LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices

Reply
 
Search this Thread
Old 11-15-2009, 03:43 AM   #1
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Rep: Reputation: 64
confused about apparmor, ufw and firestarter


Hi !

I am an experienced redHat/Fedora sysadmin but I'm completely new to ubuntu/debian world and the-way-the-things-works.
I am trying to understand a few things. One of them is security related.

Is AppArmor an extra security layer that protects individual services based in what is the normal and expected behavior, right ? Why it is disabled in all run levels expect level 6 (reboot?) ? Should I enable it on all run-levels ? Should I select which service to protect or the defaults are fine ?

Is netfilter, the basic packet filter on Ubuntu 9.10 ?
I founded iptables and I installed firestarter, but looks like firestarter is protecting nothing from outside, based on this iptables -L output:
Code:
Chain INPUT (policy DROP)
target     prot opt source               destination                    
ACCEPT     all  --  anywhere             anywhere
This is right ? The default policy is DROP but there is a rule that allows anything from anywhere ??? This make any sense ?

And finally, what is ufw and why it is disabled in all runlevels ?
Is ufw a replacement for iptables, or firestarter or it is a completely new animal ?
Should I use ufw instead firestarter ?

I am impressed about how different is Ubuntu/debian from other RH based distros. I just realize how much I have to learn about this new stuff....

thanks for the enlightenment,
 
Old 11-15-2009, 07:53 AM   #2
FlGator81
Member
 
Registered: Nov 2008
Location: Baltimore
Distribution: Ubuntu
Posts: 65

Rep: Reputation: 21
UFW: https://wiki.ubuntu.com/Uncomplicate...UbuntuFirewall

UFW is "Uncomplicated Firewall" and according to the website it utilizes the netfilter packet-filtering system with iptables commands.

Firestarter was Ubuntu's primary firewall app prior to 8.04 (Hardy Heron) but has been replaced by UFW.

AppArmor is like a modernized form of SELinux, but seems to offer more control of individual applications. It is probably disabled at boot to allow applications root access just long enough to get the system up and running. Then privileges are dropped to user level once that access is no longer needed.

AppArmor: https://wiki.ubuntu.com/AppArmor
 
Old 11-15-2009, 02:41 PM   #3
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,910

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Quote:
Originally Posted by marozsas View Post
.

Is AppArmor an extra security layer that protects individual services based in what is the normal and expected behavior, right ?
It is an extra security layer and my interpretation is more that it is to protect you from the services/applications based on their expected/allowed behaviour. So, if, say, your word processor was compromised by downloading a file with nasty things in it (or someone squirted nasty data at your DNS server), the app would be sandboxed to stop the breach spreading out further, limiting the 'bad guys' ability to privilege escalate a small breach into a big one.

It should be easier to get to grips with and configure than SELinux.
This
https://help.ubuntu.com/community/AppArmor is an example of what I found when I did a google search on "app armor tutorial" and you certainly read one or more of those.

Quote:
Is netfilter, the basic packet filter on Ubuntu 9.10 ?
I founded iptables and I installed firestarter, but looks like firestarter is protecting nothing from outside, based on this iptables -L output:
Code:
Chain INPUT (policy DROP)
target     prot opt source               destination                    
ACCEPT     all  --  anywhere             anywhere
This is right ? The default policy is DROP but there is a rule that allows anything from anywhere ??? This make any sense ?

And finally, what is ufw and why it is disabled in all runlevels ?
Is ufw a replacement for iptables, or firestarter or it is a completely new animal ?
Should I use ufw instead firestarter ?
The various different things listed as 'firewalls' on Linux are almost always 'easy to use' front ends to iptables. So, if your iptables ruleset is 'bad', it doesn't matter what tool you have created the ruleset with, its a bad ruleset. Additionally, with one of the GUI things, you don't have to keep running the GUI part; you only have to run it once to generate the ruleset and from then on, its just a matter of running the ruleset (just the same way as you could/should/would run the ruleset if it was generated from, eg, a bash script...although you could regenerate on, eg, every boot, if you thought the various IP adresses would change).

Oh, and on a security paranoia front (security paranoia - good, where normal paranoia = bad, arguably), you might choose to run the iptables rule generator bit on a different machine from the firewall machine, so that if your firewall box does get compromised you don't get your rule generation compromised.


Quote:
thanks for the enlightenment,
e16 or e17?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ufw firewall rhlnewbie Linux - Software 2 10-18-2009 03:23 PM
LXer: Ubuntu 9.10 UFW Firewall LXer Syndicated Linux News 0 10-15-2009 01:02 AM
ufw in Slackware mattydee Slackware 2 05-19-2009 02:35 PM
LXer: Gufw - Simple GUI for ufw (Uncomplicated Firewall) in Ubuntu LXer Syndicated Linux News 0 09-30-2008 03:20 AM
Can't access network printer through UFW cornleader Ubuntu 3 09-25-2008 09:46 PM


All times are GMT -5. The time now is 12:11 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration