|
How to secure a slackware workstation
I work in a windows environment, but have the freedom to use the desktop of my choice. The desktop of my choice happens to be Slackware, I converted from Windows a long time ago, and now my wife (who barely knows a mouse from a toaster) is using Slackware for her desktop, and loves the stability.
At work, they have strict security policies for Windows. We run anti virus and website monitoring software. My questions is, how would one secure a Slackware workstation? I'm looking specifically on resources on running antivirus on the box (are there any viruses that Slackware is susceptible to?) and maybe a firewall. I have write access to both Windows and linux shares that are production servers and repositories, and it would be extremely bad if something got loose that went out and started messing with or deleting files. |
You can use Eric's firewall script.
http://www.slackware.com/~alien/efg/ Save the script as rc.firewall to your hard drive. As root make the script executable by issuing this command: # chmod +x rc.firewall. Then copy the script to /etc/rc.d by issuing this command: # cp rc.firewall /etc/rc.d Start your new firewall by issuing this command: # /etc/rc.d/rc.firewall start You can also use rkhunter to check your unit for malware and trojans. I don't worry too much about virus activity on Slackware. Run your Slackware station as a regular user and patch it with the latest security updates. http://slackbuilds.org/repository/14.0/system/rkhunter/ |
Quote:
*) little BLOBs which infect executables and hop from binary to binary. The current black hat industry is money-driven, so investments in malware development have to pay off. And there is big advantage of Slackware Linux: The usual suspects don't support this platform, because it's to exotic to make a return: So you can't play a Blu-ray disc, but you can't run ZeuS or Stuxnet either. You of course can run a program to scan for so-called signatures of "unwanted software" (for Windows). But this is a failed concept, that almost doesn't work in practice. The "security industry" (which sells nice yellow boxes) already lost this war. The usual security threat, a Slackware box sees, targets network services: remote shell access, web servers, mail access, databases and so on. So to mitigate such risks on a workstation do not expose server software to the network. Or ever better to not install or run something like this at all. |
Been using slack for a fair few years, the most dangerous thing I've had to deal with so far has been my own fingers.
*tappety tap, tappety tap* <return> "wtf?" "oh *bleep*" Make backups, keep them offline - mostly fingerproof that way :) |
If this is in an office setting, while viruses for *Linux* aren't very prevalent, you may wish to prevent Windows viruses spreading to Windows computers via network shares (either hosted on the Linux box or accessible to the Linux box). ClamAV is the standard I think. To detect Linux compromises, rkhunter and chkrootkit (use both!) are good tools.
|
Quote:
DNA AKA ascii |
For physical security see README_CRYPT.TXT that comes on the Slackware DVD. Using LVM and and a fully encrypted system will give you a big measure of peace of mind especially with a laptop.
DNA AKA ascii |
Quote:
The advice offered here for a firewall script and the root kit checkers is a good start. There are some antivirus software available for Linux based systems. Read a bit to see what has the best reviews for enterprise environments. I suspect a significant majority of Slackers do not run any antivirus software, but you are trying to address your own usage within an enterprise environment, where usage and needs are different. Remember that in addition to the firewall script, to disable unnecessary services. Check to see whether any needed services can be run from within inetd. Etc. Check into screen locking features of whatever desktop you are using. When you leave the desktop press the keyboard shortcut to invoke a screen lock. As you are using a Linux based system, remember that with a multi-user system anybody can toggle to an alternate console to login. If you are paranoid of other users possibly disable automounting of removable devices. The more paranoid you want to be, the more you'll want to harden your workstation. :) A sane approach: Are you doing this on your own or are the employers requiring these additions? If the former then common sense likely will be sufficient. If the latter then you probably need to abide whatever requirements they have. |
I wrote a howto on basic security:
http://docs.slackware.com/howtos:sec...basic_security There are more howtos there as well, so check those too. |
Quote:
As others wrote above, the risk for malware is that such programs are distributed over the network idependently of the OS. Malware is not dangerous for your Slackwaremachine, but if it goes from your machine to a Windows-share it can be dangerous for the Windows-computers. So it would (probably) make sense to install clamav on the Slackware-workstation. Also if your Slackware-computer at home is connected to a router, you will (at least for a Slackware-computer) not need an additional firewall. Markus |
Quote:
|
| All times are GMT -5. The time now is 12:54 PM. |