LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-28-2013, 11:28 PM   #1
Crueltiming
LQ Newbie
 
Registered: Jun 2013
Location: Arizona
Distribution: Debian
Posts: 14

Rep: Reputation: Disabled
Linux Security


I installed Debian 7.1.0 and my question is about securing the os. I have scoured the internet and find a ton of security information, however, it seems to deal mostly with multiple users on that computer. My Debian "box" is 99% going to be me alone on it. I am installing a text-based game (Mud) on it to learn things,(about the Mud and Linux as well) and occasionally my friend may long into the game to test etc..other than that the laptop will not even be connected to the internet. I just want to ensure it is as secure as I can make it when it is online. I know I need to leave telent services on so I can log into the game..I just want to know if anybody knows of a security reference geared more toward a "home-user" securing against outside attempts etc...
Will the firewall on my router be good enough?
Thank you
 
Old 06-29-2013, 12:07 AM   #2
jdkaye
LQ Guru
 
Registered: Dec 2008
Location: Westgate-on-Sea, Kent, UK
Distribution: Debian Testing Amd64
Posts: 5,464

Rep: Reputation: Disabled
As always, doing a simple search (e.g. linux security) turns up information. Here's something you may find useful:
http://www.tldp.org/HOWTO/html_single/Security-HOWTO/
The first rule is that to define security you first must define what you are concerned about. What are you protecting and from whom or what?
jdk
 
Old 06-29-2013, 12:53 AM   #3
Crueltiming
LQ Newbie
 
Registered: Jun 2013
Location: Arizona
Distribution: Debian
Posts: 14

Original Poster
Rep: Reputation: Disabled
Thank you

I saw that howto...way over my head...was looking for something a bit dumbed down...but thanx for replying.
 
Old 06-29-2013, 02:10 AM   #4
jazz5150
LQ Newbie
 
Registered: Jun 2013
Location: NL
Distribution: Kali-Linux, Debian
Posts: 20

Rep: Reputation: 15
Use IPTABLES to default all incoming connections to DROP.
A very user friendly description can be found here: http://www.aboutdebian.com/firewall.htm
 
1 members found this post helpful.
Old 06-29-2013, 03:58 AM   #5
Crueltiming
LQ Newbie
 
Registered: Jun 2013
Location: Arizona
Distribution: Debian
Posts: 14

Original Poster
Rep: Reputation: Disabled
Talking Thank you

Appreciated!
 
Old 06-29-2013, 04:23 PM   #6
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,064

Rep: Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893
Someone has to mention the 'Securing Debian Manual'. It is pretty straightforward, comprehensive, easy to read and, err, covers Debian. OTOH, there is quite a bit of it, some of it irrelevant for particular applications, but you certainly could do worse.

That said
  • don't do anything stupid (downloading stuff from dubious sources, replying to stupid phishing e-mails)
  • keep everything up-to-date (from trusted sources, if course); you don't want to be running apps with exploits against them
  • firewalls are a bit over-rated; nice, yes, and if you believe in belt 'n braces (you probably should!), then you'll always want one, but most people could get away without one if they were careful about all the other stuff
  • take care to minimise your use of root and to have good password hygiene
  • if you don't need a service, don't run it (ssh in particular, but a valid general point)
  • look at the logs from time to time; anything unusual there?
  • using a hardening script, when you initially start, can be a good idea; at least you will have a baseline

Quote:
I need to leave telent services on ...
Arrgh, no! with telnet, the box can never be secure. telnet is from the old days when networking was a bit of a novelty, and network security wasn't really a subject anyone discussed. If you can substitute ssh, with all its problems, you will at least have a chance.
 
2 members found this post helpful.
Old 07-01-2013, 01:06 PM   #7
Crueltiming
LQ Newbie
 
Registered: Jun 2013
Location: Arizona
Distribution: Debian
Posts: 14

Original Poster
Rep: Reputation: Disabled
Telnet

I thought I would have to leave telnet on to connect to the Mud server from my other PC(windows). I do it that way because I use zmud to connect and then work etc...and I do not know if zmud works in Linux...havent researched it yet. Also..like I said, I want to occasionally allow friends to log into the game to test etc..and again, I believe to connect they need a telnet-like client (zmud). Maybe I am incorrect in these assumptions. However...I appreciate you taking the time to advise me.
Respectfully
Cruel
 
Old 07-01-2013, 05:53 PM   #8
DavidMcCann
Senior Member
 
Registered: Jul 2006
Location: London
Distribution: CentOS, Salix
Posts: 4,626

Rep: Reputation: 1464Reputation: 1464Reputation: 1464Reputation: 1464Reputation: 1464Reputation: 1464Reputation: 1464Reputation: 1464Reputation: 1464Reputation: 1464
I'm currently testing a Debian derivative (Point) and I've been looking at the firewall tools (gufw, firestarter, arno...). It took me back to when I briefly used Debian in 2009 before fleeing back to the safe world of Red Hat! Basically, I'd say the choice is
1. Master that horrid documentation.
2. Switch to a non-Debian based distro that has user-friendly configuration tools, like PCLinuxOS, OpenSUSE, Fedora...

Zmud is Windows only, but there are equivalents (Mudlet, Kmuddy, Gnome-mud). Mud actually started on Unix and was only ported to Windows later. As far as I know, you do have to use telnet.
 
1 members found this post helpful.
Old 07-01-2013, 07:20 PM   #9
Crueltiming
LQ Newbie
 
Registered: Jun 2013
Location: Arizona
Distribution: Debian
Posts: 14

Original Poster
Rep: Reputation: Disabled
Thank you

Much appreciated...I am running this on an old old laptop and I believe Red hat would not run on it (512 mg ram). I may be looking at some other distros tho. Thanx again for the reply.
 
Old 07-01-2013, 07:27 PM   #10
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,406

Rep: Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396
If you have to use telnet, just be aware its plain text and at least change passwds frequently and put lots of emphasis on stopping people getting near that network.
If your friend is logging in from on an internal lan eg at home (wired) that should be ok. Wireless is tricky to secure.
I suppose you could look at a VPN soln for external logins (as far as the router).
 
1 members found this post helpful.
Old 07-01-2013, 10:21 PM   #11
Crueltiming
LQ Newbie
 
Registered: Jun 2013
Location: Arizona
Distribution: Debian
Posts: 14

Original Poster
Rep: Reputation: Disabled
Talking Thank you

Much appreciated
 
Old 07-02-2013, 06:57 PM   #12
YellowApple
Member
 
Registered: Mar 2013
Location: Truckee, California, United States
Distribution: Slackware, OpenBSD, openSUSE, Android
Posts: 93

Rep: Reputation: 35
Quote:
Originally Posted by Crueltiming View Post
I thought I would have to leave telnet on to connect to the Mud server from my other PC(windows). I do it that way because I use zmud to connect and then work etc...and I do not know if zmud works in Linux...havent researched it yet. Also..like I said, I want to occasionally allow friends to log into the game to test etc..and again, I believe to connect they need a telnet-like client (zmud). Maybe I am incorrect in these assumptions. However...I appreciate you taking the time to advise me.
Respectfully
Cruel
If the MUD server supports something other than telnet (SSH would be ideal), I'd use that instead. I'm not terribly familiar with MUDs, since I've never played them, let alone administered servers for them, but I'd hope that modern clients and servers support SSH - which is secure - instead of telnet - which is horribly insecure, not to mention archaic.

Otherwise, have friends install PuTTY (if they run Windows; else, they can use the 'ssh' command), then connect via SSH to your Debian machine. Even for MUD servers that don't support SSH directly, you should be able to configure ~/.bash_profile to run the MUD client on the server itself, which would avoid some - if not most - of the security problems (namely, by keeping the telnet connection internal, rather than providing an easy avenue for snooping over LAN and/or WAN). Again, though, I'm not very experienced with MUDs in particular, so take my recommendation with a grain of salt.
 
Old 07-03-2013, 01:01 AM   #13
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,406

Rep: Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396
Another option is ssh tunnelling http://www.revsys.com/writings/quick...sh-tunnel.html.
Basically you run telnet inside an ssh tunnel.
Lots of howtos on the web.
As above though, a modern MUD ought to support ssh anyway (I would hope...); have a dig through the docs/website.
 
Old 07-03-2013, 10:54 AM   #14
Crueltiming
LQ Newbie
 
Registered: Jun 2013
Location: Arizona
Distribution: Debian
Posts: 14

Original Poster
Rep: Reputation: Disabled
Thank you

Thank you all for the information. Unfortunately, I do not think a modern mud server exists...but, since I am fairly new to trying this project, I could be incorrect. Either way, thanks a ton for the info/help.
Respectfully
Cruel
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration