Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Well, start by identifying exactly what you perceive to be a threat! Computer systems are not "intrinsically" vulnerable, and in fact many exploits are purely opportunistic.
Some things that I routinely do:
My "ordinary" user account is non-privileged: it cannot issue the sudo command.
All "home directories" are accessible only to the owning user.
I'm running regular backups to an external drive, all the time throughout the day. These backups are protected.
I use ad-blockers. (Sorry, LQ!) "Internet advertisements" are actually programs.
When I "wear different hats," I have separate (non-privileged) user accounts for each "hat." For instance, to do small-business accounting, I must log on as an accounting user. If I'm working on different client projects, each one has its own account.
Most problems are actually caused by users! People get emails from an unknown source and click on an attachment, or they see an free program offered on the internet and install it. That sort of malware is common in Windows-land and it works.
It doesn't work in Linux-land. Run your file manager and go to /bin. Right click on a program name, like bash, and then click on Permissions. You'll see a box labeled "allow executing file as program" has been ticked. That was done by the package manager that installed bash and the program could not run until it was done. You couldn't just dump malware on Linux and expect it to run: some-one with the authority to do so has to tell the system that it's OK.
if your new to ubuntu please. just take things as they are:
very possible russian asian muslim or ms or who) have hacked things to give "certain people" a way to get in if they have the need to. infact debian used to expressely say their was such packages and they were not responsible for what users "chose to install"
ALSO very possible since your new that you can't learn how to "secure a unix work station" quickly
ANSWER: click on the firewall thing make sure that's ON. past that: attach it only to internet not to your private lan until you (are ever) confident you are safe enough for your needs
(i can tell you remote attacks are not prevailant - watch your modem lights they will be still when your not browsing (it's likely no one is loggin in to your computer remotely), i can also tell you china runs malware port scans on a regular basis on all IP in the USA - so you DO want a firewall - and you should not have "private" or banking information on the machine, as you might be held responsible by your bank if you did)
I forgot to mention the firewall! If you have a router, that should have its own. If you have a phone-company dongle stuck in a USB port, you need to have one on the computer, and you can never have too many anyway .
Ubuntu, like most (all?) Debian derivatives comes with the firewall turned off. Use the following commands
Code:
sudo apt-get install ufw
sudo ufw enable
The first may be redundant — ufw may be installed — but it will obviously tell you if it is. The second does the trick.
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524
Rep:
Probably the single most effective measure is to use a for-pay vpn as an anonymous proxy. Then, write an iptables firewall script that drops all spoofing addresses, and only allows RELATED and ESTABLISHED traffic on the INPUT table, and which only accepts traffic on ports and protocols you require.
You can pick up a Watchguard hardware firewall on eBay for 20.00, which is an extremely effective way to prevent unwanted traffic. If you don't use ssh, then disable the ssh service.
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524
Rep:
You can get iptables scripts online. Everything that you need is there. You just have tweak it a bit, and delete most of it. I can't write iptables from scratch. Spoofing addresses are private address space, like 10.0.0.0/8, etc.
i am new to linux but i dont feel safe here. am currently using ubuntu 16.04 lts. how can i maximize my security while browsing online
Firstly, Richard Stallman said Ubuntu is spyware.
Ubuntu gives your browsing history to companies and the feds.
So you can choose an OS which is more secure.
Alternatively, you can 'harden' Ubuntu by installing AppArmor.
For secure browsing, use Firefox with NoScript and HTTPS Everywhere add-ons.
You can try different methods of anonymous browsing like Freenet, tor and I2P.
Do your research and find the best method.
Linux distros are much safer than Windows OS. For example, Linux distros don't need third-party firewalls or antivirus.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.