Hello,
I have installed Zorin for security purposes.
Now I wanted to ask:
Thanks so much for your support,
Tweau
Never heard of Raptor but you can use LUKS with your key stored on a USB stick.
There are many other ways you can setup a locked boot - For example PAM with pam_usb installed can be configured to require a USB key for user login. You may need to research what method suits your needs the best.
Yes, easily. /var/log/auth.log records all access or login attempts including security events.
In terminal, you can check who was the last user account logged in with the command last and lastb will show which attempts failed.
Hi Aravisian,
thanks so much for your help.
But for the command "lastb" it tells me
"cannot open /var/log/btmp: permission denied"
How can I change that? I am using OS 16.3
Thanks so much
You can use sudo - SuperUser DO
sudo lastb
that didnt get me anywhere, unfortunately:
Or maybe does it mean that there are no unsuccessfull logins?
Exactly. 
@Aravisian Interestingly, lastb doesn't seem to work for me, either. I tested by locking my PC, deliberately entering a wrong password, then unlocking, and I still had a blank return.
You can check if the /var/log/btmp exists; if it does not, create it:
sudo touch /var/log/btmp
sudo chmod 600 /var/log/btmp
I can see that
FAILLOG_ENAB yes
Is present in /etc/login.defs file.
You might change LOG_UNKFAIL_ENAB no to
LOG_UNKFAIL_ENAB yes
in the file /etc/login.defs - though this really is to ensure logging of failed atetmpts. It being lacking does not mean login attempts that fail won't be logged.
btmp existed, but I ran the chmod on it anyway, just in case somehow its permissions were messed up.
My login.defs lines matched those you listed here. I made the change to yes for LOG_UNKFAIL_ENAB and retested without success. According to lastb, my log starts October 11, and I'm almost certain to have mistyped my actual login several times in that period as it's neither short nor simple.
This isn't a great concern to me; if the OP isn't concerned or it works for them, there's no reason to pursue it. Encryption, locked door, single user account with a difficult password do the job on my end. I just find it noteworthy that the OP and I have the same questionable output. (Though I suppose the OP's might not be questionable since I can't say for sure they've had a bad login.)
yea, thats already too complicated for me....
It is unfamiliar... Not complicated. Once you learn something to where it becomes familiar, you begin to perceive it as simple.
The above was also addressed to @Locklear93 who described an issue with their login event viewing.
you are probably right.
I need a way to check if unathorized users log in or try to log into the Zorin 16.3 OS. Or if there are Trojans or applications that may have been installed (with knowing my password) without me knowing.
I am sure many other people would appreciate some guidelines on that.
Would you have any suggestions?
Alex
These are uncommon, since most are for Windows OS and will not work on GnuLinux.
However, there are some so taking some precautions can help alleviate stress.
Using rkhunter to sniff for Rootkits.
Using clamav to check for Viruses.
Using Aide for advanced intrusion detection.
All are available in the Universe Repository so can be simply installed with
sudo apt install aide clamav rkhunter
Refresh Clamav signature database
sudo freshclam
Opinions abound on security tools. The above is a starting point. You may find tools you prefer for your own reasons over time.
I find ClamAV to be a good launch point but personally, find it wanting in the feature department.
No Idea what raptor is, but you can simply use linux commands to see who is snooping your device.
$ who am i
$ whoami
$ who
this will list everyone accessing your device including you.
thanks a lot for your reply.
Yes I use Clam AV.
It gives so many false positives. let me just give u one screenshot.
The others I will look into.
If people are politically active the perps may jut take advantage of the fact that people think that all viruses are tarketing windows and install no AV. I am sure governments and intelligence agencies have a lot of tools that we dont know of.
Yes, ClamAV can be a good starting point. But I also find it to be not quite reliable.
I am sure the Government, CIA, FBI have no interest in me at all, if they even know I exist.
I would have to do some interesting things to get their attention...
thank you Aravisian.
So I assume that all of the above points in my Clav AV virus scan are false positives?
Why only the FBI and CIA????
what about the KGB?
I mean the USSR did not collapse. It was a ruse for the west to disarm and fall asleep. It was even called beforehand by KGB defector Golitsyn.
Yea and if you have been telling that to governments the past decades u did surely get KGB attention.
in my opinion the entire hacker scene is totally infiltrated - by the KGB.
I do not want to assume that without checking - and I am a bit busy at the moment )I can type a fast reply).
I do not really disagree... But let's stay on topic and keep political commentary about nations out. They can be relevant in some computer or OS related topics, but this is out in the fields.
What is first and foremost is your security concerns and it is that we can focus on.
Hi Aravisian,
thanks for your reply and sorry for the delay:
I installed aida but cannot really use it: too complicatged.
But I installed rkhunter and it gave me two warnings:
Is this dangerous? Would u like to see the log file for my scan?
Is there any beginner course or book that you could recommend for absolute beginners to get into Zorin and Linux and installing and running programs and learining the commands? thanks a lot.
and my log file has one warnings.
[18:05:16] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: Perl script text executable
