Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 24th June 2006, 07:16 PM
johnst Offline
Registered User
 
Join Date: Jun 2006
Posts: 1
Security Questions From a Newcomer

Hello everybody, I hope this is the right place to post this.


I have long been harrassed by some "crackers" online, which has been part of my motivation to switch entirely to Fedora and leave windows behind.

I'm not very "smart" with linux, I've been a windows user all my life, but I know how to do simple things from reading up on it, like installing and uninstalling and what not, so I'm not 100% ignorant.

But even through reading up on a lot of things, I'm not sure how to secure my computer and Fedora.

I know that nothing is absolute, but I'd like pointers on how to do some basic security. I use firestarter as my front for Iptables, and hope that that's one step in the right direction atleast.

A lot of oddball things that have been happening on my computer have lead me to believe that I'm not entirely rid of my pests yet, and I thought this would be the perfect opportunity to take steps to secure myself further.

I know that you can do scans for rootkits? But how?

And is there anything else I could do?

Thanks a bunch in advance... I really would appreciate any help I can get.
Reply With Quote
  #2  
Old 24th June 2006, 08:56 PM
Effie04 Offline
Registered User
 
Join Date: May 2006
Age: 35
Posts: 110
hello and welcome

there`s a package called chkrootkit which can be found using yum, try it (it suppose to check for signs of rootkit)

also via yum you can install clam-av which is an anti-virus (or user grisoft`s AVG)

iptables/firestarter is a good choice.
secure your passwords (use more than 5 characters of letters and numbers)
disable services you dont need (ssh,ftp etc...)
__________________
Desktop: FC6 || Laptop: WinXP+FC6
Reply With Quote
  #3  
Old 24th June 2006, 09:47 PM
lazlow Offline
Registered User
 
Join Date: Aug 2005
Posts: 3,172
John

A good router (with firewall) goes a long way at detering PITA "friends". I think of it as my armour but I still wear my chain mail undies too.

lazlow
Reply With Quote
  #4  
Old 24th June 2006, 09:52 PM
compwizzer Offline
Registered User
 
Join Date: May 2006
Location: Kansas city,Missouri
Posts: 67
perhaps these oddball things aren't caused by the crackers? gnome has been known to randomly rearrange desktops.

I'd bet money these "crackers" are just script kiddies, and can't really do anything besides running a canned script they D/L'ed of some site. Just set IPtables to Drop incoming connections and stop worrying about them. If they really could do the things they claim, why would they waste their time messing with you? I've dealt these types before, they're all mouth and no a**.

Ever since I first opened port 22 on my firewall, I've seen lots of connection attempts to ssh. A some of them were just trying any user/password combo, I put an end to that quickly by turning off password auth and installing Denyhosts. Now I get about 3 attempts per day. Although, the last couple of days I've seen a few more than usual - school must be out - hehe

Everyone else has already covered what you need to do to protect yourself. All I will add is don't forget to check your logs occasionally for unusual activity.
__________________
Sometimes I can't tell if it's broken, I used Windows for a long time.
Reply With Quote
  #5  
Old 24th June 2006, 10:00 PM
brandor Offline
Registered User
 
Join Date: May 2005
Posts: 534
There are lots of great resources available online. A google search will provide tons of info for you.

Some of my favorite links are:

www.sans.org
isc.sans.org
www.sans.org/rr/
www.cisecurity.org
www.bastille-linux.org
Reply With Quote
  #6  
Old 25th June 2006, 08:48 AM
Clockman Offline
Registered User
 
Join Date: May 2006
Posts: 16
Quote:
Originally Posted by compwizzer
Just set IPtables to Drop incoming connections and stop worrying about them.
Hi compwizzer :-)

1- How do you set the IPtables to drop incoming connections?

2-Isn't Firestarter doing just that when you go in the tab "Policy" and the "Inbound Traffic Policy" is left blank?

I have several connections attempts to my PC, some of them on rather high numbers like port 32000 something, but the Events tab says those are Blocked Connections. Am I safe? The GRC.com scan says I'm totally stealth.

Clockman
Reply With Quote
  #7  
Old 25th June 2006, 09:17 AM
compwizzer Offline
Registered User
 
Join Date: May 2006
Location: Kansas city,Missouri
Posts: 67
In firestarter you should be able to explicitly drop inbound connections that you don't want, I'm not sure exactly how to from firestarter though. It should be fairly simple. Just remember that the drop entry should come after all the allowed entries.

connections to port 32000, etc sound like online games or p2p stuff, I wouldn't be concerned.

Online scaning tools like GRC.com are a good way to tell if your firewall is working, or in case it isn't, if you have any services listening. Your firewall is your firstline of defense, as it prevents services that shouldn't be running from connecting in the first place. However, be sure it is working first! A third party scan only really confirms that presently you have no services avalible to the internet, this doesn't mean that you couldn't have some in the future. That's what the firewall is for, to filter any unwanted traffic.
__________________
Sometimes I can't tell if it's broken, I used Windows for a long time.
Reply With Quote
  #8  
Old 25th June 2006, 09:50 AM
Clockman Offline
Registered User
 
Join Date: May 2006
Posts: 16
Quote:
Originally Posted by compwizzer
In firestarter you should be able to explicitly drop inbound connections that you don't want, I'm not sure exactly how to from firestarter though. It should be fairly simple. Just remember that the drop entry should come after all the allowed entries.

connections to port 32000, etc sound like online games or p2p stuff, I wouldn't be concerned.

Online scaning tools like GRC.com are a good way to tell if your firewall is working, or in case it isn't, if you have any services listening. Your firewall is your firstline of defense, as it prevents services that shouldn't be running from connecting in the first place. However, be sure it is working first! A third party scan only really confirms that presently you have no services avalible to the internet, this doesn't mean that you couldn't have some in the future. That's what the firewall is for, to filter any unwanted traffic.

Thank you compwizzer :-)

Your post was very helpful and also sharing with us some of your websites like Bastille. I went there and installed it. Man!.... You know the gooood stuff! hehe :-)
The activity in the Blocked connections hasn't dropped, but I feel more secure since the Bastille has configured and hardened the PC.

Thanks again compwizzer.

Clockman
Reply With Quote
  #9  
Old 26th June 2006, 02:27 AM
jim Offline
Retired Community Manager & Avid Drinker Of Suds
 
Join Date: Feb 2005
Location: Rochester NY
Age: 39
Posts: 4,175
funny I install Bastille perl-Tk perl-Curses and then try to run it with
bastille -c or bastille -x and get bastille: command not found

Quote:
[jim@localhost ~]$ rpm -q Bastille
Bastille-3.0.9-1.0
[jim@localhost ~]$ rpm -qa | grep perl-
perl-URI-1.35-2.2
perl-Net-IP-1.24-2.2
perl-Gnome2-Wnck-0.12-1.fc5
perl-HTML-Parser-3.51-1.FC5
perl-Gtk2-1.121-1.fc5
perl-Tk-804.027-9.fc5
perl-SGMLSpm-1.03ii-16.2
perl-ExtUtils-PkgConfig-1.07-4.fc5
perl-Digest-HMAC-1.01-14.2
perl-HTML-Tagset-3.10-2.1
perl-XML-Parser-2.34-6.1.2.2
perl-DBI-1.50-2.2
perl-DBD-MySQL-3.0004-1.FC5
perl-Curses-1.13-3.fc5
perl-Gnome2-1.023-1.fc5
perl-String-CRC32-1.4-1.FC5
perl-Digest-SHA1-2.11-1.2
perl-libwww-perl-5.805-1.1
perl-5.8.8-5
perl-Gnome2-Canvas-1.002-4.fc5
perl-Gtk2-TrayIcon-0.03-1.rf
perl-Net-DNS-0.57-1
perl-Compress-Zlib-1.41-1.2.2
perl-ExtUtils-Depends-0.205-4.fc5
perl-Glib-1.120-1.fc5
perl-Gnome2-VFS-1.041-1.fc5
[jim@localhost ~]$ bastille -c
bash: bastille: command not found
[jim@localhost ~]$ bastille -x
bash: bastille: command not found
[jim@localhost ~]$
__________________
Registered Linux User: #376813
Western NY
My linux site
Smolt Profile

please remember to say if you problem was solved

Did you get your id10t award today?
Reply With Quote
  #10  
Old 26th June 2006, 02:53 AM
lazlow Offline
Registered User
 
Join Date: Aug 2005
Posts: 3,172
Try becoming superuser first. "su - "

lazlow
Reply With Quote
  #11  
Old 26th June 2006, 03:03 AM
compwizzer Offline
Registered User
 
Join Date: May 2006
Location: Kansas city,Missouri
Posts: 67
Thank brandor for the links. I do hope my explaination helped you understand the issues better.
__________________
Sometimes I can't tell if it's broken, I used Windows for a long time.
Reply With Quote
Reply

Tags
newcomer, questions, security

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
security questions ilbh Using Fedora 5 21st December 2006 04:37 AM
A Few Questions: A Linux Newcomer XanaduTheory Using Fedora 4 25th July 2006 05:43 AM
General security questions Lee134 Security and Privacy 12 26th February 2005 03:51 AM
a few questions about security Secret Agent Using Fedora 2 10th November 2004 01:54 AM


Current GMT-time: 11:27 (Tuesday, 16-09-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat