Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Most linux distros already have one of the best firewall installed by default " iptables"
most distros REQUIRE a login password for the normal users and for "root"
some for some reason have moved to DECREASING security and not having a different account for root and a normal user
There are about 12 or so viruses that run on linux and rootkits also
( but there ARE windows rootkits also )
A good "new to linux" operation system , and one that a lot of people like is
Mint Linux http://www.linuxmint.com/
or if you have a computer with very good specs you can install ( at least a i5 cpu and 4 gig ram )
OpenSUSE 12.3 http://software.opensuse.org/123/en
these are two VERY different operating systems
mint is a deb based os and suse is a rpm based
It is wise that you wish to practice safe HEX. You can relax; it is not so urgent to protect a Linux system upon install as it is to protect a Windows system, because the odds that your system will be targeted upon first use are so minimal as to be almost nonexistent (and I'm one of the minority who runs an anti-virus on his Linux systems--primarily from a "better safe than sorry" point of view).
A few random thoughts:
Generally, even though the Linux kernel comes with built-in firewall capability called iptables, as John_W points out, in many distros, you will need to turn it on after install. Note that most Linux "firewall applications" are nothing more than front-ends for iptables. You can configure iptables directly, but that's generally an option chosen by users more adept than I.
See the docs for whatever distro you decide to try first for details on how to implement the firewall, but it's often found in a "Control Center" or "System Settings" dialogs on the GUI menu.
Most distros have "documentation" or "wiki" links at their websites that will help you out.
Also, Linux is not "prone" to rootkits. Rootkits are rare for both Windows and Linux, but, as viruses are not much of a danger to Linux, rootkits tend to get more attention in Linux-world.
I already stated I have a firewall. (gufw, you can look it up)
@John_W
I have Ubuntu...
@frankbell
So, just a firewall is goof enough? I do have wine, so I am wondering if there is anything I can use at least to detect and remove possible threats, should there be any.
The threats against a Linux based PC are completely different than those of a typical Windows environment. Unless you plan on running public facing server applications, you should be able to relax and enjoy the greatly improved security posture of Linux compared to Windows. The biggest things you will need to be aware of is the permissions scheme of Linux, how to keep your system up to date, and how to obtain software from known trusted repositories. With respect to the last item, most Linux distributions maintain huge collections of software that is maintained by a developer who, amongst other things, is responsible for making sure that the version is properly configured for the distribution. In most distributions they "sign" the software and place it in the repository. Your package management system will download from these repositories and verify the signature of the application. While this is not an absolute guarantee against malicious code, the risks of it are greatly minimized and much smaller than the Windows way of downloading executable code from %Diety% only knows whose website.
If you stay with software from known sources and take proper precautions with your web browsing, you shouldn't have problems.
Wow... It will take a while to get used to this. I'm used to being overly-paranoid (because usually I'm forced to or face the consequences) on windows...
there is an old netflix program it is firefox/mono/wine stand alone package that almost works well .
BUT
i would run netflix on win7 , it NEEDS the current Microsoft Silverlight and Microsoft .NETframework
Wow... It will take a while to get used to this. I'm used to being overly-paranoid (because usually I'm forced to or face the consequences) on windows...
If only I could run netflix...
You'll see that once you've been with Linux awhile that none of the "usual crap" that plagued your Windows usage applies.
As long as you get your software from your distribution's repos and other trust-worthy sources and compute smart, you should be fine.
The primary threat that Linux users must deal with are browser exploits, which are usually quickly patched, and the so-called "social engineering" threats.
I got one of those latter today--an email telling me that my bank had instituted a new account verification process and to click to go to this website blah blah blah. Only one problem--it's a bank that I do not now and have never used and, for that matter, would never use.
gufw, by the way, is one of those front-ends for iptables. If you'd like to see the actual iptables rules, you can enter
Code:
iptables -L
in a terminal (-L means "list"). You may have to be root (or use "sudo," depending on your distro) to do this.
"usual crap" is an understatement when it comes to windows 8... somehow, it found a way to corrupt it's own protected system files... and then when I tried to repair the problem using DISM online heal, it couldn't do it! That's why I'm now on linux... lol.
It certainly is a wonderful feeling when your OS does what you want it to...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.