LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 12-02-2007, 05:56 AM   #1
Vrajgh
Member
 
Registered: Aug 2005
Posts: 65

Rep: Reputation: 31
Security update and hardware: To Slackware or not to Slackware...


I'm strongly considering switching my home desktop PC over to Slackware and could do with some advice to make sure that I know what I'm getting in to.

Background
My first experiments with linux some years ago were with "Vector Linux" (a Slackware derivative) which I chose at the time because it is aimed at older hardware and came on a single CD (I was on dial-up at the time.) Vector served me very well for the educational experience until I trashed my system (a nasty accident with a shell script run as root, containing something a bit like "rm -Rf /", you don't want to know... although perhaps that was the most important lesson!)

After that I went through the "Linux from Scratch" book and learned a great deal more. I ran the resulting BLFS system for a couple of years without any problems and really got to know what was going on. I then came to upgrade my PC and no longer had the time or the inclination to go through the "from scratch" process all over again. I installed a flavour of ubuntu about a year ago and enjoyed it for a while. It certainly did what I needed; it gave me a working system without installing every linux program under the sun but also allowed me to install a wide range of extra packages so that I could get on with work that I needed my PC for.

Over time, however, I've fallen a little out of love with ubuntu. My general approach to running my system is "if it ain't broke don't fix it." I spend the time tweaking ubuntu to make the system more like I want it and then an upgrade comes out and I have to start again. The first upgrade I did was remarkably easy but since then they have appeared less and less robust, suffering from glitches preventing various things from working properly without intervention. I've started to feel that lack of control inherent in using such a distribution. I haven't even upgraded to the 7.10 version because ubuntu appears to be going in a direction that isn't compatible with what I want out of *my* desktop.

So, to slackware. Every time I have distribution woes, slackware seems to catch my eye. Simple things like the BSD style init scripts appeal, the reputation for stability and control too. All this sounds like sound reasoning for experimenting with slackware in the near future.

Questions start here...
After this long background essay, the questions I have are actually relatively simple:
1) Once the system is installed from whatever CD/DVD method I choose, do I then need to install the packages from the "patches" section of the ftp site in order to get up to date with security issues? If I choose not to install one of the extra package managers will subscribing myself to the security mailing list (and acting on the advice) be sufficient to keep me out of trouble?

2) I'm likely to compile my own kernel in order to get the rt2500 wifi module to work. To get the nvidia driver to work, do I just follow the steps on nvidia's website or is there are more slackware oriented way to do it?
 
Old 12-02-2007, 06:11 AM   #2
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,790
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
My personal choice for keeping my Slackware systems patched is slackpkg, which is in the extras directory of Slackware. If you point it at the stable branch (NOT current), and run it when needed, it works well.
 
Old 12-02-2007, 08:26 AM   #3
hitest
Senior Member
 
Registered: Mar 2004
Location: Prince Rupert, B.C., Canada
Distribution: Slackware, OpenBSD
Posts: 4,191

Rep: Reputation: 548Reputation: 548Reputation: 548Reputation: 548Reputation: 548Reputation: 548
I highly recommend Slackware. Like you I've run a number of distros over the years, but, I always come home to my favourite.
I've just finished a week long experiment running Debian Lenny on my main work station. There's nothing wrong with Debian, I do have one Debian 4.0r1 box at home. But, it isn't Slackware. I'm currently re-installing Slack 12 on my main work station.
It is good to be home:-)
 
Old 12-02-2007, 09:19 AM   #4
jong357
Senior Member
 
Registered: May 2003
Location: Columbus, OH
Distribution: DIYSlackware
Posts: 1,914

Rep: Reputation: 52
While updating packages with security fixes is good practice in general, I really find it to be unecessary actually.. Usually hiding behind a router is sufficient enough to keep you out of trouble security wise. That and keeping as many services off as possible. I haven't installed a firewall or ran updates on windows for 3 years or more without incident. On linux, your 100 times less likely for anything to happen than you are on Windows. Not interested a debate about my above statements just incase anyone is thinking about it... That's just my preference.

I typically just do a fresh install of a newly released Slackware when it comes out and that's it. I don't even upgrade the stock kernel anymore unless I need some extra support that the stock one doesn't have.

Up to you. But yea. Keep an eye on the Security Updates yourself and 'upgradepkg' when necessary. And their are automated proceedures as mentioned above but I've seen those cause a world of trouble in the past. I'd prefer a hand-on approach personally.

I think most people arrive at a crossroads where you are now and Slackware or one of the 3 major BSD's is where you'll end up for good. Nvidia driver should install without incident. Just download the .run file from their web site and run it at the init3 command prompt before you 'startx'. Change your driver line in xorg.conf and that's that. I think the nvidia install process will even do it for you if you want.

Last edited by jong357; 12-02-2007 at 09:22 AM.
 
Old 12-02-2007, 09:49 AM   #5
hitest
Senior Member
 
Registered: Mar 2004
Location: Prince Rupert, B.C., Canada
Distribution: Slackware, OpenBSD
Posts: 4,191

Rep: Reputation: 548Reputation: 548Reputation: 548Reputation: 548Reputation: 548Reputation: 548
I'm just finishing up patching my shiny new install of Slackware 12.0; I just finished downloading all of the security patches that are available that I want from the friendly Utah Slackware mirror ( they have kicking download speeds).
Then all you need to do to install all of them at once is issue one command at a root shell prompt:

#upgradepkg *.tgz

And that is it:-) My Slack box is happily chugging away now upgrading all security patches:-)
 
Old 12-02-2007, 09:49 AM   #6
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
I had a strange dream last night and through it I came to the realization that if you want a stable system you must NOT upgrade everything, only in the case of security issues and never something major. It makes sense. Now I understand why Slackware is so stable and secure. This I think is a major thing that separates Slackware from other distros. For example, Ubuntu, Gentoo, FC, and many other mainstream distros upgrade things as soon as they come out, and later they realize that one thing breaks another and yet another breaks another, and then the system goes down. Debian is an exception, along with a few others in that they don't quite rush to be at the bleeding edge. So, that's also a reasonable choice. But, Slackware helps you learn Linux a lot better than other distros, and the BSD-style init scripts make it very easy to understand what happens in part of the boot-up process and to customize it. I personally don't like package managers with dependency management, because they cause more problems than they solve (at least from my experience). However, you could use slapt-get if you want a better package manager.

Security-wise, remember to install updates when they come out, get an 'rc.firewall' script up and running, add a user other than root and don't run dangerous things as root, and disable processes that don't need to be up and are using or listening on external ports. That's pretty much what I do, and I haven't been haxxored yet. There's also rkhunter to check for rootkits.
 
Old 12-02-2007, 11:31 AM   #7
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,790
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Quote:
Security-wise, remember to install updates when they come out, get an 'rc.firewall' script up and running, add a user other than root and don't run dangerous things as root, and disable processes that don't need to be up and are using or listening on external ports. That's pretty much what I do, and I haven't been haxxored yet. There's also rkhunter to check for rootkits.
Good advice. May I also add that installing a file integrity checking system like Aide or Samhain allows you to figure out what has been compromised if the worst does occur.
 
Old 12-02-2007, 11:57 AM   #8
hitest
Senior Member
 
Registered: Mar 2004
Location: Prince Rupert, B.C., Canada
Distribution: Slackware, OpenBSD
Posts: 4,191

Rep: Reputation: 548Reputation: 548Reputation: 548Reputation: 548Reputation: 548Reputation: 548
Smile

Quote:
Originally Posted by H_TeXMeX_H View Post
I had a strange dream last night and through it I came to the realization that if you want a stable system you must NOT upgrade everything, only in the case of security issues and never something major. It makes sense. Now I understand why Slackware is so stable and secure. This I think is a major thing that separates Slackware from other distros. For example, Ubuntu, Gentoo, FC, and many other mainstream distros upgrade things as soon as they come out, and later they realize that one thing breaks another and yet another breaks another, and then the system goes down. Debian is an exception, along with a few others in that they don't quite rush to be at the bleeding edge. So, that's also a reasonable choice. But, Slackware helps you learn Linux a lot better than other distros, and the BSD-style init scripts make it very easy to understand what happens in part of the boot-up process and to customize it. I personally don't like package managers with dependency management, because they cause more problems than they solve (at least from my experience). However, you could use slapt-get if you want a better package manager.

Security-wise, remember to install updates when they come out, get an 'rc.firewall' script up and running, add a user other than root and don't run dangerous things as root, and disable processes that don't need to be up and are using or listening on external ports. That's pretty much what I do, and I haven't been haxxored yet. There's also rkhunter to check for rootkits.
Good advice, H_TeXMeX_H:-)
Just finished setting up my new Slackware system. I also downloaded rkhunter 1.3.0 from Sourceforge.net. Scanned my system, all clean.
 
Old 12-02-2007, 01:43 PM   #9
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,986
Blog Entries: 11

Rep: Reputation: 880Reputation: 880Reputation: 880Reputation: 880Reputation: 880Reputation: 880Reputation: 880
Quote:
Originally Posted by Vrajgh View Post
1) Once the system is installed from whatever CD/DVD method I choose, do I then need to install the packages from the "patches" section of the ftp site in order to get up to date with security issues? If I choose not to install one of the extra package managers will subscribing myself to the security mailing list (and acting on the advice) be sufficient to keep me out of trouble?
Works for me. That, and the fact that Slacks defaults are far
more sane than those of any of the "friendly" distros.

Quote:
Originally Posted by Vrajgh View Post
2) I'm likely to compile my own kernel in order to get the rt2500 wifi module to work. To get the nvidia driver to work, do I just follow the steps on nvidia's website or is there are more slackware oriented way to do it?
Perfectly sane, works a treat. Use Pat's .config for the
generic kernel as the base, and then happily chip away on
it 'til you have what suits you best :}



Cheers,
Tink
 
Old 12-02-2007, 01:47 PM   #10
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,986
Blog Entries: 11

Rep: Reputation: 880Reputation: 880Reputation: 880Reputation: 880Reputation: 880Reputation: 880Reputation: 880
Quote:
Originally Posted by jong357 View Post
While updating packages with security fixes is good practice in general, I really find it to be unecessary actually.. Usually hiding behind a router is sufficient enough to keep you out of trouble security wise. That and keeping as many services off as possible. I haven't installed a firewall or ran updates on windows for 3 years or more without incident. On linux, your 100 times less likely for anything to happen than you are on Windows. Not interested a debate about my above statements just incase anyone is thinking about it... ;) That's just my preference.
That attitude is the first step on the way to being
rooted... How is your router/firewall going to stop
an exploit in firefox? Or if you happen to run any
service like smtp or http open to the great unwashed,
will your router do deep packet inspection, and protect
you from Layer-7 attacks?

And feel free not to discuss this, but I think that readers
need to be warned
, and am most happy to ignore your lack of
interest in a discussion, and post my view on the matter anyway.



Cheers,
Tink

Last edited by Tinkster; 12-02-2007 at 04:59 PM. Reason: Minor changes
 
Old 12-02-2007, 04:38 PM   #11
shadowsnipes
Senior Member
 
Registered: Sep 2005
Distribution: Slackware
Posts: 1,441

Rep: Reputation: 70
Yes, security should always be a multi-layered approach from networks, applications, system, and most importantly the user.

Sure Slackware is definitely more stable and secure than most other distros by default, "but you are only as strong your weakest link" (usually that seems to be the user).

I think joining the security mailing list is a good idea. Even if you don't use (or have installed) the software that is patched you at least have an idea of what's going on. Bookmark the server of your choice because ftp.slackware is usually slow.

I keep all my packages separated by Slackbuilds, OfficialSlackPackages, etc. When I need to install or upgrade a system I can just use them straight up.
 
Old 12-02-2007, 11:36 PM   #12
jong357
Senior Member
 
Registered: May 2003
Location: Columbus, OH
Distribution: DIYSlackware
Posts: 1,914

Rep: Reputation: 52
Quote:
Originally Posted by hitest View Post
downloaded rkhunter 1.3.0 from Sourceforge.net. Scanned my system, all clean.
Ofcourse it was.

Quote:
Originally Posted by Tinkster
That attitude is the first step on the way to being
rooted...
4 years of running as root 24/7 and nothing so far.

Quote:
Originally Posted by Tinkster
How is your router/firewall going to stop
an exploit in firefox?
That is one thing I religiously update. I run my own gnome build and firefox is included in the line up. I'm quicker to update than Pat is.

Quote:
Originally Posted by Tinkster
Or if you happen to run any
service like smtp or http open to the great unwashed,
will your router do deep packet inspection, and protect
you from Layer-7 attacks?
Quote:
Originally Posted by jong357 already said
That and keeping as many services off as possible.
Code:
Starting Nmap 4.20 ( http://insecure.org ) at 2007-12-03 00:32 EST
Warning:  OS detection for 127.0.0.1 will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
All 1697 scanned ports on darkstar.example.net (127.0.0.1) are closed
Too many fingerprints match this host to give specific OS details
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 5.815 seconds
Might I suggest you install f-prot antivirus on your system as well?

Yes, I agree. Users should be warned. Yes, I'm being stupid by running as root. Yes, I'm complacent with security updates. But If someone finds a way to exploit me because of an old png version then so be it. Chances of that happening are slim indeed. In 6 to 8 months I'll be caught up because of the new Slackware version that I install.

Last edited by jong357; 12-02-2007 at 11:45 PM.
 
Old 12-03-2007, 07:28 AM   #13
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,790
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Quote:
But If someone finds a way to exploit me because of an old png version then so be it.
So do I now have permission to forward all the spam I get to you? Crackers live for computers like yours. Old, unpatched security holes make for easier pickings.

Quote:
4 years of running as root 24/7 and nothing so far.
That and $10 will get you a cup of Starbucks.
 
Old 12-03-2007, 08:20 AM   #14
cwwilson721
Senior Member
 
Registered: Dec 2004
Location: In my house.
Distribution: Ubuntu 10.10 64bit, Slackware 13.1 64-bit
Posts: 2,649
Blog Entries: 1

Rep: Reputation: 66
Quote:
Originally Posted by Vrajgh View Post
...2) I'm likely to compile my own kernel in order to get the rt2500 wifi module to work. To get the nvidia driver to work, do I just follow the steps on nvidia's website or is there are more slackware oriented way to do it?
Nvidia is dang easy.
  1. Get the source from nvidia
  2. Run 'xorgsetup' as root. That will get you a bare bones x setup going
  3. Make sure the kernel sources are installed (If using the huge kernel from the install, make sure that the smp kernel source is installed
  4. Backup your /etc/X11/xorg.conf just in case
  5. Run the Nvidia installer as root or su to root at a cli, no xwidows server running
  6. Answer 'no' to the question about 'Do you want a module downloaded'
  7. Run xwindows
Looks long and hard, but it is VERY easy.

There's alot more detail in my DRI link in my sig.
 
Old 12-03-2007, 08:25 AM   #15
hitest
Senior Member
 
Registered: Mar 2004
Location: Prince Rupert, B.C., Canada
Distribution: Slackware, OpenBSD
Posts: 4,191

Rep: Reputation: 548Reputation: 548Reputation: 548Reputation: 548Reputation: 548Reputation: 548
Cool

Quote:
Originally Posted by jong357 View Post
Ofcourse it was.
Sarcasm?
Well, my box is as secure as I can make it with all of the latest security patches. I run my unit as a regular user. I try to practice safe surfing:-)
I love Slackware.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Slackware security update/package update Michael_aust Slackware 6 10-04-2006 08:19 PM
Slackware Security Update: GDM security update phoeniXflame Slackware 2 08-26-2003 04:21 PM
Slackware Security Update: unzip vulnerability patched phoeniXflame Slackware 5 08-26-2003 12:52 PM
Slackware Security Update: sudo trickykid Slackware 3 05-01-2002 10:31 PM


All times are GMT -5. The time now is 08:13 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration