LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 04-21-2006, 05:46 AM   #16
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,519

Original Poster
Rep: Reputation: 63

Quote:
Originally Posted by dcdbutler
# iptables -L

will show which firewall rules are in place, useful as a check that everything in the script works OK.
Wow! very nice a really good check to see what guarddog is configuring for me, and what it is not doing for me.

For whatever it's worth "Rick485" I don't really trust those on line scanners to be honest. This is just from a hard ware stand point, and my previous windows experience that I base this on. My short blog (LOL) on this below.

1. Your ISP could see that they are doing a scan on you, and block them for you. However, a smart hacker wouldn't go port by port in sequential order like those sites do. Those "re-cursory audits" are very archaic now IMO.

2. Your DSL or cable modem might have a firewall built in.

3. Not knowing how guard dog responds to being scanned too is a question in my mind, I don't know if it has an "auto-block" feature.

To be honest, I really despise auto-block features, becuase most hard core hackers (the one's who get in on you, and really know what to do when they get in) are going for the most recently know exploits. Those exploits that may or may not have (a) been identified yet (b) have a fix yet and furthermore and (c) most likely is not patched on peoples computers yet. Most of those hard core hackers do an IP range scan on a few known ports for these latest/greatest vulnerabilities. Plus they're using ip scramblers too, to make it further harder to keep track of the scans. Argh it's all mind boggling.

Now I like auto-block becuase it stops all these stupid script kiddies, hacking the world and lagging out my internet connection. But I really don't think auto-block alone is a good choice either.

Question: what anti-virus program installs and works well with slackware for two pc's I have on the network with slackware. They're not servers, just the pc's that our going to be the primary pc's we do all our regular daily computer tasks, and email on, etc. I checked out the clam-av but it seems really geared more towards servers, not stand alone pc's. Like most other linux users,I'm not scared of me getting a virus but passing it on to friends and family that I haven't "converted" to the "slackware" mindset yet

Last edited by Old_Fogie; 06-09-2006 at 03:43 PM.
 
Old 04-21-2006, 07:21 AM   #17
Xian
Member
 
Registered: Feb 2004
Location: 33.31N -111.97W
Distribution: SuSE
Posts: 919

Rep: Reputation: 32
Quote:
Originally Posted by Old_Fogie
Question: what anti-virus program installs and works well with slackware for two pc's I have on the network with slackware. They're not servers, just the pc's that our going to be the primary pc's we do all our regular daily computer tasks, and email on, etc. I checked out the clam-av but it seems really geared more towards servers, not stand alone pc's. Like most other linux users,I'm not scared of me getting a virus but passing it on to friends and family that I haven't "converted" to the "slackware" mindset yet
Antivir Personal Edition has a nice GUI, is relatively easy to set up, has auto-checking of both program updates and virus databases, does real-time scanning, and so forth.
 
Old 04-21-2006, 09:16 AM   #18
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,519

Original Poster
Rep: Reputation: 63
I've been going to different antivirus vendors web-sites. It's amazing the way that they protect the lovely windows name by saying that linux is harboring viruses waiting to attack windows machines.

instead of saying becuase windows suxorz, you should switch to linux and not have to buy antivirus.

LOL from here: http://www.sophos.com/products/es/en...sav-linux.html

"Sophos Anti-Virus provides superior on-access scanning for Linux desktops, laptops and servers, and prevents the harboring of viruses that infect Windows platforms. The powerful Sophos virus detection engine scans all potential entry points for viruses, spyware, Trojans and worms."

That is the same theme/feel I get at kaspersky, avg, antivir...so we linux people are bad cuz we harbor viruses to attack the poor windows world. omg!
 
Old 04-21-2006, 10:52 AM   #19
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,519

Original Poster
Rep: Reputation: 63
Ok I put the antivir in.

I do have one quick question (hopefully) about this topic during the install, this is a copy and paste from terminal:

Quote:
3) installing AvGuard
Version 2.1.6-16 of AntiVir for UNIX Workstation is capable of on-access,
real-time scanning of files. This provides the ultimate protection
against viruses and other unwanted software. The on-access scanner
(called AvGuard) is based on Dazuko, a free software project providing
access control. In order to use AvGuard you will need to compile Dazuko
for your kernel. Please refer to contrib/dazuko/HOWTO-Dazuko for
information about how to do this. There are several ways in which you
can install AvGuard.

module - Dazuko will be loaded by the avguard script

kernel - Dazuko is always loaded
(and should not be loaded by the avguard script)

no install - do not install AvGuard at this time

Note: Dazuko currently only works with GNU/Linux, FreeBSD and Solaris
systems. If you are interested in helping us port Dazuko to
OpenBSD, feel free to check out the Dazuko Project at:
http://www.dazuko.org

available options: m k n

How should AvGuard be installed? [n] m
Enter the full path to dazuko.ko: /usr/bin
/usr/bin not found.

How should AvGuard be installed? [n]
AvGuard will NOT be installed. See contrib/dazuko/HOWTO-Dazuko
for more information about Dazuko.
I tried to do it as module, as I got scared when I saw it talking about the kernel. Should I have chosen kernel? I seem to recall having an issue like this when I tried to enable real time protection for the brand of clam-av that comes with Mepis a while ago.

Thanks.
 
Old 04-22-2006, 06:41 AM   #20
-=Graz=-
Member
 
Registered: Jan 2006
Location: Australia
Distribution: Fedora, Slackware, RHEL, AIX, HP-UX
Posts: 358

Rep: Reputation: 31
Hey Alien Bob, Just wanted to say cheers for the info in this post.... Just created a script from your page then.
* I wanted to make sure i have done all that is required?
generated script & saved to /etc/rc.d/rc.firewall
#chmod a+x /etc/rc.d/rc.firewall

after a reboot i can see the following modules loaded...
ipv6 192896 8
ipt_limit 1984 2
ipt_pkttype 1536 1
ipt_LOG 5568 11
ipt_state 1664 6
iptable_mangle 2240 0
iptable_nat 6212 0
iptable_filter 2368 1
ip_conntrack_irc 5296 0
ip_nat_ftp 2688 0
ip_nat 14508 2 iptable_nat,ip_nat_ftp
ip_conntrack_ftp 5808 1 ip_nat_ftp
ip_conntrack 38924 6 ipt_state,iptable_nat,ip_conntrack_irc,ip_nat_ftp,ip_nat,ip_conntrack_ftp
ip_tables 16704 7 ipt_limit,ipt_pkttype,ipt_LOG,ipt_state,iptable_mangle,iptable_nat,iptable_filter

Is there anything else i need to do?
 
Old 04-22-2006, 08:12 AM   #21
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119
Quote:
Originally Posted by -=Graz=-
I wanted to make sure i have done all that is required?
generated script & saved to /etc/rc.d/rc.firewall
#chmod a+x /etc/rc.d/rc.firewall
Sounds like you did all that is needed. You can run "iptables -L" to see what rules are active.

Eric
 
Old 04-22-2006, 09:28 AM   #22
-=Graz=-
Member
 
Registered: Jan 2006
Location: Australia
Distribution: Fedora, Slackware, RHEL, AIX, HP-UX
Posts: 358

Rep: Reputation: 31
Cool! Nice and easy.. I will give the iptables command a go as that was my next question =)
Also, where can i find the logs for the firewall.. i looked in /var/log but cannot see anything? Thanks!
 
Old 04-22-2006, 09:35 AM   #23
-=Graz=-
Member
 
Registered: Jan 2006
Location: Australia
Distribution: Fedora, Slackware, RHEL, AIX, HP-UX
Posts: 358

Rep: Reputation: 31
Actually, the rules look quite weird.. There are heaps of 'source - Anywhere' and 'destination - anywhere' for both drop and accept... I guess this is must be correct though as i couldnt have done anything wrong..
I guess i could go a security site and get it to do a bit of a general probe of my pc... Although that may not work- as i have a NAT firewell built into the router as well which seems to work OK.
 
Old 04-22-2006, 10:28 AM   #24
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119
If you have a second PC, you could run nmap (commandline) or nmapfe (gui) to scan your firewalled PC.

Regarding the logging: iptables logs to the "kernel" syslog facility with a level of "warning". Looking at /etc/syslog.conf I see that logging of level "warn" and higher is done in /var/log/syslog so that is where you will find your firewall log.
You can change that by for instance adding this line to /etc/syslog.conf
Code:
kern.warn                                      -/var/log/firewall
and then running
Code:
/etc/rc.d/rc.syslog restart
The file /var/log/firewall will be created by syslog and all iptables logging will go that file (as well as still being written to /var/log/syslog as well, I might add!) and possible some other kernel logging as well.

NOTE: the '-' in front of the logfile is meant to prohibit syncing the logfile to disk after every log line entered. Your hard disk will like you for it (and your ears too).

Eric
 
Old 04-22-2006, 02:59 PM   #25
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,519

Original Poster
Rep: Reputation: 63
To check my logs from being a normal user, I've been using "file manager super user" then browse to the log diretories and view in kwrite. Is there a better app that would be graphical to see these logs and warning items other than a text editor? Or is there a different better way?

Kind of like a zonealarm log viewer in windows type of app?
 
Old 04-22-2006, 10:29 PM   #26
-=Graz=-
Member
 
Registered: Jan 2006
Location: Australia
Distribution: Fedora, Slackware, RHEL, AIX, HP-UX
Posts: 358

Rep: Reputation: 31
Hey there, thanks for the info - i addded that line into /etc/syslog.conf and then restarted it and it has created the /var/log/firewall
I did not remove anything from the .conf file though so as you said i guess it will log twice.. thats okay though, it is more structured for me this way! hehe..
funnily enough i have left it there for some time now after starting various internet programs like 'aMSN' and still the file is empty.*

** Actually let me take that back - aMSN has caused a nice spread of udp and other requests.. thanks!

Last edited by -=Graz=-; 04-22-2006 at 10:38 PM.
 
Old 04-23-2006, 03:58 AM   #27
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,519

Original Poster
Rep: Reputation: 63
Quote:
Originally Posted by -=Graz=-
** Actually let me take that back - aMSN has caused a nice spread of udp and other requests.. thanks!
I may be mis-interpreting you, but I noticed the same thing over the years using the windows platform instant messengers like yahoo, gaim, aim, msn to be honest. I know in windows, we were constantly receiving notices from our IM providers to upgrade to the latest version.

I think (and what the hell do I know right LOL) what your noticing could be due to some unsolicited traffice by hackers trying to get in/out etc through instant messengers. Becuase even though we are on linux we try and meet the same routing protocols and software features of the windows platform for compatibility.

I wonder if maybe, even though we are not as prone to attacks like windows users, that we should make sure we keep more current in our instant messengers on linux to help stop the spread of stuff.

Just a thought, I haven't had a chance to do IM on linux yet to be honest so thanks for the heads up on the firewall log entries.
 
Old 04-23-2006, 05:45 AM   #28
-=Graz=-
Member
 
Registered: Jan 2006
Location: Australia
Distribution: Fedora, Slackware, RHEL, AIX, HP-UX
Posts: 358

Rep: Reputation: 31
Hey there, yes your right - instant messenging software is notorious for being fairly unsafe. Even if you configure your firewall to lock everything except the ports/protocols the IM software uses, all you need to do is 'accept' an authorisation request from someone you dont know and then you could be compromised.. ICQ was always a big one for this.
Generally i try to stay away from these apps but i do have it installed for occasional use. It was a good way to test the firewall though as shortly after loading it the log started rolling..
becuase these apps like to have in/out access to your machines over a whole range of ports/protocols and are able to write to disk etc.... they are pretty unsafe i think.
 
Old 04-23-2006, 06:06 AM   #29
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119
You might want to try a Jabber client. Jabber is the only ratified IM protocol, it is a fully open standard, and does not use a lot of ports to connect to others. You can make communication safe using SSL connections between server and clients.
Gaim understands the Jabber protocol, as do Kopete and Psi for instance. There are many more good clients (mcabber is a console app for instance), just pick one you like. I use Psi and mcabber on Linux, and Gaim on Windows. The advantage of Psi and mcabber is that they are Jabber-only, whereas Gaim and Kopete are multi-protocol (and have to deal with bugs in all these protocols and the plugin architecture). I have made Slackware packages for both psi and mcabber btw.

Eric
 
Old 04-23-2006, 06:26 AM   #30
-=Graz=-
Member
 
Registered: Jan 2006
Location: Australia
Distribution: Fedora, Slackware, RHEL, AIX, HP-UX
Posts: 358

Rep: Reputation: 31
Alien Bob, Cool! this sounds good... Are these clients capable of using networks like MSN or ICQ? Or do your buddies have to also have the same software?
The only reason i have aMSN on this thing is just because all my friends use it in Windows. I like ICQ for the 'free SMS' feature..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Antivirus and Firewall fireemblem555 Linux - Newbie 4 01-20-2006 03:30 AM
Antivirus and Firewall zaq12wsx Linux - Newbie 6 11-10-2004 08:39 AM
Firewall and Antivirus giill Linux - Software 4 11-21-2003 08:10 AM
antivirus/firewall mullet Linux - Security 1 11-10-2003 03:18 PM
Recommendations for firewall (Slack 9.0) PapaNoHair Slackware 9 04-20-2003 03:19 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 09:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration