Hi all. Due to my intense hatrid of Microsoft, for the last few years I have been periodically toying with Linux to see if it would become a viable alternative for my needs. Initially, while I could see it had huge potential, I never really felt that I would be as productive under Linux as I was under Windows. However I have been noticing that Linux has been comming on in leaps and bounds and I am now seriously considering making the switch on my home PC's. Right now, as I previously stated I am toying with FC3 and I have installed a pretty basic install with most of the packages removed except gnome and a few other bits and pieces on my spare PC.

Anyway, on to the questions. Basically at home I have a few PC's. Eventually I would like to set up one as a server installed with various things like apache etc and the remaining two as desktop workstations. Obviously my main working machine would probably certainly be dual boot, at least initially until I was a little more comfortable with Linux. Now my questions are, do any of you have any pointers about securing a setup like this? Everyone knows that security is important but I am unsure exactly where to start. As I understand it, iptables are the implementation of the Linux firewall though feel free to correct me if I am wrong here. Is this the be all and end all of Linux security or are there further areas that I should be researching? Also since I could potentially be sharing files between Windows and Linux (at least temporarily) is some sort of Linux antivirus recommended? If so, can anyone recommend a particular one?

Sorry for the long winded post. I guess I am just looking for some general guidance really. I am not really that paranoid but I just really want to at minimum increase my security awareness really and this seems like an ideal time to look into it.

And thanks in advance to anyone who read through all that waffle ;)

Hi!

For iptables I recommend you to use firestarter (is a frontend for iptables in order to easy configurate your firewall). Then as antivirus for windows files I recommend using BitDefender antivirus (linux and/or windows).

...periodically toying with Linux to see if it would become a viable alternative for my needs. Initially, while I could see it had huge potential, I never really felt that I would be as productive under Linux as I was under Windows. ...I have installed a pretty basic install with most of the packages removed except gnome and a few other bits and pieces on my spare PC.

I think sometimes it's difficult for people to make the swtich to a totally new operating environment when they don't know what to install or not, and, as you note here, you may be missing some of the things that would make you more productive. This forum (well, fedoraforum, not the security forum per se) is a great place to say, "I'm a recently defenestrated Fedora user who would like to do X on my computer. On Windows, I found Y,Z, and A to be programs that really increased my productivity." People here love to argue, er, explain what programs they use to accomplish similar tasks, where to find the software, and how to install it.[/quote]

Anyway, on to the questions. Basically at home I have a few PC's. Eventually I would like to set up one as a server installed with various things like apache etc and the remaining two as desktop workstations. Obviously my main working machine would probably certainly be dual boot, at least initially until I was a little more comfortable with Linux. Now my questions are, do any of you have any pointers about securing a setup like this? Everyone knows that security is important but I am unsure exactly where to start. As I understand it, iptables are the implementation of the Linux firewall though feel free to correct me if I am wrong here. Is this the be all and end all of Linux security or are there further areas that I should be researching? Also since I could potentially be sharing files between Windows and Linux (at least temporarily) is some sort of Linux antivirus recommended? If so, can anyone recommend a particular one?

Tiberiu already suggested a good AV, which is a good idea, especially when connecting with Windows machines. You'll want to read up on samba, as it is the standard network file share setup for Lin/Win. The easiest and most important thing you could do to secure your home network is to get a cheap router and put it on your DSL/cable modem or whatever. Change the default password on it to a hard one (and write it down!) and turn off remote access. If you subsequently set up servers within your network, they won't be immediately accessible by the rest of the world. Get them set up, and then once you've secured them, you can turn on port fowarding on tyour router to expose only the bits you need. You can set up firewalls internally, etc, as you learn, but will be within the relatively safe home network environment. this of course assumes you are not using wireless. Wireless security is a lot more difficult, though home networks are not usually largely targeted, I wouldn't think.

Other than this, specific questions about more specific needs may get you more useful stuff.

Hi Guys, thanks very for the input, its very much appreciated. You have brought up some interesting points awdac. When I went through the installation I didnt really want to waste lots of my limited system resources by installing a whole heap of software that I will probably never use. The one of the great things about Linux is its freedom of choice... the only problem is that makes it a little daunting for the newer people. Well thats the way I felt anyway. Thats the reason I limited my options at installation time and I agree, I could be missing some key components that will hugely increase my productivity under Linux. Anyway, I dont see the above as too much of a problem since I am in no rush so I hopefully can learn these things as I go along. Out of interest, do you know of a resource which catalogues Linux software and a discription of what it does (and even maybe some reviews or something of that nature if possible)? I only ask as I am tending to find the naming convention of Linux software to be somewhat cryptic.

In actual fact I found out my adsl router actually has a built in firewall which is disabled... and has been for the last 2 years :eek:. It is in fact a wireless network mainly due to the layout of my house not really allowing for a cabled solution. Having said that, two of the PC's I have are in the same room as the router so they are cabled. Anyway, I will certainly do some research into the software tiberiu mentioned and also samba for my win/lin file sharing needs. Thanks again for the input and I am sure there will be many more questions where the above came from ;)

Out of interest, do you know of a resource which catalogues Linux software and a discription of what it does (and even maybe some reviews or something of that nature if possible)? I only ask as I am tending to find the naming convention of Linux software to be somewhat cryptic.
The best resource for seeing what you've got installed, what's available for installation, and gives a good, general, brief (non-man-page like) description of every package is synaptic with apt. Search the forums here for how to install apt and synaptic (it's been described to death). You will be very happy, and be more productive.:)

You may find the following link useful. It's a table of equivalents/replacements of windows software on linux.
http://linuxshop.ru/linuxbegin/win-lin-soft-en/table.shtml

Honestly, I wouldn't worry too much about AV software, as viruses are primarily a Microsoft problem. For various reasons, they are not a significant threat to Linux users (at least not for the time being). The current viruses that plague Microsoft systems can't spread to Linux (or Unix) based systems. In fact, most of the various methods and practices that enable this phenomena are not exploitable on Linux.

synaptic and gyum will show you what software is available and pre-compiled for FC3. as for viruses, that's a windows-specific thing. that's not to say you don't need to protect your linux system from breakins with a firewall (iptables) and proper security settings (like not allowing root to log in remotely, use ssh instead of telnet, etc.)

Hi,
As I understand it now, AV programs for Linux are useful especially when you connect to other Windows machines in your network, ie. you are using a Linux machine as a mailserver or file server. The AV software will essentially help protect the Windows machines from Viruses that pass through the Linux machine. This assumes that the Linux machine is also the gateway in a sense. Whenever you download directly to the Windows machine from the Internet, it will be up to the AV software on the Windows machine.

Thanks guys. I have to say, thanks for that link jayemef, that will be REALLY handy.

(like not allowing root to log in remotely, use ssh instead of telnet, etc.)

Out of interest Taylor, I presume you use specific iptable rules for this? Or is this achieved by using some other method?

Actually, using ssh instead of telnet only has to do with what services you run. Not allowing root to log in remotely isn't iptables, either, but how you configure things on your machine.

Hi all, I don't mean to hijack the thred. But I think My post is related to the thread ok?

I read that good piece of articel that Zigzagcom posted in his thread, founded it very enlighting by the way. So I decided to disable some services. I had qite a bit, becoz I chose the Server version of fedora3, did not really need it, but I did not know about it back then. So I read tha article at night and next morning started turning off services with /sbin/chkconfig.

I an not a server to anything, but found my machine runinng quite a few services. Security and resource utilization issues moved my toward turniong them off.

Well... and now I aint sure if the system is healthy... I mean it seems like browsing the net got slower.... edonkey aint working like it should....

Maybe I should have kept all the services up, but insted modify /etc/hosts.deny and /etc/hosts.allow files. On the other hand it can well be my own imagination and everything is fine.

:) Hi<X>,
your new nickname BTW, you do have to be careful what you turn off. Seems that you want functionality in terms of a desktop. I guess, as you said, that you are not running a file server, web server, mail server, HTTP or DNS server and neither MYSql, postgresql, and a variety of other services that come with the server install. In some cases the default server installation also installs default users and passwords.

It is always best to work in little chunks and test the system, so you know what exactly is affecting your system. How long have you had your installation like that?

It may be a good idea to learn how to back up some of your files or make copies of them(ie. throw them on some optical media.). Then you can do a clean install with just that what you need and armed with your experience set it up better. Also, keep track of what you are doing.

I'm sure that one single installation experience is rare amongst Linux users, and you gain some more experience. I've done about a dozen installs between FC1 and FC3. You just get a better feel for what is going on. Sure, it is work, but it will also be easier the next time around, kinda like riding a bike.

You might want to pay good attention to all the items even a desktop install puts on your HDD. Sometimes it is good to start out lean and mean. There is also a good tute on 'apt' and 'Synaptic', a package installer and its GUI frontend in this forum, that makes it quite easy to add packages and various software. Hopefully you have a decent connection to the internet.

Unfortunately, it is hard to know what your entire system looks like now. Getting it back to its original config may be quite difficult, but it could also be something very simple. I'd bite the bullet and do it all over again...like that you know what you have.

Interesting bogus. Xinetd is started, but Xinetd is not configured to start anything.

Installing a server was a bit of a mistake from my side. The only service I 'd need would be a PHP engine. That would require Apache and maybe nySQL, and that all lamp could be started manually without spawning any daemons.

I have turned off 'bout a dozen of services. Bout a half of them were unknown to me. Good that i knew X:6000, thanks to that link of yours, and kept it alive. Overnet guys seem to down from me allright, so no worries there my friends.

Installing a fresh copy of fc would be problematic since I have got so much done. I mean I did not ruin it, it works. All I used was chkconfig with off option. Backtracing through history should not give me to much of it. I 'd have to say that Securing my box is a positive experience. Linux has so much less malware than xp, endlessli gracious to that fact. If a hacker comes into my box he is not going to find anything extra lucrative there. If that comes to that I still have my FC3 distro, and the next one is coming out soon.