I agree with you up to a point. Not everyone needs dumbed down Security Documentation. But there are people who are just starting Linux who may be trying it because it's the in thing.. They might not be that computer savy on windows either.

The Newbie HOTWO, as I see it, would be a doc for new users to prevent their new linux box from getting hacked within the first day of being online. That's the dumbed down stuff. Basic things like, have a firewall, don't install software from un-official places unless you are really sure about it. Then you allow for drilling down on various categories of security information, but you teach the terminology instead of assuming they know it... After they know the terminology you can send them out to a collection of docs that are clear, up to date, and focused. (And enables you to read at 2,400 words a minute!)

It's a tall order, but seems like something that's needed.


-BenODen

As someone who is new to Linux security, but familiar with Unix & Linux in general, what I would like to see is better information on disabling services. Every guide or list of tips says something along the lines of "disable all unncessary services." Great, but how do I know what is necessary? There needs to be a list with simple explanations of what each service does and when it is needed. As an example, if I run nmap -sT -O localhost on my machine I get the following:
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
The only one of these I turned on was ftp because I was setting up an FTP site. When I see this the following questions come to mind:
What exactly does smtp do?
Who or what turned it on?
Is it venurable to a known attack?
If I'm not running a mail server, do I need it to be listening?
How do I turn it off?
If there was a good comprehensive list of information like the above for most of the common services, it would help people like myself immensly. Maybe what I'm describing already exists somewhere, but I think it is something that should be included in any security guide.

Thanks for the suggestions..

Strangely, after reading quite a few other HOWTOs and re-reading the draft, we may have to discuss the overall format of the HOWTO to keep it small enough. When it comes to discussing in general terms rather than distro specific terms, I wonder where the borderline should be. ie when do we hand off to another document..

The original target size was about 10 pages for each of the 2 Sections, which for the 2nd part, Networking Security, is enough to discuss general concepts..

Since this HOWTO was proposed, LQ has started the LQ Wiki site.
I wonder if it would be better to propose the HOWTO becomes integrated with the documentation there, coz obviously it will be easier to maintain it and expand into very specific areas and projects..
That gives the ability to start as a general document and link into distro specific areas and back more easily..

If that looks like a good idea, I think we should discuss the document tree to make sure contributions are in an appropriate order and don't end up repeating or conflicting with each other..

I managed to read the first five pages, then I had to go back to see what the original Q was. So if this has been suggested - too bad.
it was .....
I would like to ask for your support finding any HOWTO's, references and whatnot that would appeal to or are especially written for newbies.

Minimal requirements could be:
1. handle basic (install/post install) security,
2. clear, simple, step by step structure, "like talking to a 4 yr old",
3. be (somewhat) up to date.
If unsure, just post!

so...

how about the the Smoothwall and IP Cop manuals as a starter

http://www.ipcop.org/modules.php?op=...abcef923539ae8

http://www.smoothwall.org/docs/

and the monowall doc pages

http://m0n0.ch/wall/documentation.php

I often refer newbies to this IPCop page
http://www.ipcop.org/1.4.0/en/instal...iguration.html
when trying to guess what kind of system they want to set-up as the diagram is so clear. And it gives a newbie a good starting point to decide how they want their system set up.

The guides for smoothwall and IPCop are very clear ( and totally noob-friendly ) and I learn't more from them and then setting it up than other guides and just reading.

My advice to any newbie wanting to set up a firewall like the above is to download and print off the manuals and read, read, read and then have a go installing it.

having said that
here are some other good pages

http://www.oreilly.com/catalog/linag2/book/index.html

http://tille.xalasys.com/training/tldp/index.html


although these are more in-depth. Having said that the manuals are written for a total noob which is what I was when I installed my smoothie

hope this helps
floppy

We need to be careful of "copying" from other documents. The basic GPL principle allows total copying, rather than exerpts.. We have permission to link/extract from some documents with the usual recognition of it's original source and submission of any modifications to the original authors..

So we decided to start from scratch.. as we are experienced in explaining things in an easy manner, and a whole lot has been done already..
Now, to make it readable by anyone, and usable by "noobs", or anyone having specific problems, it needs to "flow" or be indexed as a reader would expect in order to find data easily.. and be general enough to be usable and specific enough to be usable.. which is why we want your feedback to make intelligent changes to it.

With the existence of the LQ Wiki we can overcome a lot of these problems and have many different menus to bind the many pages together..

Using the wiki is a departure from the original HOWTO intention however..
So the question is .. which is a better format.. a HOWTO or a wikidoc or even both??

Your suggestions/comments please..

One comment from a super newb...

The wikis that I've browsed are incomplete, and often
disjointed. unSpawn's original idea was a tutorial, and
my opinion that he was going to basically author it. Sort
of like with Slackware, until Pat V. puts it through the
paces, it doesn't make it into the distribution. If what
I think of wikis is correct, there's really no control over
whether or not the information is reliable.

And a for instance, in the security arena.

[story]
I've seen many posters recommend, and my best *nix
bud recommend, this Easy Firewall Generator for IPTables
However, it was designed for RedHat, and it doesn't
even have the correct path to iptables for Slackware in
the generated firewall. So, if the newb installs it and
sets it up to run, as I was taught, he doesn't even have
a firewall running at all -- just a false sense of security.

In fact, that *easy firewall generator* has caused me
so many problems, I'm reading Oskar Andreasson's
Iptables Tutorial and man iptables (which is right over
my head) to find out how to set iptables up correctly.
[/story]

Everything (which isn't much) I've learned in Linux
(Slackware) thus far, I've learned by reading all I could
find, then following someone's guide, then reading some
more and fixing what didn't fit or broke.

That being said, my offer still goes of a box dedicated
to test this tutorial -- when it materializes. Notice that
I said *when* and not *if* it materializes...

But guys, we've talked about this for almost 2 years now,
it's time to put something on the table and move on.

On 5-28-2003 unSpawn posted this:
I think it's time LQ takes a stab at producing a "Linux Newbie Security Tutorial".

So, let's get it on. Since I'm reading and trying to learn
how to secure my little 5 boxen LAN, I would be more than
overjoyed to be the main guinea pig.

Spot on!

And to protect the innocent he also posted..
"As it is, I think we won't be writing a FAQ or a help file...but a real book!
Ha, hmm, hope it's not me writing it. "

I feel if it's done as a collaboration of submitted articles as initially proposed, we'll get it done..
The wiki for sure can be just one person's opinion, but I don't get that kind of feeling from the LQ members..

And as you say, until something that can be read is actually posted, we're still just talking ideas..

So is everyone still on the lq-security mailing list?

Haven't received anything from the LQ Security mailing list
in a while. Could you send out something so we'd know?

When I looked at the first question I didnt realise the plan was to write some docs, I assumed you just wanted some sort of reference list you could point newbies to.

Having said that I still believe the Smoothwall, IP-Cop docs are very good reading if you are setting up that kind of pre-packaged system.

A while ago, someone who was writing How-to's here wanted suggestions and I suggested a "How-to" on Taking a distro like Mandrake and turning it into a Firewall / Router and / or Server
( Mail, web, etc etc ). Going by the number of posts I've seen with people trying to do just this I think it would be a popular How-to.
I did suggest using Webmin however that got shot down in flames as webmin's security was in doubt. IP-Tables is a common request for help too.

If it means editing conf files, then the how-to must show the newbie how to navigate to the conf file, how-to use the text editor, what to edit and why, how it effects the end product.

Personally I think a How-to is more helpful than a wiki. And if it becomes a book I personally will buy a copy

floppy

Just looking at the last page of this thread
if the intention is to write a wiki or a how-to

exactly what is going to be the subject ??
and what direction is that going to take ??

suggestions for How-to's
* How to set up a firewall / router using IP Tables etc
* How to set up a server
* How to secure your linux box
* How to install & configure Trip-wire, Snort & similar

floppy

We had the content and format discussions on the lq-security mailing list to keep this forum thread a little cleaner..

I must admit, there are a huge number of links posted, which shows the results of many people doing a small amount together.. A lot of searching has already been done, now to put it into "newbie" language.
What would be excellent is even 1 or 2 sentences from members that explain complex ideas down at newbie level. These can be assembled into coherent text and once it looks good will be "examined" by our resident experts for correctness, make sure it doesn't create a second issue etc. Members already know what is too complicated to understand, but we are sure to have a newbie explanation somewhere in the LQ forums. Most questions have been asked here already!!

So the next job is a couple of posts on the mailing list to check bounces and update everyone..
Post out the last suggested format/contents page..
Then I suggest we keep this thread for announcements of submitted material..

To quote flywhopper..
suggestions for How-to's
* How to set up a firewall / router using IP Tables etc
* How to set up a server
* How to secure your linux box
* How to install & configure Trip-wire, Snort & similar
On the mailing list we decided to introduce these subjects, then point to "Advanced" howtos to complete the job. This intro would be enough to explain and ensure some security, before hitting distro specific configurations.
The decisions are as always flexible.. It's going to be your (members) HOWTO after all..

See you on the mailing list..

The connection was refused when attempting to contact lists.linuxquestions.org

...with and without a proxy server...

Edit: Thanks, Peter. I've removed the s from
the hyperlink in my post, also. Cheers!

I'll check again..

Try that.. I managed to squeeze an https in there by mistake..

Woo hoo! Real forward progress has been happening since my thread notify expired! Is there a good archive of the mail list someplace aroun? By the time I got to looking, at them, all but, 'hello hello? Anyone out there?' had expired from the archive.

OH, oop, June 2003 has the framework discussion. K. I'm not sure what I can contribute to the details as a moderate newbie to Linux, but I'll keep tabs and jump in when I can.

Peter,

I got the mailing list email today, and tried replying
to it and received:
Help me out here, mate! If I was not a member, how
would I get the email? Sometimes I wonder how I even
get my kernel recompiled, but hey, 5 Slack comps working...