Ok, so I’ve had my new Eee PC 1000 for several days and am loving it. But, I did find a few really glaring security issues. So with a lot of research I’ve come up with a basic list of must do’s for any new Eee PC owner.
- Shutdown Samba and Portmap – These services are on by default and there are known security issues with the version of Samba that comes with the EeePC. Here is how to make sure they are stopped and don’t come back on. Be warned, if you do this you will not be able to share files with others from your computer, though you can access files on other computers:
- First start up a terminal window by pressing Ctrl + Alt + T
- Next issue the following commands:
- sudo invoke-rc.d samba stop
- sudo update-rc.d -f samba remove
- sudo update-rc.d samba stop 20 0 1 2 3 4 5 6 .
- sudo invoke-rc.d portmap stop
- sudo update-rc.d -f portmap remove
- sudo update-rc.d portmap stop 20 0 1 2 3 4 5 6.
- Next edit the services file using the following commands:
- sudo vim /usr/sbin/services.sh
- Press the “i” key to begin edit mode
- find the line:
start-stop-daemon –start –quiet –oknodo –exec /sbin/portmap
and comment it out like:
#start-stop-daemon –start –quiet –oknodo –exec /sbin/portmap - find the line:
/usr/sbin/invoke-rc.d samba start
and comment it out like:
#/usr/sbin/invoke-rc.d samba start - Press the “ESC” key, then press the “:” key, then type “wq” followed by pressing the enter key
- There is a webserver that runs on the EeePC any time you launch the anti-virus icon under settings. It by default hides the content from the internet, but the webserver is still listening on the internet port. To force the webserver to ONLY listen to your local machine (and not advertise to the rest of the world) do the following.
- You need to edit the following file using the commands:
- sudo vim /usr/lib/esets/webi/nginx/conf/nginx.conf
- find the http {} section, then the server {} section and
- Press the “i” key to begin edit mode
- change “listen 20032;” to “listen localhost:20032;”
- Press the “ESC” key, then press the “:” key, then type “wq” followed by pressing the enter key
- Reboot the computer as there is no clean way to stop the service.
Ok, so now the why part.
The EeePC (including my brand new one) ships with a old version of samba enabled to start on boot by default that has a known remote attack that can grant root priveleges. That is VERY bad:
http://risesecurity.org/blog/entry/6/
Also the webserver that runs when you start up the anti-virus program on the EeePC is the legacy stable branch (one entire version behind current stable) and several revisions of that behind the current legacy stable revision:
http://nginx.net/CHANGES-0.5
The EeePc runs version 0.5.33 from November of 2007. You’ll notice in the change log several fixed segfaults and other bugs, some of which could lead to security issues. It’s best not to take chances and make sure it doesn’t report to non-localhost requests.