LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-18-2004, 07:21 PM   #1
Levitate
Member
 
Registered: Aug 2004
Posts: 63

Rep: Reputation: 15
several security questions


I'm running sarge with the 2.6.7 kernel on my inspiron 5100 laptop

I rather new to running a linux system, so i'm looking to get a handle on a few security questions...first, in what way can i get security updates for sarge? like i said i'm a little new here so i'm not sure how the process works...i've seen some say that you can only get updates through apt-get for woody...then saw someone else give a url for sarge updates to be put in the apt sources. what's the best way to go about this and what do the updates usually fix or whatever? if i have to manually download updates, how can find out where my system is at now and where i need to start downloading, etc.

my other questions involve what kind of firewalls and anti virus protection work best on a debian system. i know anti virus isn't as necessary as it is on a windows system but i still hear it's good to have something just in case...any comments on that?

thanks if anyone can help
 
Old 08-18-2004, 07:41 PM   #2
macondo
Senior Member
 
Registered: Jul 2003
Posts: 1,016

Rep: Reputation: 52
Go to debian.org > documentation > manuals > securing debian manual

Firewalls:

apt-cache search firewalls

my favorites are guarddog and firestarter in that order.

Sarge sources list, will come with a security line.

If you install sarge with the new installer, you don't have to alter anything, is already there.

If you install Woody, you have to point the security line in the sources.list to 'sarge'. Do an 'apt-get update'/apt-get dist-upgrade and go up to sarge. See the APT-HOWTO in debian.org > Documentation.

In a few weeks, Sarge will become the defacto 'stable' debian distribution and then, you got nothing to worry, just update with apt-get and it always be there.

Last edited by macondo; 08-18-2004 at 07:50 PM.
 
Old 08-18-2004, 08:02 PM   #3
Levitate
Member
 
Registered: Aug 2004
Posts: 63

Original Poster
Rep: Reputation: 15
i guess part of my question is with the ability to use apt-get for security updates...is the command i'd use apt-get update? and that will get the necessary security updates?

also i'm a tad confused...you say to make sure there's a 'sarge' security line in there...if i have that in there, does that mean if i run apt-get update right now then it will work? or am i still in a position where i have to wait till sarge becomes the stable dist.?

thanks for the info
 
Old 08-18-2004, 08:15 PM   #4
quentusrex
Member
 
Registered: Aug 2004
Location: Seattle, Washington
Posts: 101

Rep: Reputation: 15
First, the command 'apt-get update' updates what packages are available for you to download. if it's a new package or a new version of a package and you just try to type the 'apt-get install blahblah' or 'apt-get upgrade' then it won't do any good cuz apt-get doesn't know there are new files out there.

Second, I'm not 100% sure, but i think debian automatically fixes security problems with apt-get upgrade and apt-get dist-upgrade. But if you do not have a firewall between you and your modem, ie: a router between your computer and your broadband modem then you need a software firewall. there were some previously mentioned.
 
Old 08-18-2004, 08:19 PM   #5
quentusrex
Member
 
Registered: Aug 2004
Location: Seattle, Washington
Posts: 101

Rep: Reputation: 15
I'd like to try to quote someone's profile that I read a few days ago. I don't remember the person who's profile i read it from, but here goes my best try.

Neo: You're saying I'll be able to dodge worms?
Morpheis: I'm saying when you move to linux, you won't have to.

see what I mean? The majority of Windows worms spread through buffer overflows of one kind or another. well, in an open source enviroment like linux other people check all of the code you try to submit. and normally they find any and all mistakes in coding. so the only real danger is misconfiguring something on your system.
 
Old 08-18-2004, 08:49 PM   #6
zero79
Member
 
Registered: Nov 2003
Location: Ohio
Distribution: Debian Unstable
Posts: 460

Rep: Reputation: 30
to do a make sure your system is completely up to date including patches for security issues, all you need do is

Code:
apt-get update ; apt-get dist-upgrade
"update" updates apt's list of the names of currently available software
"dist-upgrade" upgrades all software on your system (including patches for security issues) and resolves all software dependencies by upgrading those dependencies also. if you try it out, you'll see what i mean.

security on Debian is second to none...although, it can take a significant amount of time for the upgrades to trickle down from unstable to testing to stable, which means that your system could remain open for a significant amount of time.

a firewall is definately a necessary second line of defense after keeping all of your software up to date. i use firestarter (it has a gui that's put in the "system tools" menu in GNOME), but i may check out guarddog based on macondo's post.

Code:
apt-get install guarddog firestarter
the statement that gnu/linux is invulnerable to viral attack is one of those stereotypical myths. it's just not true, but there haven't been too many problems, yet. the key word being yet. yes, you could go on assuming that you are safe, but one day, there will be an outbreak...even just as a proof-of-concept. someone will do it just so they can say, look, all of you were wrong about howe secure your system was. anyway, enough rant. i heard f-prot, or something like that is a virus detection system that runs on linux. note that i have my head in the clouds about this virus thing also because, no i don't have a virus scanner yet on my linux box. i just haven't gotten around to it. shame on me.

Last edited by zero79; 08-18-2004 at 09:02 PM.
 
Old 08-19-2004, 08:27 AM   #7
Levitate
Member
 
Registered: Aug 2004
Posts: 63

Original Poster
Rep: Reputation: 15
err, oops, i knew what apt-get update does...meant to say apt-get upgrade

if i'm running sarge and do apt-get dist-upgrade, doesn't that basically upgrade it to sid?
i'm not really sure if i want to do that yet (i don't want to run into any problems caused by the unstable dist. at this point while i'm still working out some things), so would just running apt-get upgrade get the fixes for sarge?

or maybe i'm still confused on the idea

thanks for all the input though, i'll check out the firewalls mentioned
 
Old 08-19-2004, 08:54 AM   #8
macondo
Senior Member
 
Registered: Jul 2003
Posts: 1,016

Rep: Reputation: 52
"i guess part of my question is with the ability to use apt-get for security updates...is the command i'd use apt-get update? and that will get the necessary security updates?"

#apt-get update

this will update the apps database in the debian distro you are using.

#apt-get upgrade

this will upgrade the apps installed

#apt-get dist-upgrade

this will upgrade your actual version (say woody) to the version specified by you in the sources.list (say sarge).

Do yourself an inmense favor and read the APT-HOWTO
debian.org > documentation > manuals > APT-HOWTO

"also i'm a tad confused...you say to make sure there's a 'sarge' security line in there...if i have that in there, does that mean if i run apt-get update right now then it wil work"

YES! it will give you the security updates for Sarge. NO, you don't have to wait for Sarge to become the 'stable' distro.

Last edited by macondo; 08-19-2004 at 08:57 AM.
 
Old 08-19-2004, 09:09 AM   #9
macondo
Senior Member
 
Registered: Jul 2003
Posts: 1,016

Rep: Reputation: 52
"err, oops, i knew what apt-get update does...meant to say apt-get upgrade

if i'm running sarge and do apt-get dist-upgrade, doesn't that basically upgrade it to sid?

No.

in order to upgrade to Sid, you need to point your sources.list to sid first, the do:

apt-get update
apt-get dist-upgrade

If you don't change your sources.list to sid, and do a

dist-upgrade

nothing happens, you might get an upgrade WITHIN YOUR DISTRO, smoothing dependencies better according to the APT-HOWTO, I do it in Sid everyday. remember before any upgrade or dist-upgrade you must update. This will become clear when you read the APT-HOWTO.

"i'm not really sure if i want to do that yet (i don't want to run into any problems caused by the unstable dist. at this point while i'm still working out some things), so would just running apt-get upgrade get the fixes for sarge?"

Everyday:

#apt-get update
#apt-get upgrade

memorize the APT-HOWTO, read, read, read...

Last edited by macondo; 08-19-2004 at 09:14 AM.
 
Old 08-19-2004, 10:38 AM   #10
Levitate
Member
 
Registered: Aug 2004
Posts: 63

Original Poster
Rep: Reputation: 15
k thanks, i've been running back and forth dealing with some different issues, reading a little here and a little there...read some of the apt how-to but not enough apparently

but i think things are straightening out...now if i can just figure out my issues with nethack and open office
 
Old 08-19-2004, 11:25 AM   #11
HappyTux
Senior Member
 
Registered: Mar 2003
Location: Nova Scotia, Canada
Distribution: Debian AMD64
Posts: 3,594

Rep: Reputation: 97
Re: several security questions

Quote:
Originally posted by Levitate
I'm running sarge with the 2.6.7 kernel on my inspiron 5100 laptop

I rather new to running a linux system, so i'm looking to get a handle on a few security questions...first, in what way can i get security updates for sarge? like i said i'm a little new here so i'm not sure how the process works...i've seen some say that you can only get updates through apt-get for woody...then saw someone else give a url for sarge updates to be put in the apt sources. what's the best way to go about this and what do the updates usually fix or whatever? if i have to manually download updates, how can find out where my system is at now and where i need to start downloading, etc.

my other questions involve what kind of firewalls and anti virus protection work best on a debian system. i know anti virus isn't as necessary as it is on a windows system but i still hear it's good to have something just in case...any comments on that?

thanks if anyone can help
A few steps.

1. Install firewall allowing only outgoing established and related connections no incoming whatsoever.

2. Anti-virus software is a bunch of bull for Linux it is vulnerable to worms and trojans. And even then it is damn hard to infect the machine unless you are stupid enough to actually make a file exectable then even stupider run it as root to infect the entire machine. So make sure you know what any file you make executable actually does and you know the source it came from.

3. Never run as root if you login at the console do so as normal user then use su to become root then type exit as soon as you are done to go back to normal user or setup the sudoers (apt-get install sudo then visudo as root for setup) file to allow you to issue commands as root (sudo apt-get install package_name).

4. Send an email to the address debian-security-announce-request@lists.debian.org with the subject subscribe to get minimal email when there is a notice put out by the security team to let you know when packages have problems.

5. Never install server applications you will not use and if you do you should limit the access to local network use.

6. Keep your kernel up to date to prevent know exploits that may be out there.

7. Install and use the fakeroot package whenever it is necessary when compiling in other words never compile anything as root always use fakeroot. Most simple programs that use ./configure, make and make install (best done as su -c 'make install') do not require fakeroot, building Debian packages from source or a kernel do.

Just a few I could think of off the top of my head.

Almost forgot security updates for sarge.

Code:
# Security updates
deb http://security.debian.org/ sarge/updates main contrib non-free
 
Old 08-19-2004, 12:02 PM   #12
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Debian Testing
Posts: 19,192
Blog Entries: 4

Rep: Reputation: 473Reputation: 473Reputation: 473Reputation: 473Reputation: 473
Moved: This thread is more suitable in Linux-Security and has been moved accordingly to help your thread/question get the exposure it deserves.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Security Questions] Last Login, how good is this feature for security breach info? t3gah Linux - Security 2 06-14-2005 01:02 AM
A Few Network Security Questions. pete1234 Linux - Security 3 06-07-2005 03:48 PM
probably one of the most basic security questions... breezewax Linux - Security 11 10-10-2004 12:30 PM
Newbie Security Questions jtaylor75 Linux - Security 6 12-08-2003 04:18 PM
Unspawn or anyone else security questions BajaNick Linux - Security 7 09-21-2003 05:01 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration