Jump to content

Security for Newbies [solved]

Ironfighter

By Ironfighter
in Security

 Share

Recommended Posts

Ironfighter frequent

Ironfighter

Posted
Posted

I have been using Linux on a second home PC for about one year and am going through the learning curve that most newcomers to Linux experience. It´s no big deal when I think about the havoc I created on several work PCś when I was introduced to Windows (3.1) some years ago.

 

On my windows box at home I run a firewall, antivirus software and, spyware blaster, and spybot. It is a time consuming business but has paid off - I have had one virus in 10 years which Vet picked up and had IE hijacked once which was a very annoying and disturbing experience.

 

Everything I have read tells me how safe Linux is - great. But on my windows box I feel as if I would know if the system was being compromised (I know i might be deluding myself :D ) but hey it makes me feel comfortable.

 

To be honest I wouldn´t have a clue what is going on in my Linux box and I´m not the sort of person that would settle for ¨trust me¨.

 

I think it would be good if there was a ¨security check list¨ for newbies to LInux. Is there such an animal? Any advice would be appreciated.

 

[moved from Software by spinynorman]

Link to comment
Share on other sites
devries Mandriva Guru

devries

Posted
Posted

Mandriva comes with a firewall and security settings that are enough. No need to do anything. There are lot´s of tools that allow you to check what is running on your PC. Most of them are CLI based. Some examples: lspci -v to show what hardware you have, netstat -pantu to show what apps are connected to network/internet, ps aux what is running on your pc etcetc. Try some of this. Good luck.

Link to comment
Share on other sites
daniewicz Mandriva Guru

daniewicz

Posted
Posted

I took a quick look at the board FAQ's and found this: https://mandrivausers.org/index.php?showtopic=4454

 

It is not really a checklist, but you might find it useful.

 

I am a relative newb also. I run the shorewall firewall. You can get a good view of how your computer is interacting with the internet using ntop.

Link to comment
Share on other sites
Gowator Platinum

Gowator

Posted
Posted

first off tail will show the end of a file with tail -f it will show the changes to that file

 

/var/log contains your log files

If you

tail -f /var/log/auth.log

you will get lots of info...

 

You can also watch the logs of firewalls etc. and set different traps that log.

you can log sshd etc. ..

 

in other words you have lots of info and the problem is sorting through it.

 

acidlab is one program to do this.... lots of others exist and you still need to activate logging in many of the daemons (background processes)

Link to comment
Share on other sites
Crashdamage Awesome

Crashdamage

Posted
Posted

Ironfighter wrote:

 

I think it would be good if there was a "security check list" for newbies to Linux. Is there such an animal?

You can just go through all the security stuff in MCC, there's quite a bit there. But instead, for a very long time I've used Bastille to configure system security. Walks you through a kind of 'check list' of security stuff that might be much like what you're asking for. I also use it to setup firewalling instead of Guarddog, Shorewall, etc. Makes NAT, IP masq, etc. easy. Bastille's a terrific tool, oddly not included in Mandriva but available here:

 

http://www.bastille-linux.org/

 

You might also want to check into Portsentry. Formerly by Pisonic, now bought out by Cisco. Also oddly not included with Mandriva, but still open-source and available here, along with other parts of the sentrytools package:

 

http://sourceforge.net/projects/sentrytools/

 

I install Bastille and Portsentry on every Linux installation I do. Should be in the distro IMHO - they used to be. Be aware that I've installed them on most versions of Mandrake/Mandriva from 8.0 to 10.2, but haven't tried yet on 2006.

Link to comment
Share on other sites
Ironfighter frequent

Ironfighter

Posted
  • Author
Posted

Thank you everyone for your replies. I have started researching all your suggestions. I have attached a screenshot from MCC - Firewall. Please excuse my naivette, but from what I have read so far I could do without the FTP and Web server boxes being checked. I am not sure about SSH server. I only use this machine to surf the net and email . Am I correct in my assumption?

post-11354-1137062049_thumb.jpg

Link to comment
Share on other sites
Gowator Platinum

Gowator

Posted
Posted
You will need the FTP Server if you ever plan to download something using FTP.

 

You will need the Domain Name Server if you want to surf the internet.

 

These are the only 2 items I have selected, but I don't do email.

No you don't .. these are servers not clients.

The ftp server is to allow people to ftp from you or to you not for you to be able to ftp from elsewhere.

 

Having your own DNS server is also uneccassary since mostly the ISP's will provide one which will be updated more quickly.

Link to comment
Share on other sites
daniewicz Mandriva Guru

daniewicz

Posted
Posted

Gowater:

 

Thanks for the response. I recently removed Guarddog from my 2005LE system and started using shorewall. It is clear from your reply that I do not understand the shorewall menu.

 

If I understand you correctly, for general internet use I do not need any of the boxes checked? (Assuming I am happy with my ISP DNS server).

Link to comment
Share on other sites
ianw1974 Platinum

ianw1974

Posted
Posted

The options you select here, are to allow access to your machine. Therefore, with Web Server and FTP enabled, this would be as if your machine is running a Web Server and FTP Server.

 

SSH, is allow you to access your machine remotely, from say your laptop, or another computer.

 

If you don't have anything selected here, you can still access EVERY resource on the internet. All these options are for are to allow access to server items running on your machine.

Link to comment
Share on other sites
Gowator Platinum

Gowator

Posted
Posted
Gowater:

 

Thanks for the response. I recently removed Guarddog from my 2005LE system and started using shorewall. It is clear from your reply that I do not understand the shorewall menu.

 

If I understand you correctly, for general internet use I do not need any of the boxes checked? (Assuming I am happy with my ISP DNS server).

As per ianw1974....

 

I leave sshd because it is useful to start/stop other services like webmin ... or killing X if a game hangs it!

however I usually deny root access and force a login on a restricted user then su ...

Link to comment
Share on other sites
Ironfighter frequent

Ironfighter

Posted
  • Author
Posted

Thank you all once again. I now have no X´s in any of the check boxes. This means (if I am not mistaken) that

 

1) I can send and receive ¨stuff¨ (like screenshots :D ) to and from the internet, but

2) no one on the internet can get at any of my stuff on this machine (like the password to my Swiss safety deposit box :D ) despite the fact that they can send me stuff (like email with attachments).

 

Is this so? :mr-green:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...