Firewall / virus defence status - how can I tell?

[ChrisM]

Hi

 

Firewall / virus defence status - how can I tell

 

anyone know if I am able to get an icon in the system tray (beside the clock) etc to show status of the MDK10CE firewall?

 

On M$ I have a Mcaffee firewall, and there is an icon in the tray which warns of any port attcks etc, I can also confirm if the firewall is running by lookin at the relevant option in the Programme menu. On M$ I also use Mcaffee for virus defence and I have similar options.

 

As I understood it, there were also 2 virus defence packaged within MDK (BitDefender and DrWeb) at work I have installed MDK10CE and have installed BitDefender (I think) through urpmi - again though, how can I find the programme/icon to check that the status is on/off etc?

 

Got to say, MDK10CE is up and running but not without its issues. After failing dozens of times connect to the internet with purchased version of 9.2 with the speedtouch modem, I gave 10CE (stuck to a cheap magazine) a go. First attempt after configuration it didn't work; then girlfriend unwittingley turned on the computa and she got an instant connection! So, I installed an ethernet card/network switch to connect a second PC - connection failed entirely; tried again with a single computa and modem - failed. So, being brave I decided to look at some settings in Konsole, so I booted up and I'm back with a connection - without looking at any settings at all! - it runs slow, but a connection nontheless - well for now anyway.

 

Puzzled newbie who would still prefer his bought mdk to be up and running.

[chris z]

AFAIK, there's no tray icon for any linux firewalls. at least not for the ones that i am aware of. you could just use the built in Shorewall. it works quite well when set up properly. i test at both grc.com & dslreports.com & come up stealth on each. visit shorewall.net to find out different ways to configure it. they even have downloadable sample config files that you can tweak 'til your hearts content & lots of easy to follow docs. the easiest way to get it going with a stand alone adsl connection, is to go to terminal, su to root, type (all without quotes) "service shorewall status" (enter) to check if it's running. if it is, type "service shorewall stop" (enter) to stop it. edit your /etc/shorewall/interfaces file to read "net. ppp0. detect", save it, back to cli root & type "service shorewall start" (enter) & you should be good to go. again, there's a lot more in depth info at the web site, but that's a very basic adsl configuration that will protect you quite well.

 

Chris

[ChrisM]

Went to Konsole as SU

 

I typed the commands as suggested and this is the reply from 'service shorewall start'

 

"Cannot find shorewall service"

 

In Mdk Control Centre, I looked at what services were running, there was no mention of Shorewall, but iptables was checked to start at boot (which it looked like it did during boot up); so I pressed the start button and nothing happend; I rebooted, and I got exactly the same responses to those just mentioned. So it appears that firewall does not run on my home PC - yet it seems to be working OK at work - and I used exactly the same three MDK10CE discs.

 

I've looked in the Start Guide of MDK9.2 and all that says is to either check/uncheck the relevant services required or otherwise - I've done this, not checking anything at all, allowing a full firewall (same with my PC at work).

 

I'll check out the Shorewall web site, but I've just been knocked down with a virus or bug, so can I hardly look at the monitor at the moment, let alone fathom anything out.

 

Any thoughts? Quick suggestions most appreciated!

 

Cheers.

[fissy]

firestarter has a gnome gui and tray icon, you should be able to run it in kde also.

[chris z]

hmmm.......

 

i thought shorewall was installed as a default. maybe i'm wrong though......... if shorewall isn't listed in services, then go to mcc->install software & install it from there. or, you could just urpmi shorewall. once you get it installed, then proceed with my other instructions.

 

Chris

[ChrisM]

MDK10 CE:

 

using the three discs, on my PC at work, Shorewall has indeed been installed and is running. I am very happy to use mdk10CE as an XP replacement.

 

With the same three CDs on my home PC - Shorewall has not installed, tho i did check the relevant box during install. Also, I have tried to install through mcc. Other than this, it appears that 10CE has installed OK, and I'm happy that I can get an internet connection with speedtouch 330 modem (though it runs quite slow at home and is zippy at work using the old turqouise speedtouch).

 

I tried to upgrade a second home pc from mdk 9.2 to 10CE because we cannot get mdk and speedtouch 9.2 to work together to give me internet access. 9.2 refuses to upgrade (sorry, I'm at work, and cannot recall the warning. However, this is not a huge concern as I guess I could always do a totally fresh install - if I can get shorewall to work OK).

 

I've tried a couple times to install/resinstall 10CE at home, but I cannot get Shorewall runnning - this is bizarre. I am not having the best of it from Mandrake.

 

I'll keep trying with either 9.2 or 10CE but it does get disheartening when all I want to do is get the connection up and running, and to enable firewall.

[arthur]

Mandrake's Shorewall will not work with the speedtouch USB modem, it simply blocks everything on ppp0. You'll have to get your hands dirty to configure it for the speedtouch.

 

I personally use Iptables for a firewall with speedtouch but I'm too lazy to change it or to even look at the logs if someone is trying to obtain unauthorized access. I promise I'll be more security-conscious in the future.

 

I put up a link in "weblinks" called "does linux need a virus scanner?" http://www.linux-mag.com/2003-09/viruses_01.html

 

This will also tell you about firewalls as well. Nothing too technical. Happy reading.

[arthur]

If you're wondering, I just use the following iptables rule:

 

iptables -A INPUT -i ppp0 -p tcp --syn -j DROP

 

this blocks most of the input but none of the output - I just "nmap" myself from time to time to make sure I don't have trojans. And I'm very suspicious of binaries, especially executable binaries.

 

Viruses aren't that much of a problem with linux :D

[bvc]

shorewall simply uses iptables

 

get your warnings in realtime

tail -f /var/log/messages

:P

Edited May 6, 2004 by bvc

[ChrisM]

Hey people thanks for the replies. I've been ill for the past week or so, so I've not really been able to follow the postings. But I'll be catching up with the advice over the coming days.

 

However, one thing that immediately springs to mind is the amount of problems that the Speedtouch presents to the newbie MDK user. I'm unable to get an internet connection using mdk 9.2 ; and though I get a connection using 10CE I now find that it doesn't allow Shorewall.

 

The 330 really has been the stumbling block over the past couple of months and has prevented a smooth installation.

 

I'm getting an all in one adsl/router in a couple weeks and can't wait to send the 330 to the recyclers, maybe it will come back in some form which will enable a mdk hassle connection!