 3.7? Dang, even my WiFi routers are running later versions... 😂
Still nothing compares to my classmates automatically opening usb 16gb shortcuts in their pen drives.
That's because the IT departments don't know how to use the group policy editor. My sons' school is the same way.
This is one of your better videos Chris. You going into the terminal and showing people what you mean and how to do things is what people want I think.
NSA/FBI: attacker, gray alien wearing a hoodie and shades. 🤔
Seems legit.
While it might be more complicated to use, I highly prefer iptables over uwf, it allows for better finetuning and mastery.
The mean and short version:
allow all "localhost traffic"
allow outgoing traffic (mostly)
log + allow incoming traffic only if you really use it (like your network printer, ...) preferably with its real IP address
everything else, shoot on sight :-D (that includes forwarding traffic)
TBH: if all you have is a desktop machine, you shouldn't have that much incoming traffic to begin with.
I've set my fail2ban to ban for 300days after 2 failed attempts (excluded localhost and white listed ip's) as well as enabling Apache2 , phpmyadmin and sendmail modules.
Also i've noticed a few "embedded" systems using VERY old Linux kernels, they tend to be heavly proprietary devices that official support has lapsed and tend to be "set up and forgoten". So I'm not too surprised they needed to specify updating very old kernels (Heck 747 aircraft still use 3.25 floppy disks to update internal firmware!)
There is also some IoT devices, which can fit into this category. They tend to never see updates and use old kernels in some instances. I get it, but it was just how things were worded.
Thank you Chris for another great video! The latest Kernel on Arch is 5.8.1,if you use Tails OS from a USB or even know how to use an Arch/Fedora even a simple Debian install with all the stuff that you need you are safe from this vulnerability, it's mostly made for ancient IoT devices and old servers as for Windows latest systems they have backdoors upon a fresh install,which are exploited constantly.
If we are talking about live sample things I would say that running a Windows 10 with outlook account today is a lot less secure, than running any Linux OS,on Windows 10 you just need latest updates for another backdoor from MS to be installed on your machine. Majority of cybercrime targets Windows as main OS platform,on Windows all you have to do is hijack a browser by sending a link ot making an extension for crypto-mining or gathering data it is a much easier cyber attack pattern and much more profitable than to do a much more complex attack on a Kernel level on any Linux OS.
I salute you Chris, I couldn't finish reading the document, and great video.
Good stuff! A quick suggestion for your script would be to add comments to the UFW lines so that it's easier to remember what a rule does later on. Also there are certain presers for certain applications like ssh. So for example:
###
ufw allow ssh comment 'Allows ssh on port 22'
ufw allow http comment 'Allows http on port 80'
ufw allow from 192.168.1.0/24 to any port 32400 comment 'Allows LAN connections to Plex server'
#Which equals:
ufw allow from any to any port 22 proto tcp comment 'Allows ssh on port 22'
ufw allow from any to any port 80 proto tcp comment 'Allows http on port 80'
ufw allow from 192.168.1.0/24 to any port 32400 comment 'Allows LAN connections to Plex server'
###
Finally: ufw will ask for user input when enabling the firewall. You could automate (be careful to not lock yourself out!) the step with:
###
echo y | ufw enable
###
To view your rules you can:
###
ufw status
ufw status numbered
ufw status verbose
Regarding kernel version 3.7 or later...a lot of enterprise retail companies (Walmart, Ahold-Delhaize, etc) use much older kernels, such as 2.6, as they are unable (or unwilling) to update their systems past an ancient distro (something like RHEL 6.5). It's an unfortunate reality within larger organizations for us lowly engineers - one where the company refuses to upgrade because of the old "if it works, why fix it", and because there isn't really a single conglomerate like Microsoft forcing updates down their throats - thus allowing them to kinda just install it once and leave it alone for all of time and eternity.
None of my devices have the malware, but my tablet is stuck on the 3.0 kernel, so kernels older than 3.7 are still in service.
Thank you, Chris. Good content.
'netstat' is replaced by 'ss'.
Please stop using netstat and ifconfig, unless you are on a kernel older than 3.7
@Repairman ATDT911
I'll get to setting up my honey pots to try and get a live sample for ya. I'll update the comment if I find anything
Having done some Embedded Linux development, I have had to use an old version of the Linux Kernel that was from something like 2.x because the audio chip wouldn't run on later kernels. We were also running on a very low power microprocessor, something with 144 pins and DDR memory. It happens, but in my experience, things like that aren't internet connected and are used for stability in the given task. There are edge cases, and it does happen, but it probably isn't very common.
It’s extremely common. Most of the most important coms and military systems on earth are still on windows 98 or XP, as are many governments on earth still using ancient licenses for banking, and fax for communication, and floppy for cold storage.
I think it’s actually very common
Great information...thank you! However you must also disable the remote root login in the sshd_config file.
Thanks for the script! Could you make a more in-depth video on how to secure our system?
I’m right with you in not using secureboot, every time I turn it on my Linux Razer laptop (whose motherboard isn’t inherently Linux-aware) fails to load the GUI since it fails to detect the GPU
Secure boot is more of a last resort and can be a hassle. I'd say use a bios boot password, limit the media you can boot to by default, and encrypt your laptop instead in general.
fail2ban blocks the ip; they just move on to the next ip in the subnet. You have to block the entire subnet.
With some more secure distros (like openSUSE) you need to put the check unsigned kernel command in a bash file and run with sudo.
Thanks Chris,
You give me knowledge that no one can give
Well I think it isn't meant for home users as much, but for enterprise users...I wouldn't be amazed if there are some small companies running an old application on CentOS 6 without any updates.
From what I understand is this malware embeds itself on your 5 1/4 floppy drive and 28.8 baud modem.
Useful information! I run Ubuntu on ZFS and that is not an UEFI install. I'm afraid of crashing the system, changing it to UEFI install. I did run the checks and my unsigned modules are 3 from VBox :) I moved all my "work/hobby" to Virtual Machines and with one exception, the Host OS and the VMs are closed for inbound traffic. The Ubuntu 16.04 LTS Banking VM has Linux 4.15.0-112, so I'm safe there, beside it is the VM, whose virtual disk is encrypted by Virtualbox :).
The only systems with some open ports are my backup server and my laptop and they are powered-on for 1 hour/week (back-up server) and say 3 hours/week (laptop). If I go on the road, my Host OS on the laptop will be closed for all inbound traffic too, its VMs are an up-to-date copy of the desktop VMs :)
I always close port 22 altogether.
If you don't need SSH I highly recommend this! SSH is the most attacked port out there.
@@ChrisTitusTech I simply modify my SSH-server config file to use another port :)
At this point it's probably best to just close 22 and use a different port for ssh
Moving sshd to different port won't protect for long time. Botnets will find it eventually.
I let closed all ports. Just as the default ufw does. I dont run any service here that needs some ports to be open. When there exist a port open, its because I have opened It due to some program using It (most apps does It automaticaly).
I find that the best way to avoid drovorub aside from making sure you have latest security updates and everything else is to act on internet like anybody else. Don't do anything that will make you stand out and you won't catch attention from bad guys since you won't be interesting to hackers and they won't attack your pc since you're basicaly nobody. Don't stand out on internet and you'll be safer than somebody who stands out for any reason.
Chris - good video enjoyed the coverage of ufw and fail2ban
Security always an interesting subject.
I don't understand the Drovorub test. In Terminal: touch testfile; echo “ASDFZXCV:hf:testfile” > /dev/zero
But I receive no answer from the Terminal...
Very informative. Thank you so much. This helps me out today, and gives me things I may want to do in the next six months or so.
I've tried reinstalling kali but the /media partition won't unmount which I'll assume is where the module is located. Or some process that doesn't want the partition unmounted, especially when it will be formated during the kali installation.
You’ll be amazed how many servers use linux kernel 2.6 still
My kali usb is non writable so I'm assuming the only way for them to continue this is to make it to where the partition that contains the necessary files for this to work.
Read Peter Riches comment on your web page and the following worked for me; "shortened the grep pattern: "signature" to "signat" and then none of them came up as unsigned." In Linux Mint 19.3, I now had only three; all Virtual Box related.
Ok another night trying to learn Linux and it's advantages. Thank u for the video.
8:20 firewald can also do it but sadly is less uncomplicated.
thanks. helpful with the manjaro linux 6.9.1 i'm using....
"there's a bug in Windows 7 and we need to be worried" lmao
laughs in linux
Plz one video on your desktop customisation I like your desktop
So what does the 'sudo sysctl mib' command do? Even in the video after you ran the script, the output read 'sysctl: cannot stat /proc/sys/mib: No such file or directory'.
Dear Mr. Titus, question about ufw ports. I use qBitTorrent and I'd like to know how to set "safely" the network tab. 1. Should I "allow" port 36013 in ufw? 2. Should I check "Use UPnP/NAP-PMP to open the router"? 3. Protocol: TCP & uTP, or TCP only? Should I set some server proxy? Many thanks in advance.
Is deny incoming something you have to to do when the firewall is on?
Hey Chris. I want to thank you for all your Linux videos and windows videos, especially Linux they've helped me out greatly!
I was wondering if you've ever used firejail? And regardless if you have or haven't, could you do a video on it?
How to disable compilers in Linux.
Great video, any plans to increase video production? :D
Eventually I'll get there. However, I'm still working my day job and not exactly ready for it right now. I'd love to buy a split AC system so I don't have tons of background noise I have to fix in post or get a room larger than 8x10, but this is at least a year away.
Please make a video on making an owncloud storage solution and mounting external drives to it
In docker. Because that's always better. Also NextCloud is better according to most users. Same interface.
Here is a past video for NextCloud ruclips.net/video/_eS5MST_zCw/видео.html
@S T I want to mount an external drive in it. Even nextcloud has some problems with this in my instance.
You running a raspberry pi?
@@Jimmy_Jones no. It is a 32bit ubuntu machine (non server and it is a fitPC2i)
Some really good tips! Thanks Chris
Why isn't your router's firewall rules (which generally block all unsolicited traffic) good enough? is this just a secondary defense?
I run Razor keyboard, Mouse and Headset - These kernels are unsigned.
no signature for module: razerkbd
no signature for module: razermouse
Which Operating System are you using here? Please answer. It's look is amazing.
some people say that fail2ban takes up a lot of ram; there is another project, called ossec that is said to do better
I got "no signature for module: lkp_Ubuntu_5_4_0_42_46_generic_70 not found". Is it okay?
CTT "fighting the good fight" .......Salute.
It didn't surprise me about the kernel version. At least they know that the Internet is full of Linux machine still running kernel under v3.7 which is notoriously bad especially router and IoT devices.
well, YT decided to unsub me at some point so yeah... anyway another tip for SSH is changing the ssh port you use like instead of 22 use 9342, granted yes you have to change it on all of your stuff but how many ssh attackers are going to bother to go through every single port to see if ssh is on 5142 instead of 22. so I change ssh port, then deny 22, and ban all 22 requests and then limit the port I am actually using for ssh
Can you or have you done a video on secure boot and signing modules, and what to do of you can't boot due to an unsigned module, etc?
Great video, as a newer user to Linux it's taking me awhile to review all terms mentioned, but I'm enjoying and learning from your videos. I have 116 (yeah that's right, 116) unsigned kernel modules in Linux Mint 19.3 Tricia. Wondering why?
Is that alot?
annoymous - yes, see my other comment where I got it down to three (3).
3.11 WFW!
They traced back all 3.7 kerel users.. Only Brian Lunduke got an email.. ;-)
What if I told you I bought a new, sealed Windows 3.11 and DOS 6.22 set on floppies in 2019? Also, 6.22 is twice 3.11... 😎
@@WR3ND I have 6.22 on floppy =) I still have a server that runs 6.22... I don't dare put the old hoopty online. it's veterinary software.
@@DaveSomething Nice. I'm just a computer and technology hobbyist and selectively enjoy using both newer and older software and hardware. Cheers.
a good video chris one problem is that secure boot is not safe to use sens there has been vulnerability in it, don't know if microsft have patch it but.
I love your content a lot.
Hugs from Brazil
hey chris could u keep ur terminal up a little higher, when u enter commands the play button on you tube blocks its thank youuuu
Nice Vid! Thank you! Whatg for a gnu/linux did you use in this video?
your terminal UI looks sick, how can I customize mine?
Google it
He did make a video on that some while ago
I recently bought a MintBox Mini 2 Pro,that comes with Mint 19.* installed. Surfing news (really) I got a Full Screen Microsoft Screen,which gave me a phone number to call for the KEY to unlock my MS computer. Imagine my surprise. No mouse or keyboard. So I unplugged. After a week,I got a sfck to work,but now my password will not work for installing updates. I do not have to use it for restarts.??. I have visited the Mint Forums, techmint(Great) and u tube, I am getting up courage to follow up to reset the password. The more I read the more confused I get. There seems to be a root password,and a password. ???. I got the Linux command line and shell scripting Bible,also great , but conventional. Where do I go or what do I read to better understand the implications of what people are suggesting,as all are similar but different.Is it jus experience or writing programs?
You should do an update to this video if it needs updating
Windows viruses are easy to get Linux viruses hard but not impossible.
It's arrogant to think no one would care to make viruses for it. Especially if Google Chrome and Steam bother to make ports to Linux!
I donwload a bunch of crazy weird stuff, when I was using Windows10 I'd get a virus 1-2 times a week and got really sick of it and after using Ubuntu for 6 months I got 1 and then freaked out and format my hard drive and had frustration getting past the debian install but 8 hours later I figured it out and, feels awesome.
@ZAXV2 :) Thank you.
Hi and thank you so much for the video. I was wondering if I need ufw even if I do not ssh into it from outside and the firewall is activated?
Yeah I'm new to the whole Linux scene, but even I know there's some Linux users holding ancient kernels, just because they can. Probably Arch users. ;) lol
Arch users are like the opposite of that. You might be thinking of Slackware.
nah arch users are the opposite of that, You might be thinking of Android
Yeah you constantly get kernel updates in Arch Linux like every other day or something like that so everyone most likely has a kernel way past 3.7
I really don’t see anyone in their right mind you a really old kernel from like 2012 lol.
nah, Arch users are the opposite of that. You might be thinking of Fedora
system76_io and system76_acpi are unsigned? Is that normal?
Thanks again for your Win_Debloat guide on your website. I get 92 Processes at idle...yesss!!!
My Ubuntu cursor is moving strangely
Great video, thank you!
Please create a video with macOS in KVM/QEMU, the open core project isn't working for me
, I even tried the foxlet project in GitHub but I was facing problems with VRAM.
I love you Chris, you are a awesome dude.
Thank you very much for the video!
Question - using a bootable flash drive loaded with linux mint using rufus on your computer ... is that safe to use, even when you connect it to the internet?
Wait, I can't enable secure boot on Arch?
are there any viruses out there for linux that can actually attack your bios ???? I had to actually pull my bios battery on my desktop to get it to boot up with a video card plugged in. system wouldnt even power on with a beep until i did that.
What should the output of the modinfo script be? I have 119 item list of "no signature" and the module_name on Mint 19.3 install, is that expected? You didn't talk about what output was to be expected from running that for script. I believe you might want to grep -q for "signat" instead of "signature" since that is the actual field name output for modinfo on Mint, please correct me if I'm wrong. Thanks for all your content.
i am using brave for a month now i really like the brave's ad blocking shield and ram usage is little bit lower then chrome but since a week brave reward ads stooped i tried every setting in windows and in brave but nothing works, any suggestion ?
I'm from the Government, and I'm here to help. The 9 most scariest words in the English Dictionary. According to President Ronald Reagan. As a former worker for a U.S. government agency, I can completely understand why the report is this far outdated on systems information.
What are the advantages and disadvantages of EUFI enabled in Linux.
UEFI.
Hi! can you make a NextDNS video for Linux?
Can you please make a video on secure boot
Oh you've passes 200k. Nice
Do I have to worry if I'm a desktop Linux user?
Information about customising zsh with that prediction, anyone?
11:10 if there is no netstat, try ss :)
Just learn iptables with a few simple commands you can do everything fail2ban does without installing anything. UFW is completely unnecessary.
Also outbound traffic will use a random unprivileged port to connect to 80 or whatever on the server
Hi. I just would like to ask should one who Linux Kernel 5.4.0-42Genric care about this Malware? I use FerenOS KDE with this Linux Kernel. If I understand correct support for this Kernel ends 2023. I have Clam on my Linux laptop computer. The version of FerenOS I use is 2020.07. I hope some would know about this.
Yours Christer
Most of the people that need to worry are IoT devices and very old servers that were never updated. For most Linux Desktop users, this isn't something you need to worry about. However, I still recommend securing your box to the best of your ability.
I have a similar result. Mine is lkp_Ubuntu_5_4_0_42_46_generic_70. I don't know what to do with it. Chris said desktop users don't have to worry about it. Does it mean I don't have to worry about this specific kernel?
Hello chris, i have an issue of gamemode breaking.
For this command (for mod in $(lsmod | tail -n +2 | cut -d' ' -f1); do modinfo ${mod} | grep -q "signature" || echo "no signature for module: ${mod}" ; done)
I am getting this output:
no signature for module: rtl8821ce
no signature for module: system76_io
no signature for module: system76_acpi
How can I remove spyware like right now
I just installed Astra Linux and it runs well. Was that a mistake?