Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
12-24-2016, 08:03 AM
|
#1
|
LQ Newbie
Registered: Dec 2016
Posts: 15
Rep:
|
First time ever with Linux, what security measures do I need to take? Antivirus, firewall?
The only thing I know how to use is Windows, so this Linux stuff is really strange for me. I've installed Ubuntu, because I read that it's kind of user friendly.
I found out that Ubuntu comes with a firewall, but interestingly when I opened up the terminal and typed:
sudo ufw status
it said that it was disabled. This was terrifying news. I've since enabled it by typing
sudo ufw enable
which seems to have enabled it. But I haven't restarted yet. I find it really strange that Ubuntu being for noobs that this wasn't turned on already.
So I have a lot of learning to do, and some things surprised me, like one guy saying that there's almost no such thing as viruses on Linux, only rootkits and malware, and that it's useless installing antivirus pretty much.
So, what do I need to do/install to at least be safe while I learn the ropes?
Thanks. It's exciting entering a new world of open source OS, the air smells ... so fresh.
Maurice.
|
|
|
12-24-2016, 08:15 AM
|
#2
|
LQ Guru
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,523
|
Quote:
Originally Posted by Moeman
which seems to have enabled it. But I haven't restarted yet. I find it really strange that Ubuntu being for noobs that this wasn't turned on already
|
Welcome.
A restart is not necessary, the changes take effect right away. One reason it's not on by default is that Ubuntu has no listening services in the default installation so it does not matter one way or another if the firewall is on or off until you start adding various server packages. (You could turn your Ubuntu machine into a server by adding a piece at a time if you like.) Even then a firewall does not do so much and their efficacy has been highly exaggerated. But people do seem to like them anyway.
The browser is the main weak point in systems. If you are using Firefox, you might find some add-ons interesting and maybe even useful. I'd recommend Privacy Badger, NoScript, and Self-Destructing Cookies as three to start with.
|
|
2 members found this post helpful.
|
12-24-2016, 08:37 AM
|
#3
|
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep:
|
Maurice:
Welcome to LQ!
Bookmark and then search https://help.ubuntu.com/ for Ubuntu topics of interest.
And for general Linux stuff, have a gander at http://rlworkman.net/howtos/rute/
If you have a router, enabled ufw may not be necessary, or advantageous.
https://help.ubuntu.com/community/DoINeedAFirewall
Updated browser + noscript, some kind of "ad blocker" like uOrigin or Adblock Plus
I won't address "Viruses" in Linux as I've never seen one in 15 years of Linux nor
22 years in IT maintaining systems.
Peace.
|
|
1 members found this post helpful.
|
12-24-2016, 09:02 AM
|
#4
|
LQ Guru
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 21 MATE
Posts: 8,048
|
Welcome Maurice.
Good advice from the other posters.
You probably won't need a virus checker, but if you do decide to install one (perhaps because you're storing some Windows software and want to make sure it's clean before sending it to friends with Windows systems):
clamtk (should be available in the repo; also install clamav); or
Sophos Antivirus for Linux: https://www.sophos.com/en-us/product...for-linux.aspx
Or if you want to check for rootkits:
rkhunter ( http://rkhunter.sourceforge.net/)
chkrootkit ( http://www.chkrootkit.org/)
Finally, you may want to add extra protection by running your browser sandboxed. Firejail ( https://firejail.wordpress.com/) and the related Firetools are useful in that respect.
Enjoy!
|
|
1 members found this post helpful.
|
12-24-2016, 09:37 AM
|
#5
|
Senior Member
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541
|
Quote:
Originally Posted by Habitual
I won't address "Viruses" in Linux as I've never seen one in 15 years of Linux nor
22 years in IT maintaining systems.
|
I'll second that -- I've been at for a bit longer and have never seen any either.
With Windows viruses are rampant and it's easy for them to install when a user clicks on something that installs the virus -- you can install software, you can install a virus.
That's not true in Linux. You install software in Linux as the super user, root. You cannot install something system-wide unless you are logged in as root or by using sudo which temporarily makes you root. Just clicking on an attachment will not install anywhere but in your local user account. Too, viruses are written for Windows, carefully crafted to cause damage, and Windows software does not run in Linux anyway so it's mute when it comes to Windows viruses infecting your Linux system.
You've activated the firewall, you're good to go -- it (mostly) keeps bad actors out of your system. If you're connected directly to the Internet, you're going to get hammered by attempted logins, the firewall prevents that if you just follow the simple rule of using good passwords on your user accounts (if you have more than one user). Do not ever use a dictionary word, use letters, numbers, punctuation and you'll probably not have problems. It's really difficult to get into a Linux system where it is child's play to get into a Windows system.
Linux is different, it is not vulnerable by default (just don't circumvent the security settings to make it "easier").
Welcome to Linux, welcome to LQ, take your time, have fun and if you have questions this is probably the best place to come for advice.
Hope this helps some.
|
|
2 members found this post helpful.
|
12-24-2016, 09:44 AM
|
#6
|
LQ Guru
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (15 current), Slack15, Ubuntu studio, MX Linux, FreeBSD 13.1, WIn10
Posts: 10,342
|
Me, personly I use public wifi and do not worry about it. I did jump on that bandwagon for about a minute, with that firewall, and proxy stuff. But found I do not really need it, and I do not have sensitive information on here and I do not worry about viruses because it is Linux. So I am worry free now that I have left Windows where people write viruses for it just because it is easier to do than Linux.
as well I am not using Linux for a server to have to worry about a firewall, as far a viruses hahahahaha, again, it is Linux, not Windows.
Last edited by BW-userx; 12-24-2016 at 09:46 AM.
|
|
|
12-24-2016, 09:52 AM
|
#7
|
LQ Veteran
Registered: Feb 2015
Location: USA
Distribution: Lubuntu 14.04, 22.04, Windows 8.1 and 10
Posts: 6,282
|
Quote:
Originally Posted by Moeman
I found out that Ubuntu comes with a firewall, but interestingly when I opened up the terminal and typed:
sudo ufw status
it said that it was disabled. This was terrifying news. I've since enabled it by typing
sudo ufw enable
which seems to have enabled it. But I haven't restarted yet. I find it really strange that Ubuntu being for noobs that this wasn't turned on already.
|
Hi Maurice, welcome to the forum
I'm not sure why that is. When I first installed Lubuntu, I, too, discovered the firewall was disabled by default. You can see my thread on that here.
Just to make sure your firewall is in working order, please open a terminal and post the results of...
Code:
sudo iptables -L -v
Also, installing the "gufw" package might make setting up the firewall easier for you, although everyone has their own opinion about the best way of doing this.
Code:
sudo apt-get install gufw
Disclaimer: Be careful with commands that are prefaced with "su" or "sudo." They will essentially allow root access to your system. Mistakes could possibly damage or even destroy your OS.
Regards...
|
|
1 members found this post helpful.
|
12-24-2016, 10:11 AM
|
#8
|
Senior Member
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth&Mars (I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that work on freest-HW; has been KDE, CLI, Novena-SBC but open.. http://goo.gl/NqgqJx &c ;-)
Posts: 4,888
|
I like firewalld and firewall applet plus always 'add' and 'script blockers' for browser addons. ;)
Using NoScript for Firefox and ScriptBlock for Chrome...
have fun, free!
Add: I could see if downloading from shady alleys and\or if you keep a microcoughed-losedough$ partition needing a virus or root kit hunter but I never have or used a VM for that.
|
|
|
12-24-2016, 11:34 AM
|
#9
|
LQ Veteran
Registered: Jul 2006
Location: London
Distribution: PCLinuxOS, Salix
Posts: 6,177
|
Quote:
Originally Posted by Moeman
I find it really strange that Ubuntu being for noobs that this wasn't turned on already.
|
From what I've seen, all the distros based on Debian are like that, and I too find it odd. My suspicion is that we've been through three stages:
1. dial-up internet via a modem: firewall on computer essential
2. broadband intermet with a router that has it's own firewall
3. broadband with a phone company dongle (for some, anyway): firewall essential (in my opinion)
The Debian developers would seem to be at stage 2!
It's true that you can't install software where it belongs when logged in as a normal user, but it can still be installed in $HOME. But now you've got your firewall up, you're safe. I've read of police chiefs in both Australia and the USA recommend using Linux for banking, even if only used for that purpose, because of its security.
|
|
|
12-25-2016, 08:46 AM
|
#10
|
Moderator
Registered: Jan 2005
Location: Central Florida 20 minutes from Disney World
Distribution: Slackware®
Posts: 13,950
|
Member response
Hi,
Welcome to LQ!
Nothing wrong with protecting one's network & systems. 'rootkits' can make havoc with your system and admin should setup routine checks using available tools. Prevention is the best choice. One can setup a firewall with DMZ to really serve the systems within your LAN. Look at a early article; http://www.linuxjournal.com/article/4415 to help you clarify the terminology & jargon. You can look at Security section for some helpful links to information that will aid you.
If you happen to have some MS Windows machines that you share information with then be sure to setup a antivirus to prevent issue with those users when sharing.
I tell my clients that social engineering is your worst enemy and to prevent your members from moving external or sneaker files via flash or even email links that can worm into their systems. If you do not know the sender then forget it or just remove anything that looks suspicious. If you have any concerns then fault to the technique of never allowing such into your servers or clients.
Social engineering done from social sites can be your worst enemy since most people will share unknowingly information that could be a potential problem. I have clients who will fire anyone immediately that socially shares from their office via any system, personal or company. I do not wish to start a debate on the merits of company rules or mandates. I have seen the damage done by persons who really do not understand social engineered issues created by their actions within a company. Just like gossip, it just gets bigger as it's life is in action.
I still get calls from scammers that tell me my computer is reporting errors to Microsoft. I like to make a game of it and really play dumb until I get bored with it. I finally tell these guys that no way my computer is reporting to anyone but me. I use Linux! Click!
I feel that my game keeps them from trying to get someone else while I am on the phone with that lone scammer. I know that there are people out there that will fall for this mode of information scamming.
So to clarify, if it looks to good to be true then it is a scam or attempt to get you to click on that link. Set your systems so that every available tool to prevent these actions from damaging your systems or LAN. You do not treat the symptoms but inoculate so that you are protected by the use of proper tools.
Look at LQ's Tutorials Security section for some additional help.
Hope this helps.
Have fun & enjoy!
|
|
|
12-25-2016, 03:10 PM
|
#11
|
LQ Newbie
Registered: Dec 2016
Posts: 15
Original Poster
Rep:
|
Thanks to everyone for your help. What I find really strange is that Linux users know EVERYTHING about the OS kernel, I have no clue how or why, but I have the generalised view that every Linux user is either a hacker or a software engineer, and I feel so dumb. I've been struggling a lot. I think I have to admit that Windows is easier. Whenever I look up how to do something on Google the answers tell me to type about 5 command lines and I have no idea what I'm doing. To make things worse, I was stuck when I wanted to install the drivers for my Nvidia graphics card, and when I finally typed the sudo apt get install or whatever for the drivers, I wasn't able to log in again, and I read in places it's the wrong way to install drivers. So I had to reinstall Ubuntu.
Then I wanted to see the temperature of my CPU, and whereas in Windows you can just download the executable CPUZ-ID, here in Ubuntu I type the command to install something, and no joke I had to press enter through 10 pages of questions that I had no clue about.
So although I just have to boot Windows to go back to the easy life, today's another day, and I'm in the right mood to keep trying.
|
|
|
12-25-2016, 07:21 PM
|
#12
|
Senior Member
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth&Mars (I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that work on freest-HW; has been KDE, CLI, Novena-SBC but open.. http://goo.gl/NqgqJx &c ;-)
Posts: 4,888
|
Many average users in GNU\Linux, like me.
Over time just like any OS you learn but here is a sea so takes longer at times... try Virtualbox, live OSs and\or in a separate partition just reinstalling again and again until you find what you like\works... for me over time top choice is Debian Sid netinst with non-free firmware included eg( from:) https://cdimage.debian.org/cdimage/u...ding-firmware/
but that's just me &c...
Best to learn searching, well before and while doing:
http://www.linuxquestions.org/questi...9/#post5645863
Also, backups—lots of backups; all I care about there is personal data and some times if I work an a config, not proprietary software but you may want.
|
|
|
12-25-2016, 09:11 PM
|
#13
|
LQ Veteran
Registered: Feb 2015
Location: USA
Distribution: Lubuntu 14.04, 22.04, Windows 8.1 and 10
Posts: 6,282
|
Quote:
Originally Posted by Moeman
What I find really strange is that Linux users know EVERYTHING about the OS kernel, I have no clue how or why, but I have the generalised view that every Linux user is either a hacker or a software engineer, and I feel so dumb.
|
Hi...
Not at all, there are many folks just like yourself who are using Linux (or starting to use Linux) who know very little about the nuts and bolts of the OS. I've been using Linux off and on since about 2006 and I know next to nothing about the kernel itself.
Also, you're not dumb. Let me answer your statement with a question: Were you born knowing how to talk or walk? No, you learned that as you got a bit older and even then, it was a slow process, starting with one word and one step. You didn't walk or speak as if you were an adult. It's the same thing with Linux. If if it's an OS that you decide to stay with, you will learn things as you continue to use it.
Quote:
Originally Posted by Moeman
So although I just have to boot Windows to go back to the easy life, today's another day, and I'm in the right mood to keep trying.
|
Really, it's about what OS works best for you, whether Mac, Linux or Windows. There are advantages and disadvantages to all of them.
Merry Christmas!
Last edited by ardvark71; 12-25-2016 at 09:14 PM.
Reason: Corrections/Added wordage.
|
|
|
12-25-2016, 11:16 PM
|
#14
|
Senior Member
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth&Mars (I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that work on freest-HW; has been KDE, CLI, Novena-SBC but open.. http://goo.gl/NqgqJx &c ;-)
Posts: 4,888
|
Indeed!
I feel it should be what works best for all and( as an at home user) haven't touched microcoughed-losedough$ in years and never a ˘apple unless from a thrift store. You get what you pay...
Way off topic:
don't forget we're all atheists,,, some just smart enough to believe in no "gods &c."
|
|
|
12-26-2016, 01:40 AM
|
#15
|
LQ Guru
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 7,906
|
Quote:
Originally Posted by Moeman
Thanks to everyone for your help. What I find really strange is that Linux users know EVERYTHING about the OS kernel, I have no clue how or why, but I have the generalised view that every Linux user is either a hacker or a software engineer, and I feel so dumb.
|
Actually very few Linux users understand how the kernel works. All you need to know about the kernel is that it runs all your hardware (instead of having scores of separate hardware drivers that clash all the time). It also polices all running programs so that if a program runs amok, it can be terminated instead of crashing the whole system like in Windows.
What Linux users can easily learn to understand is how the main bits of the OS, including the kernel, work together to run the computer.
Quote:
I've been struggling a lot. I think I have to admit that Windows is easier. Whenever I look up how to do something on Google the answers tell me to type about 5 command lines and I have no idea what I'm doing.
|
You want to learn and that's two thirds of the solution. Windows seems easier because it doesn't expect you to even try to understand it. But the consequence is that you get used to being completely helpless. With Linux, you can learn how to fix problems. In Ubuntu there are a lot of graphical programs for managing things so you don't have to use the command line until you feel ready.
Quote:
To make things worse, I was stuck when I wanted to install the drivers for my Nvidia graphics card, and when I finally typed the sudo apt get install or whatever for the drivers, I wasn't able to log in again, and I read in places it's the wrong way to install drivers. So I had to reinstall Ubuntu.
|
Give us some more detail on that, preferably in a new thread, and we should be able to help you. Using apt-get is the correct way to install software, but I've heard that nvidia graphics can be a pain.
Quote:
Then I wanted to see the temperature of my CPU, and whereas in Windows you can just download the executable CPUZ-ID, here in Ubuntu I type the command to install something, and no joke I had to press enter through 10 pages of questions that I had no clue about.
|
Again, that calls for a separate thread and more detail.
Quote:
So although I just have to boot Windows to go back to the easy life, today's another day, and I'm in the right mood to keep trying.
|
Bravo!!
|
|
|
All times are GMT -5. The time now is 12:53 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|