LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 01-28-2007, 10:25 AM   #1
moborichard
LQ Newbie
 
Registered: Apr 2005
Location: columbus, oh
Distribution: fedora core
Posts: 28

Rep: Reputation: 15
Please bear with me


I know next to nothing about all of this. I've been using Fedora Core 4. Does this OS require additional firewall, security software or do I need to activate provided software to insure my computer isn't vulnerable to invasion etc? Or is that all installed when you install the OS? Just wondering as this isn't obvious from looking at the desktop etc. I have a ethernet connection to a Netgear Rangemax router.
 
Old 01-28-2007, 10:30 AM   #2
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,028
Blog Entries: 5

Rep: Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791
It comes with iptables firewall and SELinux. Both of which deal with security. SELinux has lousy documentation so most people turn don't turn it on. iptables allows for firewall configuration but doesn't have much enabled by default normally. There is apparently a GUI frontend called Firestarter. I don't use the GUI much so can't say whether it comes with FC4 or not.

In addition to firewall it is normal to disable services that open ports if you don't use them. (e.g. telnetd and ftpd usually are disabled by default but can be enabled - you shouldn't enable them without a specific need. using ssh and scp/sftp is preferred as those are more secure).

Last edited by MensaWater; 01-29-2007 at 10:21 AM.
 
Old 01-28-2007, 10:43 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,777
Blog Entries: 54

Rep: Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978
Quote:
SELinux has lousy documentation so most people turn don't turn it on.
But if you do turn it on (which I applaud) we will put in a maximum effort to help you cope with it.
 
Old 01-28-2007, 11:12 AM   #4
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
This is the web page most people refer to when talking about which services to enable/disable in Fedora Core:
http://www.mjmwired.net/resources/mj...4.html#service
or the newer versions
http://www.mjmwired.net/resources/mjm-services-fc5.html
http://www.mjmwired.net/resources/mjm-services-fc6.html

I, personally, only follow some of his recommendations. In particular, like jlightner, I'm rather fond of ssh. And though I'm probably in the minority, I actually like bluetooth for some things too, so keep those services enabled. Oh, and on my WiFi laptop I always enable NetworkManager. But anyway, opinions on what's "best practice" vary considerably, so you'll have to evaluate the risk/reward of each based on your own particular needs.
 
Old 01-29-2007, 10:18 AM   #5
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,028
Blog Entries: 5

Rep: Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791
Quote:
Originally Posted by unSpawn
But if you do turn it on (which I applaud) we will put in a maximum effort to help you cope with it.
I'd really like to use it. Do you know of a site that has good documentation for it? The NSA stuff was a joke the last time I looked at it.
 
Old 01-29-2007, 01:17 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,777
Blog Entries: 54

Rep: Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978
If you want to understand SELinux there is nothing that beats dead trees. Sorry. I currently have on my desk Prentice Hall's "SELinux by Example" by Mayer, Macmillan and Caplan (which I still have to write a review for) and it's what you want, believe me. It explains how it's structured, has good examples and explains to write and modify policies.

If you just want to use SELinux then the first thing I'd notice is how much FC6 differs from FC5 (note I usually don't do distro talk trying to be as distro-agnostic as I can and I have *no* idea of RHEL5). With the disappearance of separate SELinux policy sources (the ones which you had to D/L separately from Tresys) and using tools like semanage with audit2allow FC6 *really* makes it easier. That is not to say there are no problems at all, like Setroubleshootd keep saying to chcon something, but it's definately easier, way more usable. But I don't know how much in-depth nfo the FC site and Wiki have on SELinux.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can a person own a koala bear? philfighter General 82 05-05-2005 02:16 PM
OK bear with me. DubbaD Linux - Hardware 5 12-10-2002 10:08 PM
Check out this bear DavidPhillips General 8 10-11-2002 11:06 AM
How many legs does a bear have? DavidPhillips General 14 06-29-2002 02:02 PM
Permissoin to a group please bear with me. Paul12 Linux - General 1 08-04-2001 08:14 AM


All times are GMT -5. The time now is 03:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration