How can I prevent others from logging on to my computer? Is there any iptables rule that I can use?

If you mean someone with physical access to the computer logging in at the keyboard, Iptables can't help with that. Use strong passwords, keep them secure, and don't unlock your door.

If you mean logging in remotely over a network, don't run the ssh server daemon, close all incoming ports, and don't put the computer on a network.

All joking aside, if a computer is on a network, it will have at least some degree of vulnerability, especially if someone knowledgeable is specifically targeting your computer, as opposed to just wandering around a network looking for potential targets.

About dot com has a good intro to Linux security.

I want to find linux equivalent of following: in windows one can right click on "my computer" then properties and one gets an option: "Allow others to log on to your computer". That can be unchecked. What would be linux equivalent of that?

Also, how can I find if the "ssh server daemon" is running on my system? And how to "close all incoming ports"?

Thanks for your help.

If you haven't installed or setup ssh then it probably isn't running, but to be sure you can search your processes for ssh
(the command "ps -A | grep sshd" should show you a process called sshd if your ssh daemon is running, I think).

And ssh is the usual way of logging into a linux machine, and unless it is set up (or something like it such as telnet), then users can't login remotely, and for the desktop version of Ubuntu at least, I think that would be the default.

Thanks for your reply. On my system 'ps -A' does not show any 'sshd' but shows 'ssh-agent' running. What does this mean? I am using ubuntu.

Unlike Windows, Linux does not just allow anyone to just log in to your system. Note, I am thinking here of Windows in an Active Directory environment where a user's credentials are verified against a library and allowed across an entire domain. If you are running a private Linux system, as opposed to one with an LDAP based login, this should not be an issue. Use a strong password on your user accounts and this will help prevent someone from logging in at the keyboard. There are however, easier ways to gain access to your system if they have physical access to the keyboard.

As long as you are not running SSHD (the ssh server daemon) you won't have others trying to login remotely. You can also keep a firewall up, Iptables being the default that will keep the ports closed in the off chance you do unintentionally start an application. If you are uncomfortable with Iptables, you can use a GUI front end such as UCFW or Firestarter.

As far as SSH-Agent, it is the root program from which many others are run and it is configured this way so that public key authentication can be used with these applications. From the Ubuntu manpages (http://manpages.ubuntu.com/manpages/...agent.1.html):

Thanks for the info. Which applications may get affected if I issue the command 'killall ssh-agent' as root?

If I am reading the manual entry correct, just about every graphical program running under your login. One way to find out will be to use the pstree command or look at a verbose output of PS to see what applications are children of ssh-agent. I am not sure why you would need or want to kill this application. It isn't a security threat in terms of being an SSH server.

Thanks for your help.

Your quite welcome!

The closest thing I can think of is to lock your computer, either automatically through the screensaver or manually whenever you are going to leave it unattended, but I've never had to look into this for myself.

Note that others are unable to log into your computer unless they already have a user name and password with access to.

https://help.ubuntu.com/8.04/keeping...ck-screen.html

I was referring to remote logging through network connections.

You can use netstat http://linux.die.net/man/8/netstat to see what's running, also chkconfig --list http://linux.die.net/man/8/chkconfig.
Basically, don't run any LAN/Internet facing servers unless you need to.
Incidentally, ssh-agent is a client end program; you would use it to contact another system via ssh.
'sshd' would be the (usually remote) server end http://www.openssh.com/manual.html

Note that IP 127.0.0.1 aka localhost aka 'l0' (ell zero) is a loopback your system uses to talk to itself, so don't worry about that.

Thanks for the reply. How can I make sure that any "LAN/Internet facing servers" are running on my system? How would they show up on netstat and chkconfig commands?

One of the keywords to computer security is layers, as in apply your security in layers. In a Linux environment one of the key functions of a firewall is to ensure that ports that should be closed are, even if a process is started that listens on them. The first thing you will want to do is use iptables to restrict your open input ports to only those services you wish present.

Following this, you can use the netstat or lsof commands (netstat would be easier) to look for which applications have open ports. Most services rely on running on designated port numbers, typically low numbered ones (below 1024). For example, http servers listen on port 80. Generally, client side programs connect (outbound) to listening servers, both so that they don't conflict with services and because low numbered ports are privileged access. Internet services will also typically use TCP or UDP connections, which is different than UNIX sockets for IPC purposes.

This is where education and research will come into play. It is nearly impossible to give you a canned formula along the lines of, 'run this command', or look for this output sequence as each and every system will be unique. This is also why the firewall approach is highly superior as it covers you against the general case rather than focusing on the specifics.