Have scanned and searched the forums, i am sorry if this has been answered already.

I'm keen to put a firewall up asap, just finding my feet with this O.S and can imagine im a bit of a beacon right now!

....I have my LVM Encrypted, and is a fresh install (No Personal info etc) also separated from my home-network so not overly concerned at the moment ... However would like to know my O.S is protected, at least to amateur attempts : D




- Also, sorry as this is security Forum but would like to squeeze this question in here if I can... & It'll seem dumb 2, but you guys seem cool:

Accessing Shell (Bash if my terminology is incorrect) from The Debain GUI?

Ive scouted about but can't pin it down. Im assuming there must be a hot key Or a big red button i'm missing ...Sorry if this question makes you cringe!


...Originally intended to begin with Linux again soley through the shell, while working through tutorials on my Win7 machine (Gaming Pc)...Figured on second thoughts would be trying to run before I can walk! ...(also happy I have loaded the O.S, have been very impressed so far : D )




* I'm trying to source my info and muddle through for the first few months to get comfortable, reading through course material saving my posts for when I'm asking more competent questions : )

I have used firestarter and fwbuilder in the past. Firestarter is a more interactive sort of firewall gui tool. fwbuilder is a gui that lets you build a firewall and then install it. Both really are just mucking with the underlying linux iptables system, which you can just setup your firewall by hand if you know how.

Working directly with the shell can be done either by opening a "terminal" like Konsole, aterm, eterm, etc. or by hitting CTRL+ALT+F1 (F2, F3, F4, etc). I believe F7 is used for X, so if you go to CTRL+ALT+F1, you'll still be logged on to X and can go back with CTRL+ALT+F7.

If you're not using Debian as a webserver (ie Apache isn't running) and you havn't got any ports open, then a firewall isn't necessary. No open ports = no way to get in. For example, ubuntu has no open ports by default, I'm not sure on Debian, it depends on your configuration.

Nice one Guys, I can see now : D no ports open : D did couple of tests connecting my browser and 'netstat' looks good : )

- Also Nice one for the Ctrl, Alt & F1, 2 Etc ..That is very useful : D ....Can't believe I didn't see Terminal in Accessories though!!

I have used Ubuntu briefly in the past, & terminal(or back then "command prompt thingy") through the GUI, thought it just wasn't on there or something!! LOL !! .. I'm blind.
That'll be why I didnt get any matches on Google searches! LOL

Thanks again for the tips : D

If you have a home "network", that implies more than one computer is involved. Filesharing opens ports.

A NAT router is a firewall by the very nature of how it works. I would recommend using one for anyone with a high speed internet connection. That will reduce the traffic that gets on your LAN, and reduce the "amateur attempts". You still need to lock down a NAT router. Change the default username and password. Disable WAN side configuration. Keep the router's firmware up to date. One should still run a firewall on each computer in the network.

Also check if your distro has an automated service that can check for security problems. Most distro's do, which run security checks daily, weekly and monthly, and report the results by emailing the root user. Besides port security, it will also check your permissions. Such warn you about world writable directories.

The equivalent of a virus checker in Windows is to check for root kits in linux using chkrootkit or rkhunter. If debian runs a security check, these may already be incorporated.

It is also important in Linux to install security updates. Sometimes, there can be security issues from programs you least suspect. Did you know that Adobe's acrobat reader can run JavaScript? It has been a recent target. Downloading a pdf file could be a vector for malware. Make sure you don't install an old distro version, that no longer has security update support.

Here is a debian security publication you might want to look at:
http://www.debian.org/doc/manuals/se....html#contents

jschiwal, Thank you so much for that, V.very helpful : D

I do have an NAT Router, Set DoS Prevention up in there a while ago ...had guessed the limits so will check back on them when I can remember what I set the User Name as! I've got the password in my head but cannot, for the life of me remember the User! ....

....Didn't realise about 'WAN side configuration' so will have a look once into that, see if it needs to be disabled.....Was a while ago ....If i really cant get it ill just hard reset and quickly config it all again.

I have Downloaded the Update for Debian 5.0.2 with jigdo, compiled no probs, burnt to Dvd - Ran: 'apt-get update' through root...I can see its used the DVD and also HTTP://...

.....Theres just one more thing, as you say it may be configured to auto update already, I dont want to hurt anything ...So can I check this with a command? ...When I ran apt-update I got:

apt-get update
Ign cdrom://[Debian GNU/Linux 5.0.2 _Lenny_ - Official amd64 DVD
Binary-1 20090628-18:02] lenny Release.gpg
Ign cdrom://[Debian GNU/Linux 5.0.2 _Lenny_ - Official amd64 DVD
Binary-1 20090628-18:02] lenny/contrib Translation-en_GB
Ign cdrom://[Debian GNU/Linux 5.0.2 _Lenny_ - Official amd64 DVD
Binary-1 20090628-18:02] lenny/main Translation-en_GB
Ign cdrom://[Debian GNU/Linux 5.0.2 _Lenny_ - Official amd64 DVD
Binary-1 20090628-18:02] lenny Release
Ign cdrom://[Debian GNU/Linux 5.0.2 _Lenny_ - Official amd64 DVD
Binary-1 20090628-18:02] lenny/contrib Packages/DiffIndex
Ign cdrom://[Debian GNU/Linux 5.0.2 _Lenny_ - Official amd64 DVD
Binary-1 20090628-18:02] lenny/main Packages/DiffIndex
Hit http://volatile.debian.org lenny/volatile
Release.gpg
Ign http://volatile.debian.org lenny/volatile/main
Translation-en_GB
Ign http://volatile.debian.org lenny/volatile/contrib Translation-en_GB
Hit http://security.debian.org lenny/updates Release.gpg
Ign http://security.debian.org lenny/updates/main Translation-en_GB
Ign http://security.debian.org lenny/updates/contrib Translation-en_GB
Hit http://volatile.debian.org lenny/volatile Release
Hit http://security.debian.org lenny/updates Release
Ign http://volatile.debian.org lenny/volatile/main Packages/DiffIndex
Ign http://security.debian.org lenny/updates/main Packages/DiffIndex
Ign http://volatile.debian.org lenny/volatile/contrib Packages/DiffIndex
Ign http://volatile.debian.org lenny/volatile/main Sources/DiffIndex
Ign http://volatile.debian.org lenny/volatile/contrib Sources/DiffIndex
Ign http://security.debian.org lenny/updates/contrib Packages/DiffIndex
Ign http://security.debian.org lenny/updates/main Sources/DiffIndex
Ign http://security.debian.org lenny/updates/contrib Sources/DiffIndex
Hit http://volatile.debian.org lenny/volatile/main Packages
Hit http://volatile.debian.org lenny/volatile/contrib Packages
Hit http://volatile.debian.org lenny/volatile/main Sources
Hit http://security.debian.org lenny/updates/main Packages
Hit http://security.debian.org lenny/updates/contrib Packages
Hit http://security.debian.org lenny/updates/main Sources
Hit http://volatile.debian.org lenny/volatile/contrib Sources
Hit http://security.debian.org lenny/updates/contrib Sources
Reading package lists... Done

Looks pretty good to me : D ....Should I still Run: 'mv sources.list sources.list.old' then add into Text Editor (vi):

deb http://http.uk.debian.org/debian stable main contrib non-free
deb http://non-uk.debian.org/debian-non-UK stable/non-UK main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free



I'm a bit dubious of this as from what I can see its used the debian.org already....

- Am reading through the LINK at the momment aswell ^ ^

(Have learnt so much looking around these last few days, I am sorry If i seem to be asking you all my questions.....I can source offline command really easily .... Finger, Who am I, whereis, apt-get Etc ...But with the network security side i tent to stumble onto Linuxserver info with massive commands that I would rather understand each piece better before relying on ...going back to what polarbear20000 had said on my welcome post, I have made notes for myself so I can start to use these in sequence really knowing what im doing ...And Tabbing lol! : D Do love that feature)


Thanks again for your support, from your first, very friendly message to this very full and informative answer, you're a STaR!

Your welcome Eek the Bear. I'll have to defer to a Debian user on advice on updating the non-free items.
If the packages in the non-free distro's don't overlap with the packages in your other distro's there shouldn't be a problem updating all of them at once. But what happens if there is an mplayer package in your main distro that is newer? Will your non-free mplayer be replaced with a newer free version, loosing the ability to play mp3's?

About your previous question. You can press [ALT]-F2 to get a run dialog. From there you can launch your terminal program by typing in it's name. If you use it a lot, you can add it to the quick launch area of the taskbar.

Good Luck!

Can you post your /etc/apt/sources.list file? Do you have unmetered broadband (i.e. you don't have to pay extra based on usage)? If so, I'd be tempted to only use the online repositories and comment out the DVD's.

I don't do automatic updates. I just manually run them once a week or so. If you can find the security tool package name in another distro, you'll probably find a version in the Debian repositories. Personally, I just ran bastille when I first setup my machine and haven't messed with it since then.