Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm running sarge with the 2.6.7 kernel on my inspiron 5100 laptop
I rather new to running a linux system, so i'm looking to get a handle on a few security questions...first, in what way can i get security updates for sarge? like i said i'm a little new here so i'm not sure how the process works...i've seen some say that you can only get updates through apt-get for woody...then saw someone else give a url for sarge updates to be put in the apt sources. what's the best way to go about this and what do the updates usually fix or whatever? if i have to manually download updates, how can find out where my system is at now and where i need to start downloading, etc.
my other questions involve what kind of firewalls and anti virus protection work best on a debian system. i know anti virus isn't as necessary as it is on a windows system but i still hear it's good to have something just in case...any comments on that?
Go to debian.org > documentation > manuals > securing debian manual
Firewalls:
apt-cache search firewalls
my favorites are guarddog and firestarter in that order.
Sarge sources list, will come with a security line.
If you install sarge with the new installer, you don't have to alter anything, is already there.
If you install Woody, you have to point the security line in the sources.list to 'sarge'. Do an 'apt-get update'/apt-get dist-upgrade and go up to sarge. See the APT-HOWTO in debian.org > Documentation.
In a few weeks, Sarge will become the defacto 'stable' debian distribution and then, you got nothing to worry, just update with apt-get and it always be there.
i guess part of my question is with the ability to use apt-get for security updates...is the command i'd use apt-get update? and that will get the necessary security updates?
also i'm a tad confused...you say to make sure there's a 'sarge' security line in there...if i have that in there, does that mean if i run apt-get update right now then it will work? or am i still in a position where i have to wait till sarge becomes the stable dist.?
First, the command 'apt-get update' updates what packages are available for you to download. if it's a new package or a new version of a package and you just try to type the 'apt-get install blahblah' or 'apt-get upgrade' then it won't do any good cuz apt-get doesn't know there are new files out there.
Second, I'm not 100% sure, but i think debian automatically fixes security problems with apt-get upgrade and apt-get dist-upgrade. But if you do not have a firewall between you and your modem, ie: a router between your computer and your broadband modem then you need a software firewall. there were some previously mentioned.
I'd like to try to quote someone's profile that I read a few days ago. I don't remember the person who's profile i read it from, but here goes my best try.
Neo: You're saying I'll be able to dodge worms?
Morpheis: I'm saying when you move to linux, you won't have to.
see what I mean? The majority of Windows worms spread through buffer overflows of one kind or another. well, in an open source enviroment like linux other people check all of the code you try to submit. and normally they find any and all mistakes in coding. so the only real danger is misconfiguring something on your system.
to do a make sure your system is completely up to date including patches for security issues, all you need do is
Code:
apt-get update ; apt-get dist-upgrade
"update" updates apt's list of the names of currently available software
"dist-upgrade" upgrades all software on your system (including patches for security issues) and resolves all software dependencies by upgrading those dependencies also. if you try it out, you'll see what i mean.
security on Debian is second to none...although, it can take a significant amount of time for the upgrades to trickle down from unstable to testing to stable, which means that your system could remain open for a significant amount of time.
a firewall is definately a necessary second line of defense after keeping all of your software up to date. i use firestarter (it has a gui that's put in the "system tools" menu in GNOME), but i may check out guarddog based on macondo's post.
Code:
apt-get install guarddog firestarter
the statement that gnu/linux is invulnerable to viral attack is one of those stereotypical myths. it's just not true, but there haven't been too many problems, yet. the key word being yet. yes, you could go on assuming that you are safe, but one day, there will be an outbreak...even just as a proof-of-concept. someone will do it just so they can say, look, all of you were wrong about howe secure your system was. anyway, enough rant. i heard f-prot, or something like that is a virus detection system that runs on linux. note that i have my head in the clouds about this virus thing also because, no i don't have a virus scanner yet on my linux box. i just haven't gotten around to it. shame on me.
err, oops, i knew what apt-get update does...meant to say apt-get upgrade
if i'm running sarge and do apt-get dist-upgrade, doesn't that basically upgrade it to sid?
i'm not really sure if i want to do that yet (i don't want to run into any problems caused by the unstable dist. at this point while i'm still working out some things), so would just running apt-get upgrade get the fixes for sarge?
or maybe i'm still confused on the idea
thanks for all the input though, i'll check out the firewalls mentioned
"i guess part of my question is with the ability to use apt-get for security updates...is the command i'd use apt-get update? and that will get the necessary security updates?"
#apt-get update
this will update the apps database in the debian distro you are using.
#apt-get upgrade
this will upgrade the apps installed
#apt-get dist-upgrade
this will upgrade your actual version (say woody) to the version specified by you in the sources.list (say sarge).
Do yourself an inmense favor and read the APT-HOWTO
debian.org > documentation > manuals > APT-HOWTO
"also i'm a tad confused...you say to make sure there's a 'sarge' security line in there...if i have that in there, does that mean if i run apt-get update right now then it wil work"
YES! it will give you the security updates for Sarge. NO, you don't have to wait for Sarge to become the 'stable' distro.
"err, oops, i knew what apt-get update does...meant to say apt-get upgrade
if i'm running sarge and do apt-get dist-upgrade, doesn't that basically upgrade it to sid?
No.
in order to upgrade to Sid, you need to point your sources.list to sid first, the do:
apt-get update
apt-get dist-upgrade
If you don't change your sources.list to sid, and do a
dist-upgrade
nothing happens, you might get an upgrade WITHIN YOUR DISTRO, smoothing dependencies better according to the APT-HOWTO, I do it in Sid everyday. remember before any upgrade or dist-upgrade you must update. This will become clear when you read the APT-HOWTO.
"i'm not really sure if i want to do that yet (i don't want to run into any problems caused by the unstable dist. at this point while i'm still working out some things), so would just running apt-get upgrade get the fixes for sarge?"
k thanks, i've been running back and forth dealing with some different issues, reading a little here and a little there...read some of the apt how-to but not enough apparently
but i think things are straightening out...now if i can just figure out my issues with nethack and open office
Originally posted by Levitate I'm running sarge with the 2.6.7 kernel on my inspiron 5100 laptop
I rather new to running a linux system, so i'm looking to get a handle on a few security questions...first, in what way can i get security updates for sarge? like i said i'm a little new here so i'm not sure how the process works...i've seen some say that you can only get updates through apt-get for woody...then saw someone else give a url for sarge updates to be put in the apt sources. what's the best way to go about this and what do the updates usually fix or whatever? if i have to manually download updates, how can find out where my system is at now and where i need to start downloading, etc.
my other questions involve what kind of firewalls and anti virus protection work best on a debian system. i know anti virus isn't as necessary as it is on a windows system but i still hear it's good to have something just in case...any comments on that?
thanks if anyone can help
A few steps.
1. Install firewall allowing only outgoing established and related connections no incoming whatsoever.
2. Anti-virus software is a bunch of bull for Linux it is vulnerable to worms and trojans. And even then it is damn hard to infect the machine unless you are stupid enough to actually make a file exectable then even stupider run it as root to infect the entire machine. So make sure you know what any file you make executable actually does and you know the source it came from.
3. Never run as root if you login at the console do so as normal user then use su to become root then type exit as soon as you are done to go back to normal user or setup the sudoers (apt-get install sudo then visudo as root for setup) file to allow you to issue commands as root (sudo apt-get install package_name).
4. Send an email to the address debian-security-announce-request@lists.debian.org with the subject subscribe to get minimal email when there is a notice put out by the security team to let you know when packages have problems.
5. Never install server applications you will not use and if you do you should limit the access to local network use.
6. Keep your kernel up to date to prevent know exploits that may be out there.
7. Install and use the fakeroot package whenever it is necessary when compiling in other words never compile anything as root always use fakeroot. Most simple programs that use ./configure, make and make install (best done as su -c 'make install') do not require fakeroot, building Debian packages from source or a kernel do.
Just a few I could think of off the top of my head.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.