I agree with you up to a point. Not everyone needs dumbed down Security Documentation. But there are people who are just starting Linux who may be trying it because it's the in thing.. They might not be that computer savy on windows either.
The Newbie HOTWO, as I see it, would be a doc for new users to prevent their new linux box from getting hacked within the first day of being online. That's the dumbed down stuff. Basic things like, have a firewall, don't install software from un-official places unless you are really sure about it. Then you allow for drilling down on various categories of security information, but you teach the terminology instead of assuming they know it... After they know the terminology you can send them out to a collection of docs that are clear, up to date, and focused. (And enables you to read at 2,400 words a minute!) It's a tall order, but seems like something that's needed. -BenODen |
As someone who is new to Linux security, but familiar with Unix & Linux in general, what I would like to see is better information on disabling services. Every guide or list of tips says something along the lines of "disable all unncessary services." Great, but how do I know what is necessary? There needs to be a list with simple explanations of what each service does and when it is needed. As an example, if I run nmap -sT -O localhost on my machine I get the following:
21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 111/tcp open rpcbind 631/tcp open ipp The only one of these I turned on was ftp because I was setting up an FTP site. When I see this the following questions come to mind: What exactly does smtp do? Who or what turned it on? Is it venurable to a known attack? If I'm not running a mail server, do I need it to be listening? How do I turn it off? If there was a good comprehensive list of information like the above for most of the common services, it would help people like myself immensly. Maybe what I'm describing already exists somewhere, but I think it is something that should be included in any security guide. |
Thanks for the suggestions..
Strangely, after reading quite a few other HOWTOs and re-reading the draft, we may have to discuss the overall format of the HOWTO to keep it small enough. When it comes to discussing in general terms rather than distro specific terms, I wonder where the borderline should be. ie when do we hand off to another document.. The original target size was about 10 pages for each of the 2 Sections, which for the 2nd part, Networking Security, is enough to discuss general concepts.. Since this HOWTO was proposed, LQ has started the LQ Wiki site. I wonder if it would be better to propose the HOWTO becomes integrated with the documentation there, coz obviously it will be easier to maintain it and expand into very specific areas and projects.. That gives the ability to start as a general document and link into distro specific areas and back more easily.. If that looks like a good idea, I think we should discuss the document tree to make sure contributions are in an appropriate order and don't end up repeating or conflicting with each other.. :twocents: |
I managed to read the first five pages, then I had to go back to see what the original Q was. So if this has been suggested - too bad.
it was ..... I would like to ask for your support finding any HOWTO's, references and whatnot that would appeal to or are especially written for newbies. Minimal requirements could be: 1. handle basic (install/post install) security, 2. clear, simple, step by step structure, "like talking to a 4 yr old", 3. be (somewhat) up to date. If unsure, just post! so... how about the the Smoothwall and IP Cop manuals as a starter http://www.ipcop.org/modules.php?op=...abcef923539ae8 http://www.smoothwall.org/docs/ and the monowall doc pages http://m0n0.ch/wall/documentation.php I often refer newbies to this IPCop page http://www.ipcop.org/1.4.0/en/instal...iguration.html when trying to guess what kind of system they want to set-up as the diagram is so clear. And it gives a newbie a good starting point to decide how they want their system set up. The guides for smoothwall and IPCop are very clear ( and totally noob-friendly ) and I learn't more from them and then setting it up than other guides and just reading. My advice to any newbie wanting to set up a firewall like the above is to download and print off the manuals and read, read, read and then have a go installing it. having said that here are some other good pages http://www.oreilly.com/catalog/linag2/book/index.html http://tille.xalasys.com/training/tldp/index.html although these are more in-depth. Having said that the manuals are written for a total noob which is what I was when I installed my smoothie hope this helps floppy |
We need to be careful of "copying" from other documents. The basic GPL principle allows total copying, rather than exerpts.. We have permission to link/extract from some documents with the usual recognition of it's original source and submission of any modifications to the original authors..
So we decided to start from scratch.. as we are experienced in explaining things in an easy manner, and a whole lot has been done already.. Now, to make it readable by anyone, and usable by "noobs", or anyone having specific problems, it needs to "flow" or be indexed as a reader would expect in order to find data easily.. and be general enough to be usable and specific enough to be usable.. which is why we want your feedback to make intelligent changes to it. With the existence of the LQ Wiki we can overcome a lot of these problems and have many different menus to bind the many pages together.. Using the wiki is a departure from the original HOWTO intention however.. So the question is .. which is a better format.. a HOWTO or a wikidoc or even both?? Your suggestions/comments please.. :) |
Quote:
The wikis that I've browsed are incomplete, and often disjointed. unSpawn's original idea was a tutorial, and my opinion that he was going to basically author it. Sort of like with Slackware, until Pat V. puts it through the paces, it doesn't make it into the distribution. If what I think of wikis is correct, there's really no control over whether or not the information is reliable. And a for instance, in the security arena. [story] I've seen many posters recommend, and my best *nix bud recommend, this Easy Firewall Generator for IPTables However, it was designed for RedHat, and it doesn't even have the correct path to iptables for Slackware in the generated firewall. So, if the newb installs it and sets it up to run, as I was taught, he doesn't even have a firewall running at all -- just a false sense of security. In fact, that *easy firewall generator* has caused me so many problems, I'm reading Oskar Andreasson's Iptables Tutorial and man iptables (which is right over my head) to find out how to set iptables up correctly. [/story] Everything (which isn't much) I've learned in Linux (Slackware) thus far, I've learned by reading all I could find, then following someone's guide, then reading some more and fixing what didn't fit or broke. That being said, my offer still goes of a box dedicated to test this tutorial -- when it materializes. Notice that I said *when* and not *if* it materializes... But guys, we've talked about this for almost 2 years now, it's time to put something on the table and move on. On 5-28-2003 unSpawn posted this: I think it's time LQ takes a stab at producing a "Linux Newbie Security Tutorial". So, let's get it on. Since I'm reading and trying to learn how to secure my little 5 boxen LAN, I would be more than overjoyed to be the main guinea pig. Spot on! |
And to protect the innocent ;) he also posted..
"As it is, I think we won't be writing a FAQ or a help file...but a real book! Ha, hmm, hope it's not me writing it. " I feel if it's done as a collaboration of submitted articles as initially proposed, we'll get it done.. The wiki for sure can be just one person's opinion, but I don't get that kind of feeling from the LQ members.. And as you say, until something that can be read is actually posted, we're still just talking ideas.. So is everyone still on the lq-security mailing list? |
Haven't received anything from the LQ Security mailing list
in a while. Could you send out something so we'd know? |
When I looked at the first question I didnt realise the plan was to write some docs, I assumed you just wanted some sort of reference list you could point newbies to.
Having said that I still believe the Smoothwall, IP-Cop docs are very good reading if you are setting up that kind of pre-packaged system. A while ago, someone who was writing How-to's here wanted suggestions and I suggested a "How-to" on Taking a distro like Mandrake and turning it into a Firewall / Router and / or Server ( Mail, web, etc etc ). Going by the number of posts I've seen with people trying to do just this I think it would be a popular How-to. I did suggest using Webmin however that got shot down in flames as webmin's security was in doubt. IP-Tables is a common request for help too. If it means editing conf files, then the how-to must show the newbie how to navigate to the conf file, how-to use the text editor, what to edit and why, how it effects the end product. Personally I think a How-to is more helpful than a wiki. And if it becomes a book I personally will buy a copy floppy |
Just looking at the last page of this thread
if the intention is to write a wiki or a how-to exactly what is going to be the subject ?? and what direction is that going to take ?? suggestions for How-to's * How to set up a firewall / router using IP Tables etc * How to set up a server * How to secure your linux box * How to install & configure Trip-wire, Snort & similar floppy |
We had the content and format discussions on the lq-security mailing list to keep this forum thread a little cleaner..
I must admit, there are a huge number of links posted, which shows the results of many people doing a small amount together.. :) A lot of searching has already been done, now to put it into "newbie" language. What would be excellent is even 1 or 2 sentences from members that explain complex ideas down at newbie level. These can be assembled into coherent text and once it looks good will be "examined" by our resident experts for correctness, make sure it doesn't create a second issue etc. Members already know what is too complicated to understand, but we are sure to have a newbie explanation somewhere in the LQ forums. Most questions have been asked here already!! So the next job is a couple of posts on the mailing list to check bounces and update everyone.. Post out the last suggested format/contents page.. Then I suggest we keep this thread for announcements of submitted material.. To quote flywhopper.. suggestions for How-to's * How to set up a firewall / router using IP Tables etc * How to set up a server * How to secure your linux box * How to install & configure Trip-wire, Snort & similar On the mailing list we decided to introduce these subjects, then point to "Advanced" howtos to complete the job. This intro would be enough to explain and ensure some security, before hitting distro specific configurations. The decisions are as always flexible.. It's going to be your (members) HOWTO after all.. See you on the mailing list.. |
Quote:
...with and without a proxy server... Edit: Thanks, Peter. I've removed the s from the hyperlink in my post, also. Cheers! |
I'll check again..
Try that.. I managed to squeeze an https in there by mistake.. :rolleyes: |
Woo hoo! Real forward progress has been happening since my thread notify expired! Is there a good archive of the mail list someplace aroun? By the time I got to looking, at them, all but, 'hello hello? Anyone out there?' had expired from the archive.
OH, oop, June 2003 has the framework discussion. K. I'm not sure what I can contribute to the details as a moderate newbie to Linux, but I'll keep tabs and jump in when I can. |
Quote:
I got the mailing list email today, and tried replying to it and received: Quote:
would I get the email? Sometimes I wonder how I even get my kernel recompiled, but hey, 5 Slack comps working... |
All times are GMT -5. The time now is 06:15 PM. |