MEPIS This forum is for the discussion of MEPIS Linux. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-11-2005, 06:22 AM
|
#1
|
LQ Newbie
Registered: Mar 2004
Posts: 11
Rep:
|
How secure is Mepis out-of-the-box?
I installed Mepis last week (upgrading a RedHat install in doing so - seemed to work OK, saving my /home directory etc.
Anyway, I was looking around in /home, and noticed a user directory called "warren", and my root prompt now reads "root@3[warren]#", as though someone's managed to get in and start hacking around...
Questions are:
1) Is this likely, given the above and
2) How secure is the OS by default? (It is sitting behind a DSL modem/router using NAT and port blocking, with nothing explicitly forwarded to this machine).
Thanks in advance...sorry about the noob questions.
|
|
|
07-11-2005, 08:38 AM
|
#2
|
Member
Registered: Mar 2004
Location: South Carolina, USA
Distribution: Mepis
Posts: 287
Rep:
|
The user account of Warren is there because Warren the creator of Mepis will test a new release before making it an iso and uploading it to the server. Sometimes he forgets to take out his personal info before releasing a new version. You can delete the user Warren from kmenu > system > KUser program.
|
|
|
07-11-2005, 10:10 AM
|
#3
|
Member
Registered: Oct 2003
Location: /dev/null > Oklahoma
Distribution: Mepis 3.3.2-test 3, CC Home 3.0, OpenBSD 3.8
Posts: 64
Rep:
|
Re: How secure is Mepis out-of-the-box?
Quote:
Originally posted by biased99
I installed Mepis last week (upgrading a RedHat install in doing so - seemed to work OK, saving my /home directory etc.
2) How secure is the OS by default? (It is sitting behind a DSL modem/router using NAT and port blocking, with nothing explicitly forwarded to this machine).
|
Mepis comes standard with an IPtables GUI front end called Guard Dog..
I am not sure what ports are blocked on the default install..
Most folks remove Guard Dog and use FireStarter instead.. easier to configure..
If your DSL device is doing port blocking.. then it might redundant ports..
and most ISPs block certain ports (to prevent trojans etc.. )
try one of the online scanners to give you an idea of what ports
are blocked..
google for "online scan"
or
here is one
hth
|
|
|
07-12-2005, 05:49 PM
|
#4
|
MEPIS volunteer
Registered: May 2005
Location: Central Oregon, USA
Distribution: PCLinuxOS 0.92
Posts: 14
Rep:
|
In addition to the above, it has been my experience that Linux is pretty secure out of the box, in that you create a "normal" unprivileged account for day to day work, and use the root account very very rarely. It is pretty common practice when needing temporary root access to type either su or sudo in a console. This way you only run as root when you need to as opposed to that "other" OS where you run privileged all the time. Thus, any damage that gets done will be to your account only and not the whole system. If you attempt to run an app that needs root privilege, it will ask you for the root password. If you don't have it, no go. Also, if one knows what they are doing, Linux can be hardened further.
|
|
|
All times are GMT -5. The time now is 03:29 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|