Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
11-12-2006, 07:59 AM
|
#1
|
Member
Registered: Aug 2005
Posts: 235
Rep:
|
Security Question Again
Apparently the Admin here didn't read my 2 threads properly so I would like to repost. I am a new Linux user, and the treatment of moving and deleting my questions has so far left me with a bad taste in my mouth but I am going to try again.
The question I posted here and maybe i wasn't clear, was what do you do for security? Is there an Internet Suite of sorts for Linux like ZoneAlarm for Windows? The question I also posted was, I did not choose a distribution if that matters, or if there is a distribution that is more safely built with more security features.
The question I posted in the distribution forum, was what distribution should a new user like myself choose, and the only feature I am worried about is security.
Related but completely different questions.
Thanks in advance.
|
|
|
11-12-2006, 08:37 AM
|
#2
|
LQ Newbie
Registered: Jan 2002
Location: Canada
Distribution: Debian Sarge
Posts: 12
Rep:
|
|
|
|
11-12-2006, 08:57 AM
|
#3
|
Member
Registered: Jul 2003
Location: NY
Distribution: Slackware, Termux
Posts: 878
|
Quote:
The question I posted in the distribution forum, was what distribution should a new user like myself choose, and the only feature I am worried about is security.
|
It's the sysadmin that matters, not so much the distro. Apart from that, start with something that is built to make your goal easier; check out SeLinux:
http://www.nsa.gov/selinux/
http://selinux.sourceforge.net/
There's nothing like ZoneAlarm on Linux, nor is it really needed since apps don't run themselves covertly. I'm glad there isn't- ZoneAlarm totally locked up my machine once, (way) back in my Windoze days.
|
|
|
11-12-2006, 08:59 AM
|
#4
|
Member
Registered: Aug 2005
Posts: 235
Original Poster
Rep:
|
THANK YOU SO MUCH, great help. Like I said I was new so I havent a clue.
|
|
|
11-12-2006, 10:52 PM
|
#5
|
Member
Registered: Apr 2005
Posts: 131
Rep:
|
Take a look at any of the better known distributions that have large user bases. Add one of the firewall frontends/packages that get mentioned around here such as:
IpCop - http://www.ipcop.org
Smoothwall - http://www.smoothwall.org
My guess is if you are a new user looking at getting started and familiar with ZoneAlarm that Bastille and Selinux links aren't going to help you all that much to get started.
|
|
|
11-12-2006, 11:21 PM
|
#6
|
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
|
Both IPCop and Smoothwall are dedicated firewall distributions--all they do is act as firewalls. The OP is asking for a host-based intrusion prevention & detection. Instructions for using SELinux and Bastille are absolutely steps in the right direction. Telling them to wipe their OS and install a distro that is just a firewall and nothing else isn't very helpful.
|
|
|
11-13-2006, 07:30 AM
|
#7
|
Member
Registered: Apr 2005
Posts: 131
Rep:
|
No the OP isn't looking for intrusion detection and he has made it clear that he hasn't even chosen a distribution yet. So he's looking for a distribution and on top of it he mentions ZoneAlarm which is basically an entry level firewall. Telling someone who hasn't even chosen a distribution yet to look at bastille and Selinux is way off base So yes a good distro would be a good starting place and any good distro does much more then being a firewall. And to compound that by correcting me with answers that make it clear that you didn't even read the OP is way out of line. The original poster is a new linux user looking for a distro and an easy to use firewall. Sending a new user to look into bastille and selinux is complete overkill and likely to confuse them.
|
|
|
11-13-2006, 11:06 AM
|
#8
|
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
|
Quote:
Is there an Internet Suite of sorts for Linux like ZoneAlarm for Windows?
|
ZoneAlarm is not a network firewall, it's a host firewall. The equivilant for Linux would not be a hardware/stand-alone firewall machine, it would be a host-based firewall/IPS. If OP had asked "can I run my own firewall, like a Linksys?" then it would be appropriate to suggest IPCop/Smoothwall/Astaro/etc.
Edit: BTW javaroast you seem to be very confused about the difference between something like firestarter (iptables GUI) and a dedicated firewall distribution of Linux. Your post suggests "one of the firewall frontends/packages", but then you reference links to dedicated firewall distros. They aren't the same thing.
Last edited by chort; 11-13-2006 at 11:08 AM.
|
|
|
11-13-2006, 11:16 AM
|
#9
|
Member
Registered: Apr 2005
Posts: 131
Rep:
|
You are right there, because I write my own iptables scripts. You still seem to be confused about the OP goals though, and seem to want to take an unfriendly tone in your response. Nevertheless your are still sending him down the wrong path with bastille and I think you understand that.
|
|
|
11-13-2006, 11:28 AM
|
#10
|
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
|
Quoted from www.bastille-linux.org:
Quote:
Bastille broke new ground by working to educate users about security, and help them make balanced, informed choices. Many users have found Bastille's secondary goal of educational just as useful as its primary goal of system hardening, leading some organizations to make an interactive Bastille hardening session part of their training regimen for new system administrators. In this spirit, Bastille can allow the user to run through the entire interactive portion without applying the chosen changes.
|
I think it is very appropriate.
|
|
|
All times are GMT -5. The time now is 10:56 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|