Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
looks good to me as it is... if you're not doing any printing you could disable cups, but nothing else that i see should really concern you - specially if you're completely firewalled...
first of all u see which runlevel u use, i think u use GUI prompt & runlevel 5. after that go on runlevel directry which hase /etc under than find like S???nfs like or nfs ward related script. than only put 'K'
on place of 'S'. reboot ur system. i thing solve ur problem.
i told u only disable nfs function , same way u can disable others function.
wardialer,
do firewall configure,do startup kirnell script configure., do xhost configure, do stop ping like fload attack by script configure of kernell.
than i think more sequre than system.
You know how OpenBSD is secure by default because of the uneeded services are disabled???
This is weird way of looking at security. Basically NetBSD or FreeBSD are more secure because all ports (services) are closed after installation?
This is not why OBSD or immunix are secure.
If you know what services you need to close on OBSD, then close exactly the same on linux.
Depending on the distro you can find running portmapper, NFS, NIS, smb, ftp, time. Close them all. Remember that some services to run properly may require other services (e.g. NFS requires portmapper) so you have to know what are you doing.
Quote:
do firewall configure,do startup kirnell script configure., do xhost configure, do stop ping like fload attack by script configure of kernell.
sysctl is quite easy:
in the terminal window enter
sysctl -a | grep net
all the options should be entered to /etc/sysctl.conf
next run
sysctl -p
more detailed info:
google.com
and search for linux sysctl tcp (harden)
usually you will find suggestion to set "on" window scaling but for workstation it should be off (so no need to set rmem wmem and mem)
don't turn sack off for workstation because that will slow down web browsing. The rest will apply, but the exact values should be tested.
sysctl is a UNIX variable that you should know from OpenBSD, there are small (differences in the syntax mostly), but most of the stuff is exaclt the same.
ports:
what is the output of
#netstat --tcp -ln
#netstat --udp -ln
the above will take (partially) care of tcp hardening, you will have to read about account management too (if you have more that one user and this is not a home workstation, where you can trust users)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.