LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   How to secure a slackware workstation (http://www.linuxquestions.org/questions/slackware-14/how-to-secure-a-slackware-workstation-4175432012/)

Ook 10-13-2012 10:06 AM

How to secure a slackware workstation
 
I work in a windows environment, but have the freedom to use the desktop of my choice. The desktop of my choice happens to be Slackware, I converted from Windows a long time ago, and now my wife (who barely knows a mouse from a toaster) is using Slackware for her desktop, and loves the stability.

At work, they have strict security policies for Windows. We run anti virus and website monitoring software.

My questions is, how would one secure a Slackware workstation? I'm looking specifically on resources on running antivirus on the box (are there any viruses that Slackware is susceptible to?) and maybe a firewall. I have write access to both Windows and linux shares that are production servers and repositories, and it would be extremely bad if something got loose that went out and started messing with or deleting files.

hitest 10-13-2012 11:44 AM

You can use Eric's firewall script.

http://www.slackware.com/~alien/efg/

Save the script as rc.firewall to your hard drive. As root make the script executable by issuing this command: # chmod +x rc.firewall. Then copy the script to /etc/rc.d by issuing this command: # cp rc.firewall /etc/rc.d
Start your new firewall by issuing this command: # /etc/rc.d/rc.firewall start

You can also use rkhunter to check your unit for malware and trojans. I don't worry too much about virus activity on Slackware. Run your Slackware station as a regular user and patch it with the latest security updates.

http://slackbuilds.org/repository/14.0/system/rkhunter/

jtsn 10-13-2012 04:09 PM

Quote:

Originally Posted by Ook (Post 4804709)
I'm looking specifically on resources on running antivirus on the box (are there any viruses that Slackware is susceptible to?) and maybe a firewall.

Computer viruses* are a thing of the past. Today's mainstream malware is standalone software, that targets the inexperienced user and the operating system of the inexperienced user (which is obviously not Slackware Linux). Its behavior is not that different from "legit" proprietary software: Hiding technicals details (and parts of itself) from the user, enforcing restrictions on the user, gathering private data and sending it to interested parties, displaying advertisements and so on. There is no technical difference between a usual DRM system and a rootkit.

*) little BLOBs which infect executables and hop from binary to binary.

The current black hat industry is money-driven, so investments in malware development have to pay off. And there is big advantage of Slackware Linux: The usual suspects don't support this platform, because it's to exotic to make a return: So you can't play a Blu-ray disc, but you can't run ZeuS or Stuxnet either.

You of course can run a program to scan for so-called signatures of "unwanted software" (for Windows). But this is a failed concept, that almost doesn't work in practice. The "security industry" (which sells nice yellow boxes) already lost this war.

The usual security threat, a Slackware box sees, targets network services: remote shell access, web servers, mail access, databases and so on. So to mitigate such risks on a workstation do not expose server software to the network. Or ever better to not install or run something like this at all.

OldHolborn 10-13-2012 04:42 PM

Been using slack for a fair few years, the most dangerous thing I've had to deal with so far has been my own fingers.

*tappety tap, tappety tap* <return>

"wtf?"

"oh *bleep*"

Make backups, keep them offline - mostly fingerproof that way :)

T3slider 10-13-2012 05:18 PM

If this is in an office setting, while viruses for *Linux* aren't very prevalent, you may wish to prevent Windows viruses spreading to Windows computers via network shares (either hosted on the Linux box or accessible to the Linux box). ClamAV is the standard I think. To detect Linux compromises, rkhunter and chkrootkit (use both!) are good tools.

mrascii 10-13-2012 08:55 PM

Quote:

Originally Posted by OldHolborn (Post 4804999)
Been using slack for a fair few years, the most dangerous thing I've had to deal with so far has been my own fingers.

*tappety tap, tappety tap* <return>

"wtf?"

"oh *bleep*"

Make backups, keep them offline - mostly fingerproof that way :)

Amen, has happened to me more than once. luckybackup is a great little front end to rsync.

DNA
AKA ascii

mrascii 10-13-2012 08:58 PM

For physical security see README_CRYPT.TXT that comes on the Slackware DVD. Using LVM and and a fully encrypted system will give you a big measure of peace of mind especially with a laptop.

DNA
AKA ascii

Woodsman 10-14-2012 01:04 AM

Quote:

My questions is, how would one secure a Slackware workstation? I'm looking specifically on resources on running antivirus on the box (are there any viruses that Slackware is susceptible to?) and maybe a firewall. I have write access to both Windows and linux shares that are production servers and repositories, and it would be extremely bad if something got loose that went out and started messing with or deleting files.
There are many articles online about this topic. Read through a few and you'll have a better grasp at tackling the problems.

The advice offered here for a firewall script and the root kit checkers is a good start. There are some antivirus software available for Linux based systems. Read a bit to see what has the best reviews for enterprise environments. I suspect a significant majority of Slackers do not run any antivirus software, but you are trying to address your own usage within an enterprise environment, where usage and needs are different.

Remember that in addition to the firewall script, to disable unnecessary services. Check to see whether any needed services can be run from within inetd. Etc.

Check into screen locking features of whatever desktop you are using. When you leave the desktop press the keyboard shortcut to invoke a screen lock. As you are using a Linux based system, remember that with a multi-user system anybody can toggle to an alternate console to login. If you are paranoid of other users possibly disable automounting of removable devices.

The more paranoid you want to be, the more you'll want to harden your workstation. :) A sane approach: Are you doing this on your own or are the employers requiring these additions? If the former then common sense likely will be sufficient. If the latter then you probably need to abide whatever requirements they have.

H_TeXMeX_H 10-14-2012 02:55 AM

I wrote a howto on basic security:
http://docs.slackware.com/howtos:sec...basic_security

There are more howtos there as well, so check those too.

markush 10-14-2012 03:42 AM

Quote:

Originally Posted by Ook (Post 4804709)
...
My questions is, how would one secure a Slackware workstation? I'm looking specifically on resources on running antivirus on the box (are there any viruses that Slackware is susceptible to?) and maybe a firewall. I have write access to both Windows and linux shares that are production servers and repositories, and it would be extremely bad if something got loose that went out and started messing with or deleting files.

I did not understand if you mean your Slackware workstation at work. In a typical enterprise-environment you are behind a firewall and don't need one on your workstation. You can see that when the computers connect to the internet via a proxy-server.
As others wrote above, the risk for malware is that such programs are distributed over the network idependently of the OS. Malware is not dangerous for your Slackwaremachine, but if it goes from your machine to a Windows-share it can be dangerous for the Windows-computers. So it would (probably) make sense to install clamav on the Slackware-workstation.

Also if your Slackware-computer at home is connected to a router, you will (at least for a Slackware-computer) not need an additional firewall.

Markus

GazL 10-14-2012 06:05 AM

Quote:

Originally Posted by markush (Post 4805234)
I did not understand if you mean your Slackware workstation at work. In a typical enterprise-environment you are behind a firewall and don't need one on your workstation.

Also if your Slackware-computer at home is connected to a router, you will (at least for a Slackware-computer) not need an additional firewall.

Relying solely on an external firewall doesn't protect you from a threat already on your local network. Why take the risk?


All times are GMT -5. The time now is 07:04 PM.