LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 02-04-2005, 12:05 AM   #1
Hunter69
LQ Newbie
 
Registered: Feb 2005
Posts: 10

Rep: Reputation: 0
Linux newbie interested in a new project


Hi all,
I am a Linux newbie as you can tell by my title. I have messed with fedora a little. Anyway this is what I am interested in:

1. I have an old computer. I want to install Linux, probably Fedora.
2. Use this as a Firewall/Router
3. Administer this box through a form of remote admin (it will be sitting at the MDF in my garage.

Can anyone suggest a good up to date FAQ/website?? My goal is to create a very secure firewall/router.

Thanks for your info and time
 
Old 02-04-2005, 01:59 AM   #2
jtshaw
Senior Member
 
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 66
There are levels of security.

First step is probably to get familiar with the basic firewall/router software. Netfilter/IPTables is the "new" (as in >= 2.4 kernels) interface for both firewall's and routers. There are a billion GUI tools available to help you configure it, but it is also quite simple to write a little script to install the rules you'd like to use.

Iptables/Netfilter works at a kernel level to provide the best level of security for your network interfaces.

Now.. that will help you keep people in or out but it is only really the first step for security.

I follow the following guidelines at all times (yes, I'm a little security nuts):
1) Use a umask of 077. What this means is new files created by users will only be readable, writable, or executable by the user that created it.
2) Use ACL's. Starting in the 2.6 kernel we have kernel support for Access Control Lists. These allow a finer grain of security over the usual user, group, other permission bits. SuSe has a paper about ACL's in Unix and specifically in Linux.
3) Grsecurity/PAX enabled kernels. This is yet another step towards "hardening" your linux experience.
4) SELinux is another security system. It provides policies for further locking down your system.
5) NEVER NEVER NEVER run a server daemon as root. If you are running a server daemon as root, and a security hole is exploited in that daemon, then all your other security could be for not, as an attacker could have just gained root access to your system. If there is an exploit and the daemon is running as another user, the damage that can be done is very much limited.
6) chroot jails. I don't use these on all my systems, only the ones that I allow people shell access to. If you want to consider this type of security google for chroot jails and user jails, there is lots of good information out there.

I'm sure that a lot of this is way more then you wanted to know, but I just wanted to give you a bit of an idea about what is out there. Remember, none of these things on there own are a complete solution. The only way to truly be secure is to use several of the security technologies in conjunction with each other.
 
Old 02-04-2005, 02:59 AM   #3
nixcraft
Member
 
Registered: Nov 2004
Location: BIOS
Distribution: RHEL3.0, FreeBSD 5.x, Debian 3.x, Soaris x86 v10
Posts: 379

Rep: Reputation: 30
You need 2 urls:

http://tldp.org/ get all linux how-tos and guides
http://google.co.in/linux : your wish list
 
Old 02-12-2005, 02:22 PM   #4
Nightfrost
Member
 
Registered: Jun 2004
Location: Sweden
Distribution: ArchLinux
Posts: 201

Rep: Reputation: 30
Quote:
http://google.co.in/linux : your wish list
woah wee!! I didn't know about this! This is really great...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Total newbie interested in linux Kushan Linux - Newbie 17 08-14-2004 10:22 PM
I am interested in become linux certified kafnir Linux - Certification 2 03-24-2004 05:54 PM
Project Name: Keep Newb Interested linuxpupil Linux - General 8 01-26-2004 10:19 PM
very interested in Linux evian Linux - Newbie 10 03-18-2003 10:03 PM
Interested in Linux-but not sure rabbitnow Linux - General 0 11-01-2002 03:54 PM


All times are GMT -5. The time now is 12:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration