LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   several security questions (https://www.linuxquestions.org/questions/linux-security-4/several-security-questions-219451/)

Levitate 08-18-2004 08:21 PM

several security questions
 
I'm running sarge with the 2.6.7 kernel on my inspiron 5100 laptop

I rather new to running a linux system, so i'm looking to get a handle on a few security questions...first, in what way can i get security updates for sarge? like i said i'm a little new here so i'm not sure how the process works...i've seen some say that you can only get updates through apt-get for woody...then saw someone else give a url for sarge updates to be put in the apt sources. what's the best way to go about this and what do the updates usually fix or whatever? if i have to manually download updates, how can find out where my system is at now and where i need to start downloading, etc.

my other questions involve what kind of firewalls and anti virus protection work best on a debian system. i know anti virus isn't as necessary as it is on a windows system but i still hear it's good to have something just in case...any comments on that?

thanks if anyone can help

macondo 08-18-2004 08:41 PM

Go to debian.org > documentation > manuals > securing debian manual

Firewalls:

apt-cache search firewalls

my favorites are guarddog and firestarter in that order.

Sarge sources list, will come with a security line.

If you install sarge with the new installer, you don't have to alter anything, is already there.

If you install Woody, you have to point the security line in the sources.list to 'sarge'. Do an 'apt-get update'/apt-get dist-upgrade and go up to sarge. See the APT-HOWTO in debian.org > Documentation.

In a few weeks, Sarge will become the defacto 'stable' debian distribution and then, you got nothing to worry, just update with apt-get and it always be there.

Levitate 08-18-2004 09:02 PM

i guess part of my question is with the ability to use apt-get for security updates...is the command i'd use apt-get update? and that will get the necessary security updates?

also i'm a tad confused...you say to make sure there's a 'sarge' security line in there...if i have that in there, does that mean if i run apt-get update right now then it will work? or am i still in a position where i have to wait till sarge becomes the stable dist.?

thanks for the info
:D

quentusrex 08-18-2004 09:15 PM

First, the command 'apt-get update' updates what packages are available for you to download. if it's a new package or a new version of a package and you just try to type the 'apt-get install blahblah' or 'apt-get upgrade' then it won't do any good cuz apt-get doesn't know there are new files out there.

Second, I'm not 100% sure, but i think debian automatically fixes security problems with apt-get upgrade and apt-get dist-upgrade. But if you do not have a firewall between you and your modem, ie: a router between your computer and your broadband modem then you need a software firewall. there were some previously mentioned.

quentusrex 08-18-2004 09:19 PM

I'd like to try to quote someone's profile that I read a few days ago. I don't remember the person who's profile i read it from, but here goes my best try.

Neo: You're saying I'll be able to dodge worms?
Morpheis: I'm saying when you move to linux, you won't have to.

see what I mean? The majority of Windows worms spread through buffer overflows of one kind or another. well, in an open source enviroment like linux other people check all of the code you try to submit. and normally they find any and all mistakes in coding. so the only real danger is misconfiguring something on your system.

zero79 08-18-2004 09:49 PM

to do a make sure your system is completely up to date including patches for security issues, all you need do is

Code:

apt-get update ; apt-get dist-upgrade
"update" updates apt's list of the names of currently available software
"dist-upgrade" upgrades all software on your system (including patches for security issues) and resolves all software dependencies by upgrading those dependencies also. if you try it out, you'll see what i mean.

security on Debian is second to none...although, it can take a significant amount of time for the upgrades to trickle down from unstable to testing to stable, which means that your system could remain open for a significant amount of time.

a firewall is definately a necessary second line of defense after keeping all of your software up to date. i use firestarter (it has a gui that's put in the "system tools" menu in GNOME), but i may check out guarddog based on macondo's post.

Code:

apt-get install guarddog firestarter
the statement that gnu/linux is invulnerable to viral attack is one of those stereotypical myths. it's just not true, but there haven't been too many problems, yet. the key word being yet. yes, you could go on assuming that you are safe, but one day, there will be an outbreak...even just as a proof-of-concept. someone will do it just so they can say, look, all of you were wrong about howe secure your system was. anyway, enough rant. i heard f-prot, or something like that is a virus detection system that runs on linux. note that i have my head in the clouds about this virus thing also because, no i don't have a virus scanner yet on my linux box. i just haven't gotten around to it. shame on me.

Levitate 08-19-2004 09:27 AM

err, oops, i knew what apt-get update does...meant to say apt-get upgrade

if i'm running sarge and do apt-get dist-upgrade, doesn't that basically upgrade it to sid?
i'm not really sure if i want to do that yet (i don't want to run into any problems caused by the unstable dist. at this point while i'm still working out some things), so would just running apt-get upgrade get the fixes for sarge?

or maybe i'm still confused on the idea

thanks for all the input though, i'll check out the firewalls mentioned

macondo 08-19-2004 09:54 AM

"i guess part of my question is with the ability to use apt-get for security updates...is the command i'd use apt-get update? and that will get the necessary security updates?"

#apt-get update

this will update the apps database in the debian distro you are using.

#apt-get upgrade

this will upgrade the apps installed

#apt-get dist-upgrade

this will upgrade your actual version (say woody) to the version specified by you in the sources.list (say sarge).

Do yourself an inmense favor and read the APT-HOWTO
debian.org > documentation > manuals > APT-HOWTO

"also i'm a tad confused...you say to make sure there's a 'sarge' security line in there...if i have that in there, does that mean if i run apt-get update right now then it wil work"

YES! it will give you the security updates for Sarge. NO, you don't have to wait for Sarge to become the 'stable' distro.

macondo 08-19-2004 10:09 AM

"err, oops, i knew what apt-get update does...meant to say apt-get upgrade

if i'm running sarge and do apt-get dist-upgrade, doesn't that basically upgrade it to sid?

No.

in order to upgrade to Sid, you need to point your sources.list to sid first, the do:

apt-get update
apt-get dist-upgrade

If you don't change your sources.list to sid, and do a

dist-upgrade

nothing happens, you might get an upgrade WITHIN YOUR DISTRO, smoothing dependencies better according to the APT-HOWTO, I do it in Sid everyday. remember before any upgrade or dist-upgrade you must update. This will become clear when you read the APT-HOWTO.

"i'm not really sure if i want to do that yet (i don't want to run into any problems caused by the unstable dist. at this point while i'm still working out some things), so would just running apt-get upgrade get the fixes for sarge?"

Everyday:

#apt-get update
#apt-get upgrade

memorize the APT-HOWTO, read, read, read...

Levitate 08-19-2004 11:38 AM

k thanks, i've been running back and forth dealing with some different issues, reading a little here and a little there...read some of the apt how-to but not enough apparently

but i think things are straightening out...now if i can just figure out my issues with nethack and open office :D

HappyTux 08-19-2004 12:25 PM

Re: several security questions
 
Quote:

Originally posted by Levitate
I'm running sarge with the 2.6.7 kernel on my inspiron 5100 laptop

I rather new to running a linux system, so i'm looking to get a handle on a few security questions...first, in what way can i get security updates for sarge? like i said i'm a little new here so i'm not sure how the process works...i've seen some say that you can only get updates through apt-get for woody...then saw someone else give a url for sarge updates to be put in the apt sources. what's the best way to go about this and what do the updates usually fix or whatever? if i have to manually download updates, how can find out where my system is at now and where i need to start downloading, etc.

my other questions involve what kind of firewalls and anti virus protection work best on a debian system. i know anti virus isn't as necessary as it is on a windows system but i still hear it's good to have something just in case...any comments on that?

thanks if anyone can help

A few steps.

1. Install firewall allowing only outgoing established and related connections no incoming whatsoever.

2. Anti-virus software is a bunch of bull for Linux it is vulnerable to worms and trojans. And even then it is damn hard to infect the machine unless you are stupid enough to actually make a file exectable then even stupider run it as root to infect the entire machine. So make sure you know what any file you make executable actually does and you know the source it came from.

3. Never run as root if you login at the console do so as normal user then use su to become root then type exit as soon as you are done to go back to normal user or setup the sudoers (apt-get install sudo then visudo as root for setup) file to allow you to issue commands as root (sudo apt-get install package_name).

4. Send an email to the address debian-security-announce-request@lists.debian.org with the subject subscribe to get minimal email when there is a notice put out by the security team to let you know when packages have problems.

5. Never install server applications you will not use and if you do you should limit the access to local network use.

6. Keep your kernel up to date to prevent know exploits that may be out there.

7. Install and use the fakeroot package whenever it is necessary when compiling in other words never compile anything as root always use fakeroot. Most simple programs that use ./configure, make and make install (best done as su -c 'make install') do not require fakeroot, building Debian packages from source or a kernel do.

Just a few I could think of off the top of my head.

Almost forgot security updates for sarge.

Code:

# Security updates
deb http://security.debian.org/ sarge/updates main contrib non-free


XavierP 08-19-2004 01:02 PM

Moved: This thread is more suitable in Linux-Security and has been moved accordingly to help your thread/question get the exposure it deserves.


All times are GMT -5. The time now is 08:59 PM.