LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-24-2016, 08:03 AM   #1
Moeman
LQ Newbie
 
Registered: Dec 2016
Posts: 15

Rep: Reputation: Disabled
First time ever with Linux, what security measures do I need to take? Antivirus, firewall?


The only thing I know how to use is Windows, so this Linux stuff is really strange for me. I've installed Ubuntu, because I read that it's kind of user friendly.

I found out that Ubuntu comes with a firewall, but interestingly when I opened up the terminal and typed:

sudo ufw status

it said that it was disabled. This was terrifying news. I've since enabled it by typing

sudo ufw enable

which seems to have enabled it. But I haven't restarted yet. I find it really strange that Ubuntu being for noobs that this wasn't turned on already.

So I have a lot of learning to do, and some things surprised me, like one guy saying that there's almost no such thing as viruses on Linux, only rootkits and malware, and that it's useless installing antivirus pretty much.

So, what do I need to do/install to at least be safe while I learn the ropes?

Thanks. It's exciting entering a new world of open source OS, the air smells ... so fresh.

Maurice.
 
Old 12-24-2016, 08:15 AM   #2
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,523
Blog Entries: 4

Rep: Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831Reputation: 3831
Quote:
Originally Posted by Moeman View Post
which seems to have enabled it. But I haven't restarted yet. I find it really strange that Ubuntu being for noobs that this wasn't turned on already
Welcome.

A restart is not necessary, the changes take effect right away. One reason it's not on by default is that Ubuntu has no listening services in the default installation so it does not matter one way or another if the firewall is on or off until you start adding various server packages. (You could turn your Ubuntu machine into a server by adding a piece at a time if you like.) Even then a firewall does not do so much and their efficacy has been highly exaggerated. But people do seem to like them anyway.

The browser is the main weak point in systems. If you are using Firefox, you might find some add-ons interesting and maybe even useful. I'd recommend Privacy Badger, NoScript, and Self-Destructing Cookies as three to start with.
 
2 members found this post helpful.
Old 12-24-2016, 08:37 AM   #3
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Maurice:

Welcome to LQ!
Bookmark and then search https://help.ubuntu.com/ for Ubuntu topics of interest.
And for general Linux stuff, have a gander at http://rlworkman.net/howtos/rute/

If you have a router, enabled ufw may not be necessary, or advantageous.
https://help.ubuntu.com/community/DoINeedAFirewall

Updated browser + noscript, some kind of "ad blocker" like uOrigin or Adblock Plus
I won't address "Viruses" in Linux as I've never seen one in 15 years of Linux nor
22 years in IT maintaining systems.

Peace.
 
1 members found this post helpful.
Old 12-24-2016, 09:02 AM   #4
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 21 MATE
Posts: 8,048
Blog Entries: 5

Rep: Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925
Welcome Maurice.

Good advice from the other posters.

You probably won't need a virus checker, but if you do decide to install one (perhaps because you're storing some Windows software and want to make sure it's clean before sending it to friends with Windows systems):

clamtk (should be available in the repo; also install clamav); or

Sophos Antivirus for Linux: https://www.sophos.com/en-us/product...for-linux.aspx

Or if you want to check for rootkits:

rkhunter (http://rkhunter.sourceforge.net/)

chkrootkit (http://www.chkrootkit.org/)

Finally, you may want to add extra protection by running your browser sandboxed. Firejail (https://firejail.wordpress.com/) and the related Firetools are useful in that respect.

Enjoy!
 
1 members found this post helpful.
Old 12-24-2016, 09:37 AM   #5
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541

Rep: Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065
Quote:
Originally Posted by Habitual View Post
I won't address "Viruses" in Linux as I've never seen one in 15 years of Linux nor
22 years in IT maintaining systems.
I'll second that -- I've been at for a bit longer and have never seen any either.

With Windows viruses are rampant and it's easy for them to install when a user clicks on something that installs the virus -- you can install software, you can install a virus.

That's not true in Linux. You install software in Linux as the super user, root. You cannot install something system-wide unless you are logged in as root or by using sudo which temporarily makes you root. Just clicking on an attachment will not install anywhere but in your local user account. Too, viruses are written for Windows, carefully crafted to cause damage, and Windows software does not run in Linux anyway so it's mute when it comes to Windows viruses infecting your Linux system.

You've activated the firewall, you're good to go -- it (mostly) keeps bad actors out of your system. If you're connected directly to the Internet, you're going to get hammered by attempted logins, the firewall prevents that if you just follow the simple rule of using good passwords on your user accounts (if you have more than one user). Do not ever use a dictionary word, use letters, numbers, punctuation and you'll probably not have problems. It's really difficult to get into a Linux system where it is child's play to get into a Windows system.

Linux is different, it is not vulnerable by default (just don't circumvent the security settings to make it "easier").

Welcome to Linux, welcome to LQ, take your time, have fun and if you have questions this is probably the best place to come for advice.

Hope this helps some.
 
2 members found this post helpful.
Old 12-24-2016, 09:44 AM   #6
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (15 current), Slack15, Ubuntu studio, MX Linux, FreeBSD 13.1, WIn10
Posts: 10,342

Rep: Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242
Me, personly I use public wifi and do not worry about it. I did jump on that bandwagon for about a minute, with that firewall, and proxy stuff. But found I do not really need it, and I do not have sensitive information on here and I do not worry about viruses because it is Linux. So I am worry free now that I have left Windows where people write viruses for it just because it is easier to do than Linux.

as well I am not using Linux for a server to have to worry about a firewall, as far a viruses hahahahaha, again, it is Linux, not Windows.

Last edited by BW-userx; 12-24-2016 at 09:46 AM.
 
Old 12-24-2016, 09:52 AM   #7
ardvark71
LQ Veteran
 
Registered: Feb 2015
Location: USA
Distribution: Lubuntu 14.04, 22.04, Windows 8.1 and 10
Posts: 6,282
Blog Entries: 4

Rep: Reputation: 842Reputation: 842Reputation: 842Reputation: 842Reputation: 842Reputation: 842Reputation: 842
Quote:
Originally Posted by Moeman View Post
I found out that Ubuntu comes with a firewall, but interestingly when I opened up the terminal and typed:

sudo ufw status

it said that it was disabled. This was terrifying news. I've since enabled it by typing

sudo ufw enable

which seems to have enabled it. But I haven't restarted yet. I find it really strange that Ubuntu being for noobs that this wasn't turned on already.
Hi Maurice, welcome to the forum

I'm not sure why that is. When I first installed Lubuntu, I, too, discovered the firewall was disabled by default. You can see my thread on that here.

Just to make sure your firewall is in working order, please open a terminal and post the results of...

Code:
sudo iptables -L -v

Also, installing the "gufw" package might make setting up the firewall easier for you, although everyone has their own opinion about the best way of doing this.

Code:
sudo apt-get install gufw
Disclaimer: Be careful with commands that are prefaced with "su" or "sudo." They will essentially allow root access to your system. Mistakes could possibly damage or even destroy your OS.

Regards...
 
1 members found this post helpful.
Old 12-24-2016, 10:11 AM   #8
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth&Mars (I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that work on freest-HW; has been KDE, CLI, Novena-SBC but open.. http://goo.gl/NqgqJx &c ;-)
Posts: 4,888
Blog Entries: 2

Rep: Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567
I like firewalld and firewall applet plus always 'add' and 'script blockers' for browser addons. ;)

Using NoScript for Firefox and ScriptBlock for Chrome...

have fun, free!

Add: I could see if downloading from shady alleys and\or if you keep a microcoughed-losedough$ partition needing a virus or root kit hunter but I never have or used a VM for that.
 
Old 12-24-2016, 11:34 AM   #9
DavidMcCann
LQ Veteran
 
Registered: Jul 2006
Location: London
Distribution: PCLinuxOS, Salix
Posts: 6,177

Rep: Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322Reputation: 2322
Quote:
Originally Posted by Moeman View Post
I find it really strange that Ubuntu being for noobs that this wasn't turned on already.
From what I've seen, all the distros based on Debian are like that, and I too find it odd. My suspicion is that we've been through three stages:
1. dial-up internet via a modem: firewall on computer essential
2. broadband intermet with a router that has it's own firewall
3. broadband with a phone company dongle (for some, anyway): firewall essential (in my opinion)
The Debian developers would seem to be at stage 2!

It's true that you can't install software where it belongs when logged in as a normal user, but it can still be installed in $HOME. But now you've got your firewall up, you're safe. I've read of police chiefs in both Australia and the USA recommend using Linux for banking, even if only used for that purpose, because of its security.
 
Old 12-25-2016, 08:46 AM   #10
onebuck
Moderator
 
Registered: Jan 2005
Location: Central Florida 20 minutes from Disney World
Distribution: Slackware®
Posts: 13,950
Blog Entries: 46

Rep: Reputation: 3182Reputation: 3182Reputation: 3182Reputation: 3182Reputation: 3182Reputation: 3182Reputation: 3182Reputation: 3182Reputation: 3182Reputation: 3182Reputation: 3182
Member response

Hi,

Welcome to LQ!

Nothing wrong with protecting one's network & systems. 'rootkits' can make havoc with your system and admin should setup routine checks using available tools. Prevention is the best choice. One can setup a firewall with DMZ to really serve the systems within your LAN. Look at a early article; http://www.linuxjournal.com/article/4415 to help you clarify the terminology & jargon. You can look at Security section for some helpful links to information that will aid you.

If you happen to have some MS Windows machines that you share information with then be sure to setup a antivirus to prevent issue with those users when sharing.

I tell my clients that social engineering is your worst enemy and to prevent your members from moving external or sneaker files via flash or even email links that can worm into their systems. If you do not know the sender then forget it or just remove anything that looks suspicious. If you have any concerns then fault to the technique of never allowing such into your servers or clients.

Social engineering done from social sites can be your worst enemy since most people will share unknowingly information that could be a potential problem. I have clients who will fire anyone immediately that socially shares from their office via any system, personal or company. I do not wish to start a debate on the merits of company rules or mandates. I have seen the damage done by persons who really do not understand social engineered issues created by their actions within a company. Just like gossip, it just gets bigger as it's life is in action.

I still get calls from scammers that tell me my computer is reporting errors to Microsoft. I like to make a game of it and really play dumb until I get bored with it. I finally tell these guys that no way my computer is reporting to anyone but me. I use Linux! Click!
I feel that my game keeps them from trying to get someone else while I am on the phone with that lone scammer. I know that there are people out there that will fall for this mode of information scamming.

So to clarify, if it looks to good to be true then it is a scam or attempt to get you to click on that link. Set your systems so that every available tool to prevent these actions from damaging your systems or LAN. You do not treat the symptoms but inoculate so that you are protected by the use of proper tools.

Look at LQ's Tutorials Security section for some additional help.

Hope this helps.
Have fun & enjoy!
 
Old 12-25-2016, 03:10 PM   #11
Moeman
LQ Newbie
 
Registered: Dec 2016
Posts: 15

Original Poster
Rep: Reputation: Disabled
Thanks to everyone for your help. What I find really strange is that Linux users know EVERYTHING about the OS kernel, I have no clue how or why, but I have the generalised view that every Linux user is either a hacker or a software engineer, and I feel so dumb. I've been struggling a lot. I think I have to admit that Windows is easier. Whenever I look up how to do something on Google the answers tell me to type about 5 command lines and I have no idea what I'm doing. To make things worse, I was stuck when I wanted to install the drivers for my Nvidia graphics card, and when I finally typed the sudo apt get install or whatever for the drivers, I wasn't able to log in again, and I read in places it's the wrong way to install drivers. So I had to reinstall Ubuntu.

Then I wanted to see the temperature of my CPU, and whereas in Windows you can just download the executable CPUZ-ID, here in Ubuntu I type the command to install something, and no joke I had to press enter through 10 pages of questions that I had no clue about.

So although I just have to boot Windows to go back to the easy life, today's another day, and I'm in the right mood to keep trying.
 
Old 12-25-2016, 07:21 PM   #12
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth&Mars (I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that work on freest-HW; has been KDE, CLI, Novena-SBC but open.. http://goo.gl/NqgqJx &c ;-)
Posts: 4,888
Blog Entries: 2

Rep: Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567
Many average users in GNU\Linux, like me.

Over time just like any OS you learn but here is a sea so takes longer at times... try Virtualbox, live OSs and\or in a separate partition just reinstalling again and again until you find what you like\works... for me over time top choice is Debian Sid netinst with non-free firmware included eg( from:) https://cdimage.debian.org/cdimage/u...ding-firmware/
but that's just me &c...

Best to learn searching, well before and while doing:
http://www.linuxquestions.org/questi...9/#post5645863

Also, backups—lots of backups; all I care about there is personal data and some times if I work an a config, not proprietary software but you may want.
 
Old 12-25-2016, 09:11 PM   #13
ardvark71
LQ Veteran
 
Registered: Feb 2015
Location: USA
Distribution: Lubuntu 14.04, 22.04, Windows 8.1 and 10
Posts: 6,282
Blog Entries: 4

Rep: Reputation: 842Reputation: 842Reputation: 842Reputation: 842Reputation: 842Reputation: 842Reputation: 842
Quote:
Originally Posted by Moeman View Post
What I find really strange is that Linux users know EVERYTHING about the OS kernel, I have no clue how or why, but I have the generalised view that every Linux user is either a hacker or a software engineer, and I feel so dumb.
Hi...

Not at all, there are many folks just like yourself who are using Linux (or starting to use Linux) who know very little about the nuts and bolts of the OS. I've been using Linux off and on since about 2006 and I know next to nothing about the kernel itself.

Also, you're not dumb. Let me answer your statement with a question: Were you born knowing how to talk or walk? No, you learned that as you got a bit older and even then, it was a slow process, starting with one word and one step. You didn't walk or speak as if you were an adult. It's the same thing with Linux. If if it's an OS that you decide to stay with, you will learn things as you continue to use it.

Quote:
Originally Posted by Moeman View Post
So although I just have to boot Windows to go back to the easy life, today's another day, and I'm in the right mood to keep trying.
Really, it's about what OS works best for you, whether Mac, Linux or Windows. There are advantages and disadvantages to all of them.

Merry Christmas!

Last edited by ardvark71; 12-25-2016 at 09:14 PM. Reason: Corrections/Added wordage.
 
Old 12-25-2016, 11:16 PM   #14
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth&Mars (I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that work on freest-HW; has been KDE, CLI, Novena-SBC but open.. http://goo.gl/NqgqJx &c ;-)
Posts: 4,888
Blog Entries: 2

Rep: Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567
Arrow

Indeed!

I feel it should be what works best for all and( as an at home user) haven't touched microcoughed-losedough$ in years and never a ˘apple unless from a thrift store. You get what you pay...

Way off topic:
don't forget we're all atheists,,, some just smart enough to believe in no "gods &c."
 
Old 12-26-2016, 01:40 AM   #15
hazel
LQ Guru
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 7,906
Blog Entries: 19

Rep: Reputation: 4572Reputation: 4572Reputation: 4572Reputation: 4572Reputation: 4572Reputation: 4572Reputation: 4572Reputation: 4572Reputation: 4572Reputation: 4572Reputation: 4572
Quote:
Originally Posted by Moeman View Post
Thanks to everyone for your help. What I find really strange is that Linux users know EVERYTHING about the OS kernel, I have no clue how or why, but I have the generalised view that every Linux user is either a hacker or a software engineer, and I feel so dumb.
Actually very few Linux users understand how the kernel works. All you need to know about the kernel is that it runs all your hardware (instead of having scores of separate hardware drivers that clash all the time). It also polices all running programs so that if a program runs amok, it can be terminated instead of crashing the whole system like in Windows.

What Linux users can easily learn to understand is how the main bits of the OS, including the kernel, work together to run the computer.
Quote:
I've been struggling a lot. I think I have to admit that Windows is easier. Whenever I look up how to do something on Google the answers tell me to type about 5 command lines and I have no idea what I'm doing.
You want to learn and that's two thirds of the solution. Windows seems easier because it doesn't expect you to even try to understand it. But the consequence is that you get used to being completely helpless. With Linux, you can learn how to fix problems. In Ubuntu there are a lot of graphical programs for managing things so you don't have to use the command line until you feel ready.
Quote:
To make things worse, I was stuck when I wanted to install the drivers for my Nvidia graphics card, and when I finally typed the sudo apt get install or whatever for the drivers, I wasn't able to log in again, and I read in places it's the wrong way to install drivers. So I had to reinstall Ubuntu.
Give us some more detail on that, preferably in a new thread, and we should be able to help you. Using apt-get is the correct way to install software, but I've heard that nvidia graphics can be a pain.

Quote:
Then I wanted to see the temperature of my CPU, and whereas in Windows you can just download the executable CPUZ-ID, here in Ubuntu I type the command to install something, and no joke I had to press enter through 10 pages of questions that I had no clue about.
Again, that calls for a separate thread and more detail.

Quote:
So although I just have to boot Windows to go back to the easy life, today's another day, and I'm in the right mood to keep trying.
Bravo!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Basic security measures to take connecting a Linux server to the Internet. linux_linux Linux - Networking 2 03-15-2008 09:42 PM
Need help in security:Antivirus and firewall protection for mandriva 20007 spring magikshock Linux - Newbie 2 12-03-2007 06:19 PM
newbie looking for firewall, antivirus, general security articles towsonu2003 Linux - Security 3 09-03-2005 03:44 PM
addtl security measures slug420 Linux - Security 1 06-10-2005 06:45 PM
additional firewall measures Syncrm Linux - Networking 1 04-18-2002 10:09 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration