LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-12-2006, 07:59 AM   #1
pxumsgdxpcvjm
Member
 
Registered: Aug 2005
Posts: 235

Rep: Reputation: 30
Security Question Again


Apparently the Admin here didn't read my 2 threads properly so I would like to repost. I am a new Linux user, and the treatment of moving and deleting my questions has so far left me with a bad taste in my mouth but I am going to try again.

The question I posted here and maybe i wasn't clear, was what do you do for security? Is there an Internet Suite of sorts for Linux like ZoneAlarm for Windows? The question I also posted was, I did not choose a distribution if that matters, or if there is a distribution that is more safely built with more security features.

The question I posted in the distribution forum, was what distribution should a new user like myself choose, and the only feature I am worried about is security.

Related but completely different questions.

Thanks in advance.
 
Old 11-12-2006, 08:37 AM   #2
jbkerr
LQ Newbie
 
Registered: Jan 2002
Location: Canada
Distribution: Debian Sarge
Posts: 12

Rep: Reputation: 0
Have a look at bastille.

http://www.bastille-linux.org/
 
Old 11-12-2006, 08:57 AM   #3
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: Slackware, Termux
Posts: 878

Rep: Reputation: 309Reputation: 309Reputation: 309Reputation: 309
Quote:
The question I posted in the distribution forum, was what distribution should a new user like myself choose, and the only feature I am worried about is security.
It's the sysadmin that matters, not so much the distro. Apart from that, start with something that is built to make your goal easier; check out SeLinux:

http://www.nsa.gov/selinux/

http://selinux.sourceforge.net/

There's nothing like ZoneAlarm on Linux, nor is it really needed since apps don't run themselves covertly. I'm glad there isn't- ZoneAlarm totally locked up my machine once, (way) back in my Windoze days.
 
Old 11-12-2006, 08:59 AM   #4
pxumsgdxpcvjm
Member
 
Registered: Aug 2005
Posts: 235

Original Poster
Rep: Reputation: 30
THANK YOU SO MUCH, great help. Like I said I was new so I havent a clue.
 
Old 11-12-2006, 10:52 PM   #5
javaroast
Member
 
Registered: Apr 2005
Posts: 131

Rep: Reputation: 19
Take a look at any of the better known distributions that have large user bases. Add one of the firewall frontends/packages that get mentioned around here such as:

IpCop - http://www.ipcop.org
Smoothwall - http://www.smoothwall.org

My guess is if you are a new user looking at getting started and familiar with ZoneAlarm that Bastille and Selinux links aren't going to help you all that much to get started.
 
Old 11-12-2006, 11:21 PM   #6
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
Both IPCop and Smoothwall are dedicated firewall distributions--all they do is act as firewalls. The OP is asking for a host-based intrusion prevention & detection. Instructions for using SELinux and Bastille are absolutely steps in the right direction. Telling them to wipe their OS and install a distro that is just a firewall and nothing else isn't very helpful.
 
Old 11-13-2006, 07:30 AM   #7
javaroast
Member
 
Registered: Apr 2005
Posts: 131

Rep: Reputation: 19
No the OP isn't looking for intrusion detection and he has made it clear that he hasn't even chosen a distribution yet. So he's looking for a distribution and on top of it he mentions ZoneAlarm which is basically an entry level firewall. Telling someone who hasn't even chosen a distribution yet to look at bastille and Selinux is way off base So yes a good distro would be a good starting place and any good distro does much more then being a firewall. And to compound that by correcting me with answers that make it clear that you didn't even read the OP is way out of line. The original poster is a new linux user looking for a distro and an easy to use firewall. Sending a new user to look into bastille and selinux is complete overkill and likely to confuse them.
 
Old 11-13-2006, 11:06 AM   #8
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
Quote:
Is there an Internet Suite of sorts for Linux like ZoneAlarm for Windows?
ZoneAlarm is not a network firewall, it's a host firewall. The equivilant for Linux would not be a hardware/stand-alone firewall machine, it would be a host-based firewall/IPS. If OP had asked "can I run my own firewall, like a Linksys?" then it would be appropriate to suggest IPCop/Smoothwall/Astaro/etc.

Edit: BTW javaroast you seem to be very confused about the difference between something like firestarter (iptables GUI) and a dedicated firewall distribution of Linux. Your post suggests "one of the firewall frontends/packages", but then you reference links to dedicated firewall distros. They aren't the same thing.

Last edited by chort; 11-13-2006 at 11:08 AM.
 
Old 11-13-2006, 11:16 AM   #9
javaroast
Member
 
Registered: Apr 2005
Posts: 131

Rep: Reputation: 19
You are right there, because I write my own iptables scripts. You still seem to be confused about the OP goals though, and seem to want to take an unfriendly tone in your response. Nevertheless your are still sending him down the wrong path with bastille and I think you understand that.
 
Old 11-13-2006, 11:28 AM   #10
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
Quoted from www.bastille-linux.org:
Quote:
Bastille broke new ground by working to educate users about security, and help them make balanced, informed choices. Many users have found Bastille's secondary goal of educational just as useful as its primary goal of system hardening, leading some organizations to make an interactive Bastille hardening session part of their training regimen for new system administrators. In this spirit, Bastille can allow the user to run through the entire interactive portion without applying the chosen changes.
I think it is very appropriate.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
security question... MikeyI258 Linux - Security 4 06-21-2006 10:22 PM
Some question regarding security jch02140 Linux - General 1 04-12-2006 08:45 AM
Security Question oulevon Linux - Security 1 07-11-2002 01:55 PM
Security question {newbie question} Radio Linux - Security 3 05-17-2002 06:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration