LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > MEPIS
User Name
Password
MEPIS This forum is for the discussion of MEPIS Linux.

Notices


Reply
  Search this Thread
Old 07-11-2005, 06:22 AM   #1
biased99
LQ Newbie
 
Registered: Mar 2004
Posts: 11

Rep: Reputation: 0
How secure is Mepis out-of-the-box?


I installed Mepis last week (upgrading a RedHat install in doing so - seemed to work OK, saving my /home directory etc.

Anyway, I was looking around in /home, and noticed a user directory called "warren", and my root prompt now reads "root@3[warren]#", as though someone's managed to get in and start hacking around...

Questions are:
1) Is this likely, given the above and
2) How secure is the OS by default? (It is sitting behind a DSL modem/router using NAT and port blocking, with nothing explicitly forwarded to this machine).

Thanks in advance...sorry about the noob questions.
 
Old 07-11-2005, 08:38 AM   #2
CBlue
Member
 
Registered: Mar 2004
Location: South Carolina, USA
Distribution: Mepis
Posts: 287

Rep: Reputation: 31
The user account of Warren is there because Warren the creator of Mepis will test a new release before making it an iso and uploading it to the server. Sometimes he forgets to take out his personal info before releasing a new version. You can delete the user Warren from kmenu > system > KUser program.
 
Old 07-11-2005, 10:10 AM   #3
thekat
Member
 
Registered: Oct 2003
Location: /dev/null > Oklahoma
Distribution: Mepis 3.3.2-test 3, CC Home 3.0, OpenBSD 3.8
Posts: 64

Rep: Reputation: 15
Re: How secure is Mepis out-of-the-box?

Quote:
Originally posted by biased99
I installed Mepis last week (upgrading a RedHat install in doing so - seemed to work OK, saving my /home directory etc.

2) How secure is the OS by default? (It is sitting behind a DSL modem/router using NAT and port blocking, with nothing explicitly forwarded to this machine).

Mepis comes standard with an IPtables GUI front end called Guard Dog..
I am not sure what ports are blocked on the default install..
Most folks remove Guard Dog and use FireStarter instead.. easier to configure..

If your DSL device is doing port blocking.. then it might redundant ports..
and most ISPs block certain ports (to prevent trojans etc.. )
try one of the online scanners to give you an idea of what ports
are blocked..

google for "online scan"
or
here is one

hth
 
Old 07-12-2005, 05:49 PM   #4
aveteam
MEPIS volunteer
 
Registered: May 2005
Location: Central Oregon, USA
Distribution: PCLinuxOS 0.92
Posts: 14

Rep: Reputation: 0
In addition to the above, it has been my experience that Linux is pretty secure out of the box, in that you create a "normal" unprivileged account for day to day work, and use the root account very very rarely. It is pretty common practice when needing temporary root access to type either su or sudo in a console. This way you only run as root when you need to as opposed to that "other" OS where you run privileged all the time. Thus, any damage that gets done will be to your account only and not the whole system. If you attempt to run an app that needs root privilege, it will ask you for the root password. If you don't have it, no go. Also, if one knows what they are doing, Linux can be hardened further.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Help Secure my Slackware 9.1 box Smokey Slackware 6 09-16-2004 10:29 AM
How secure is my box? Aeiri Linux - Security 4 06-03-2004 01:33 PM
How secure is Suse 9.0 out of the box? Larsin Linux - Security 3 03-04-2004 02:44 AM
A good motivation to secure your box chort Linux - Security 1 12-10-2003 02:01 AM
how secure is mandrake v8 out of the box? EnderWiggin Linux - Newbie 2 07-13-2001 09:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > MEPIS

All times are GMT -5. The time now is 03:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration