SlackwareThis Forum is for the discussion of Slackware Linux.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I installed Slackware 9.1 on my laptop a couple of weeks ago and I simply LOVE IT!
RH9 was on my desktop box. On the RH9 system I would every now and then go to sygatetech.com to have my system scanned for open ports, trojans, etc. and ALL results would show that ALL my ports were not only CLOSED but STEALTHED, which is optimal. I also had Guarddog 2.2 running. My RH9 security setting was initially on HIGH, DEFAULT.
Yesterday I decided to take the plunge and installed Slackware 9.1 on the desktop. No more RH9, too slow and bloated for my taste. After doing the usual security things like:
1. editing /etc/inetd.conf and commenting ALL lines
2. disabling ALL services from pkgtool/setup
3. installing Guarddog 2.2 and allowing ONLY DNS, FTP, HTTP, POP3 and SMTP,
I ran the sygatetech scan and, surprise, many ports were NOT STEALTHED, only CLOSED, which is a security hazard. Some of the ports found closed were ftp, ssh, telnet, smtp, dns, dcc, finger, upnp, trojan, tcmp, web, pop3, ident, netbios, https, socks proxy, web proxy.
Why the difference between RH9 and Slack 9.1?
Is RH9 more secure, or is there something I forgot to do, other than editing inetd.conf?
Might I reccomend shorewall and webmin for a quick setup of a firewall. You may need grab the default set of rules for a single homed system but it's still a very good way of doing it. I use it at work and on my home systems. But if you're not wanting to go the shorewall way, grab an iptables script from somewhere and edit it to your liking or write you own.
Guarddog creates an executable script called "rc.firewall" using iptables (or ipchains depending on your kernel) and places it in /etc. Just move the rc.firewall script to /etc/rc.d and it'll run at startup in complete stealth mode. Or you can leave it where it is (good idea if you use Guarddog to change your configuration alot) and add a startup command to rc..local. Either way works fine.
Someone correct me if i'm wrong but if your ports are closed, as in there is no daemon listening, then they are secure. For someone to connect to a service and exploit it, there has to be something listening in the first place, because the daemon actually sits and wait for a connection.