How can i make Fedora an "undistructible system " ?
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How can i make Fedora an "indestructible system " ?
..
...ok..neither linux is perfect..but it should be anyway the most stable and secure os..and solaris too..anyway,i'm using fedora as a server for downloading stuff and as a desktop too...i'm using SElinux,installed chrootkit and rootkit hunter and some other ids,installed clamav,un-installed firestarter 'cos it considerably slowed down my download speed..what else could i do for achieving an "undistructible system " ?
maybe thousands of things....
..if i'm not wrong-if not in other way specified,linux has no ports automatically opened to internet
maybe thousands of things....
and maybe this thread will become very long..anyway,i think it's the most fundamental thing applied and a MUST known by any user
any ideas ?
cheers a lot
Last edited by DOTT.EVARISTI; 09-24-2007 at 11:22 AM.
1) Do a bare minimum install.
2) Strip out any packages that you don't need.
3) Add any packages you do need.
4) Do: 'yum update'.
5) Do: 'chkconfig --list' and switch off any services you're not using.
6) Do: 'netstat -plntu' and switch off any listening services that you don't need.
7) Check /etc/passwd for accounts which have login shells, but which shouldn't log in, and change the shell to /sbin/nologin .
8) Check the user lists for any needed network services (FTP, SSH etc) and lock down accordingly.
I'll probably get shot down for this, but I don't use SELinux, any AV software, or software firewalls. The only security device on my network is the NAT router hooked up to the ADSL.
And I was wondering too..in deb distros i've always used apt-get check to check if there were broken deps in the system..is there a switch for yum to check if there are broken deps too ?
I could'nt find it in in man pages
Cheers Dave !
Last edited by DOTT.EVARISTI; 09-24-2007 at 11:16 AM.
IlikeJam..how do you fell with SOLARIS 10 ? i see you use it..i have some free space,about 30 gb unused,so i downloaded the SOLARIS 10 64 bit and was half going to install it but was still unsure for compatibility issue with solaris
What do you suggest me ?
Thank you !
Last edited by DOTT.EVARISTI; 09-24-2007 at 11:42 AM.
You really can't have an indestructible system. There will always be ways for something to get in.
But you can use the "Defense in Depth" approach, and place multiple layers of protection between you and your attackers. Firewalls, minimal services, hardened services, strong passwords, appropriate file system permissions, running in limited user environment, spelling "indestructible" right, etc.
please speak to me as i would be a two years crying baby..in easier words..?
..Uhm..ok,of course,sorry,ok,i'm a Doctor in Medicine But not a so good Linux User as i would like to be..so..please speak to me as i would be a two years always crying baby..in easier words..?
Last edited by DOTT.EVARISTI; 09-24-2007 at 11:28 AM.
The hardware support on Solaris 10 isn't quite as good as for Linux, but you should be able to get it bootable, and get X running on any generic PC. Solaris is a quite different Unix to Linux under the hood, but if you're just using the GUI, it should all feel quite familiar.
Try running 'yum deplist <package>' to see all the dependencies for a package and which other packages provide them. I don't know what it would look like if there's a broken dep, though. As long as you haven't installed any packages with --force or --nodeps, then there shouldn't be any broken deps in the first place. As long as you're using yum to install and remove, you should be fine.
I have always used yum,sometimes compiled from source but,of course,if the compilation went well,there were no deps problems..i've said it because i've seen in Kubuntu 7.04 that,even if i always used the packet manager,the apt-get check sometimes talked of broken deps and corrected them by this way..strange..anyway,it happened !
..Uhm..ok,of course,sorry,ok,i'm a Doctor in Medicine But not a so good Linux User as i would like to be..so..please speak to me as i would be a two years always crying baby..in easier words..?
May I guess this is a response to my previous post?
"Defense in Depth" is like a buttleproof vest. A vest is made of a number of layers of cloth, each layer made of a different cloth and weave. Each layer has its own strengths and weaknesses. Each layer itself cannot stop the bullet, but all layers together form a very protective vest that can stop most bullets.
Hi slowCoder,you're right,it was an answer to your post...
now i understand better the meanings...i always do normal os installation,then add many graphic and office tools,install some ids and then update all..thanks,you gave me good and clear suggestions,now i'll try to follow them all..
I'm following ALL your suggestions too..and they all seem to be very good !
I've never thought about them all before...but that's just the Linux Way to the Knowledge :learning more and more from all the rest of the community day by day,isn't it ?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.