LinuxQuestions.org
Page 14 of 14 « First 41213 14
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   LQ REQ: Real newbie HOWTO's, refs, etc etc. (https://www.linuxquestions.org/questions/linux-security-4/lq-req-real-newbie-howtos-refs-etc-etc-62121/)

alaskazimm 09-25-2005 05:29 PM
Here's a link to a good general "How To" for Smoothwal. It is written specifically for Gentoo - emerge smoothwall - but I think once Smoothwall is installed it should be the same. It not only explains what to do but why to do it. Hope this one helps!:)

http://forums.gentoo.org/viewtopic-p-2187309.html

Oops - I meant Shorewall, not Smoothwall. :p

peter_robb 09-29-2005 05:31 AM
With these "HowTo"s they will be in an LQ Wiki section that is specific to the application, plus any changes for specific distros..
The base LQ Security HOWTO will be the starting point to explain Why, What and How.

We can't copy these other howtos into our system, but we can quote from them and link to them..

12o'clock 10-05-2005 05:46 AM
nice effort:nice results
 
unSpawn,

I really loved the way you started out this post. they say "fruit bearing branch lowers" (seems absurd translation to me). it means great men donot take pride. I have been using red hat linux (psyche, shrike and yarrow) with differing kernels from 2.0 to 2.4 for the past 2 years. i am still a newbie considering how much i could have learned. my circumstances here forces me to use windows this or windows that for earning my living. but whenever i can i open up a nice linux tutorial and start reading, hoping to catch up something i missed or learn something new. i don't hate windows since it takes care of my financial needs right now but as soon as i get a chance i will surely transit to where i belong (i will probably take systems dept anyday). till then thanx for keeping me educated and i surely do hope for more..

prozac 12-26-2005 11:11 PM
Hello Everybody,
did you guys spawn something out of this discussion or --
"if they grow large they get unwieldy, then ppl start to loose focus." -- happened!
i am in a dire need of some very good and moderately complex iptables w/ squid tutorials. i googled and did some research on my own and came up with fairly good number of tuts but who am i kidding, i need one which tells me how to do it with examples to see from. i would suggest you guys give us something on regulating ports. but what do i know? i am just a newbie.

Emmanuel_uk 01-06-2006 07:35 AM
newbie experience with hardening security step by step (desktop user)
 
Trying to contribute to the subject by explaining how I went about security when I was an absolute linux newbie, and how I experienced security. I was a paranoid-type of new user.
This a desktop newbie perspective on what I would have appreciated in a howto, or what could help feeling one is achieving step by step.

The first thing I printed, before connecting my linux desktop to the net was "Linux Security Tips By Kapil Sharma"
http://www.linuxgazette.com/issue58/sharma.html
and also i had a look the rute users guide (already cited in the thread) and IBM whitepaper for linux (a "very" old guide)

"Linux Security Tips" dealt with BIOS, password, tcpwrapper, services, user accounts, immunisation...
It is a step by step, but some may say it is short on details.
I found it was just enough info so I could go on with it and think "there are many steps to take", lets be careful,
and look for some more info when needed (But I struggled to understand a bit what xinetd was doing.)
Did not really understand tcpwrapper, but did not care: deny all'@all paranoid
Just sounded great!

When I installed Mandriva, the security options were "suitable to understand for a newbie".
Saying that, sometimes it was unclear whether answering yes or no was making my system safer than "default".
However I knew I wanted to disable all services like httpd and even ping.
A newbie to linux and newbie to computer admin might not know that. (Same with concepts of users, root and file permissions).
The firewall was installed by default.
I took the time to read the shorewall.conf files and some of the docs.
I was comfortable I understood iptables existed and shorewall and mandriva done the job, but my understanding stopped there.
I had heard of ip-cop, then later guarddog. But what remained was oh gosh when I tried
to install guarddog it warned me on some incompatibility or that there was a problem because shorewall was already there.

What I mean, as a newbie what is the point of trying to undo the choice of firewall done by the distro?
Better keep with it initially, then when all the security step are taken, maybe one can try to change the firewall,
and learn about iptables. As a newbie I felt there were many things to learn before iptables.
If no firewall is implemented by default then whichever simple to configure and install firewall chosen for the howto needs discussing. Two options I suppose, a GUI type suggestion, and non-GUI.

What I find usefull in the hotwo format is links for "more advanced topics". If the howto is step by step, keep it stupid-simple like, this is good.
If after each topic it points to more advanced solutions / further reading, and wiki, it is great.
It means as a newbie I can use as a launchpad to progress

At this point I went following "Linux Security Tips By Kapil Sharma"

I knew ports existed, but never really understood.dwelwed into what exactly there mechanics were.
I just knew "there were bad if opened" ;)
Went on the net and started looking for a good info site: it was LQ. Lots of threads about open ports and eventually found some kind of tutorial about nmap.
By then I was trying to close the 3 last open ports not closed by the firewall.
Nowadays I just have an alias for 1 nmap command. As a newbie, does one need more than that?
In retrospect I should have ran nmap before connecting to the net. So I suppose running nmap should be a priority in the howto steps. smannell' comments on ports is relevant. i.e. a newbie would not know much about ports, some info is needed there.

I kind of stopped at this point for a few weeks because I had read about the existence of clamav, heard about intrusion, and tripwire but was not sure how to go about it.
I knew I had installed snort and clamav but was not sure even if it worked correctly.

It is only much later that I found how I could get clamav as pre-processing to kmail. As a newbie I knew clamav was not integrated to my email, but that was all. I did not how to integrate it.

My point here is as a newbie you need to check things and get the satisfaction you have got it right. nmap is great for that. So maybe the howto should try to address that point.
Including reassuring command like
service clamavd status
service snortd status
maybe some ways to create false positive virus signature for email testing purposes

Just a word about nessus: as a newbie after I had ran nmap and tweaked a few things, I had "this is now ok syndrome. And to date I have not had the will/time to install
sara(?) / nessus /bastille or whatever. My suspicion is if the howto includes a vulnerability detection step it will need a bit of explanation as to why the effort is worth
(in the newbie perspective you are eager to go ahead with using the PC rather than keep hardening it).
Bastille looked great to learn about security (but it is not "compatible" straight of the box with all distro,
at least last time I checked it did not reckognised well mandy 10.2)

Very early on I installed tripwire.
Frankly, this an unhappy experience. I can never remember to update its database. As a newbie it is like it is not there. A newbie keeps tweaking/adding to its desktop.
Far too early for tripwire.

When I started Klamav was not available. If it were maybe I would have installed clamav sooner.

A few month passed by and I installed
chkrootkit
rkhunter (using Jeremy's howto)
then later using this guide to trojanscan
http://enterprise.linux.com/article....1539210&tid=89

I created a script to run these all after each othe once in a while, i.e.
(without this little help, I might be less inclined to do this kind of periodic audit)
nmap
chkrootkit
rkhunter
trojanscan
snortsnarf
smatmontools to monitore the HD health

A note about snort was as a newbie I felt useless until I had snortsnarf installed, and I was not keen on installing mysql or any of the advanced solutions like acid. Still am not.
So, simple mean a generation of info like snortsnarf, and nothing too hard to install.
Also I felt really snort was not the newbie thing I wanted.
What I wanted was snortinline, that is I wanted a system that take action on the packets.
As a newbie I did not want to rely on me deciphering snort outputs.
(I have posted some info in LQ that could help newbie to compile snort with the inline option)

To understand the log from shorewall (or any firewall)
http://www.linuxsecurity.com/resourc...wall-seen.html

I think the hotwo in its intro needs a link to an intro to phishing(?) and social engineering, and on the necessity to keep a browser up to date (and the rest as well), and as said previously a bit about physical security.

I am no expert security. I have heard of libsafe (that thing to avoid / catch buffer overflows). Not time yet to get it installed. Is it not a worthy step for a newbie? I mean in terms
of return on time spent rather than say install tripwire or try to get to grisps with RBACS or SElinux.

I hope this helps toward giving a newbie's perspective (although one of a computer savy person, but no professional background to computing), so the howto can concentrate in its
10 pages (this is the goal is it not) what may be relevant.

unSpawn 01-06-2006 07:09 PM
Well.. these valuable replies should provide me with enough focus and motivation to actually *do* something about it this year and start writing again. I guess the most central place would be the LQ Wiki. Thanks to all.


All times are GMT -5. The time now is 05:37 AM.
Page 14 of 14 « First 41213 14
Show 50 post(s) from this thread on one page