Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
04-21-2006, 05:46 AM
|
#16
|
Senior Member
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,519
Original Poster
Rep:
|
Quote:
Originally Posted by dcdbutler
# iptables -L
will show which firewall rules are in place, useful as a check that everything in the script works OK.
|
Wow! very nice a really good check to see what guarddog is configuring for me, and what it is not doing for me.
For whatever it's worth "Rick485" I don't really trust those on line scanners to be honest. This is just from a hard ware stand point, and my previous windows experience that I base this on. My short blog (LOL) on this below.
1. Your ISP could see that they are doing a scan on you, and block them for you. However, a smart hacker wouldn't go port by port in sequential order like those sites do. Those "re-cursory audits" are very archaic now IMO.
2. Your DSL or cable modem might have a firewall built in.
3. Not knowing how guard dog responds to being scanned too is a question in my mind, I don't know if it has an "auto-block" feature.
To be honest, I really despise auto-block features, becuase most hard core hackers (the one's who get in on you, and really know what to do when they get in) are going for the most recently know exploits. Those exploits that may or may not have (a) been identified yet (b) have a fix yet and furthermore and (c) most likely is not patched on peoples computers yet. Most of those hard core hackers do an IP range scan on a few known ports for these latest/greatest vulnerabilities. Plus they're using ip scramblers too, to make it further harder to keep track of the scans. Argh it's all mind boggling.
Now I like auto-block becuase it stops all these stupid script kiddies, hacking the world and lagging out my internet connection. But I really don't think auto-block alone is a good choice either.
Question: what anti-virus program installs and works well with slackware for two pc's I have on the network with slackware. They're not servers, just the pc's that our going to be the primary pc's we do all our regular daily computer tasks, and email on, etc. I checked out the clam-av but it seems really geared more towards servers, not stand alone pc's. Like most other linux users,I'm not scared of me getting a virus but passing it on to friends and family that I haven't "converted" to the "slackware" mindset yet 
Last edited by Old_Fogie; 06-09-2006 at 03:43 PM.
|
|
|
04-21-2006, 07:21 AM
|
#17
|
Member
Registered: Feb 2004
Location: 33.31N -111.97W
Distribution: SuSE
Posts: 919
Rep:
|
Quote:
Originally Posted by Old_Fogie
Question: what anti-virus program installs and works well with slackware for two pc's I have on the network with slackware. They're not servers, just the pc's that our going to be the primary pc's we do all our regular daily computer tasks, and email on, etc. I checked out the clam-av but it seems really geared more towards servers, not stand alone pc's. Like most other linux users,I'm not scared of me getting a virus but passing it on to friends and family that I haven't "converted" to the "slackware" mindset yet 
|
Antivir Personal Edition has a nice GUI, is relatively easy to set up, has auto-checking of both program updates and virus databases, does real-time scanning, and so forth.
|
|
|
04-21-2006, 09:16 AM
|
#18
|
Senior Member
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,519
Original Poster
Rep:
|
I've been going to different antivirus vendors web-sites. It's amazing the way that they protect the lovely windows name by saying that linux is harboring viruses waiting to attack windows machines.
instead of saying becuase windows suxorz, you should switch to linux and not have to buy antivirus.
LOL from here: http://www.sophos.com/products/es/en...sav-linux.html
"Sophos Anti-Virus provides superior on-access scanning for Linux desktops, laptops and servers, and prevents the harboring of viruses that infect Windows platforms. The powerful Sophos virus detection engine scans all potential entry points for viruses, spyware, Trojans and worms."
That is the same theme/feel I get at kaspersky, avg, antivir...so we linux people are bad cuz we harbor viruses to attack the poor windows world. omg!
|
|
|
04-21-2006, 10:52 AM
|
#19
|
Senior Member
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,519
Original Poster
Rep:
|
Ok I put the antivir in.
I do have one quick question (hopefully) about this topic during the install, this is a copy and paste from terminal:
Quote:
3) installing AvGuard
Version 2.1.6-16 of AntiVir for UNIX Workstation is capable of on-access,
real-time scanning of files. This provides the ultimate protection
against viruses and other unwanted software. The on-access scanner
(called AvGuard) is based on Dazuko, a free software project providing
access control. In order to use AvGuard you will need to compile Dazuko
for your kernel. Please refer to contrib/dazuko/HOWTO-Dazuko for
information about how to do this. There are several ways in which you
can install AvGuard.
module - Dazuko will be loaded by the avguard script
kernel - Dazuko is always loaded
(and should not be loaded by the avguard script)
no install - do not install AvGuard at this time
Note: Dazuko currently only works with GNU/Linux, FreeBSD and Solaris
systems. If you are interested in helping us port Dazuko to
OpenBSD, feel free to check out the Dazuko Project at:
http://www.dazuko.org
available options: m k n
How should AvGuard be installed? [n] m
Enter the full path to dazuko.ko: /usr/bin
/usr/bin not found.
How should AvGuard be installed? [n]
AvGuard will NOT be installed. See contrib/dazuko/HOWTO-Dazuko
for more information about Dazuko.
|
I tried to do it as module, as I got scared  when I saw it talking about the kernel. Should I have chosen kernel? I seem to recall having an issue like this when I tried to enable real time protection for the brand of clam-av that comes with Mepis a while ago.
Thanks.
|
|
|
04-22-2006, 06:41 AM
|
#20
|
Member
Registered: Jan 2006
Location: Australia
Distribution: Fedora, Slackware, RHEL, AIX, HP-UX
Posts: 358
Rep:
|
Hey Alien Bob, Just wanted to say cheers for the info in this post.... Just created a script from your page then.
* I wanted to make sure i have done all that is required?
generated script & saved to /etc/rc.d/rc.firewall
#chmod a+x /etc/rc.d/rc.firewall
after a reboot i can see the following modules loaded...
ipv6 192896 8
ipt_limit 1984 2
ipt_pkttype 1536 1
ipt_LOG 5568 11
ipt_state 1664 6
iptable_mangle 2240 0
iptable_nat 6212 0
iptable_filter 2368 1
ip_conntrack_irc 5296 0
ip_nat_ftp 2688 0
ip_nat 14508 2 iptable_nat,ip_nat_ftp
ip_conntrack_ftp 5808 1 ip_nat_ftp
ip_conntrack 38924 6 ipt_state,iptable_nat,ip_conntrack_irc,ip_nat_ftp,ip_nat,ip_conntrack_ftp
ip_tables 16704 7 ipt_limit,ipt_pkttype,ipt_LOG,ipt_state,iptable_mangle,iptable_nat,iptable_filter
Is there anything else i need to do?
|
|
|
04-22-2006, 08:12 AM
|
#21
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
Quote:
Originally Posted by -=Graz=-
I wanted to make sure i have done all that is required?
generated script & saved to /etc/rc.d/rc.firewall
#chmod a+x /etc/rc.d/rc.firewall
|
Sounds like you did all that is needed. You can run "iptables -L" to see what rules are active.
Eric
|
|
|
04-22-2006, 09:28 AM
|
#22
|
Member
Registered: Jan 2006
Location: Australia
Distribution: Fedora, Slackware, RHEL, AIX, HP-UX
Posts: 358
Rep:
|
Cool! Nice and easy.. I will give the iptables command a go as that was my next question =)
Also, where can i find the logs for the firewall.. i looked in /var/log but cannot see anything? Thanks!
|
|
|
04-22-2006, 09:35 AM
|
#23
|
Member
Registered: Jan 2006
Location: Australia
Distribution: Fedora, Slackware, RHEL, AIX, HP-UX
Posts: 358
Rep:
|
Actually, the rules look quite weird.. There are heaps of 'source - Anywhere' and 'destination - anywhere' for both drop and accept... I guess this is must be correct though as i couldnt have done anything wrong..
I guess i could go a security site and get it to do a bit of a general probe of my pc... Although that may not work- as i have a NAT firewell built into the router as well which seems to work OK.
|
|
|
04-22-2006, 10:28 AM
|
#24
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
If you have a second PC, you could run nmap (commandline) or nmapfe (gui) to scan your firewalled PC.
Regarding the logging: iptables logs to the "kernel" syslog facility with a level of "warning". Looking at /etc/syslog.conf I see that logging of level "warn" and higher is done in /var/log/syslog so that is where you will find your firewall log.
You can change that by for instance adding this line to /etc/syslog.conf
Code:
kern.warn -/var/log/firewall
and then running
Code:
/etc/rc.d/rc.syslog restart
The file /var/log/firewall will be created by syslog and all iptables logging will go that file (as well as still being written to /var/log/syslog as well, I might add!) and possible some other kernel logging as well.
NOTE: the '-' in front of the logfile is meant to prohibit syncing the logfile to disk after every log line entered. Your hard disk will like you for it (and your ears too).
Eric
|
|
|
04-22-2006, 02:59 PM
|
#25
|
Senior Member
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,519
Original Poster
Rep:
|
To check my logs from being a normal user, I've been using "file manager super user" then browse to the log diretories and view in kwrite. Is there a better app that would be graphical to see these logs and warning items other than a text editor? Or is there a different better way?
Kind of like a zonealarm log viewer in windows type of app?
|
|
|
04-22-2006, 10:29 PM
|
#26
|
Member
Registered: Jan 2006
Location: Australia
Distribution: Fedora, Slackware, RHEL, AIX, HP-UX
Posts: 358
Rep:
|
Hey there, thanks for the info - i addded that line into /etc/syslog.conf and then restarted it and it has created the /var/log/firewall
I did not remove anything from the .conf file though so as you said i guess it will log twice.. thats okay though, it is more structured for me this way! hehe..
funnily enough i have left it there for some time now after starting various internet programs like 'aMSN' and still the file is empty.*
** Actually let me take that back - aMSN has caused a nice spread of udp and other requests.. thanks!
Last edited by -=Graz=-; 04-22-2006 at 10:38 PM.
|
|
|
04-23-2006, 03:58 AM
|
#27
|
Senior Member
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,519
Original Poster
Rep:
|
Quote:
Originally Posted by -=Graz=-
** Actually let me take that back - aMSN has caused a nice spread of udp and other requests.. thanks!
|
I may be mis-interpreting you, but I noticed the same thing over the years using the windows platform instant messengers like yahoo, gaim, aim, msn to be honest. I know in windows, we were constantly receiving notices from our IM providers to upgrade to the latest version.
I think (and what the hell do I know right LOL) what your noticing could be due to some unsolicited traffice by hackers trying to get in/out etc through instant messengers. Becuase even though we are on linux we try and meet the same routing protocols and software features of the windows platform for compatibility.
I wonder if maybe, even though we are not as prone to attacks like windows users, that we should make sure we keep more current in our instant messengers on linux to help stop the spread of stuff.
Just a thought, I haven't had a chance to do IM on linux yet to be honest so thanks for the heads up on the firewall log entries.
|
|
|
04-23-2006, 05:45 AM
|
#28
|
Member
Registered: Jan 2006
Location: Australia
Distribution: Fedora, Slackware, RHEL, AIX, HP-UX
Posts: 358
Rep:
|
Hey there, yes your right - instant messenging software is notorious for being fairly unsafe. Even if you configure your firewall to lock everything except the ports/protocols the IM software uses, all you need to do is 'accept' an authorisation request from someone you dont know and then you could be compromised.. ICQ was always a big one for this.
Generally i try to stay away from these apps but i do have it installed for occasional use. It was a good way to test the firewall though as shortly after loading it the log started rolling..
becuase these apps like to have in/out access to your machines over a whole range of ports/protocols and are able to write to disk etc.... they are pretty unsafe i think.
|
|
|
04-23-2006, 06:06 AM
|
#29
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
You might want to try a Jabber client. Jabber is the only ratified IM protocol, it is a fully open standard, and does not use a lot of ports to connect to others. You can make communication safe using SSL connections between server and clients.
Gaim understands the Jabber protocol, as do Kopete and Psi for instance. There are many more good clients (mcabber is a console app for instance), just pick one you like. I use Psi and mcabber on Linux, and Gaim on Windows. The advantage of Psi and mcabber is that they are Jabber-only, whereas Gaim and Kopete are multi-protocol (and have to deal with bugs in all these protocols and the plugin architecture). I have made Slackware packages for both psi and mcabber btw.
Eric
|
|
|
04-23-2006, 06:26 AM
|
#30
|
Member
Registered: Jan 2006
Location: Australia
Distribution: Fedora, Slackware, RHEL, AIX, HP-UX
Posts: 358
Rep:
|
Alien Bob, Cool! this sounds good... Are these clients capable of using networks like MSN or ICQ? Or do your buddies have to also have the same software?
The only reason i have aMSN on this thing is just because all my friends use it in Windows. I like ICQ for the 'free SMS' feature..
|
|
|
All times are GMT -5. The time now is 09:31 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|