SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm looking for some suggestions on securing my slackware 15 server. For now it's only running a couple video game servers for my kids and a mariadb (mysql) that I use for development. I have a firewall (dedicated hardware router/firewall/IPS) that only allows the appropriate IP4 ports through however IPv6 is a thing and not knowing as much about it I'm concerned about security on the linux box.
I have disabled SSH password logins, requiring keys.
I stay up to date with slackpkg+
I routinely manually check the last and lastb looking for any strange logins <-- I'd like a more automated way to check this, maybe something like "fail2ban".
I only run the network processes/applications I actively use.
Computer security is one of those topics where asking 10 people for advice results in 12 answers.
Security usually is about risk vs. benefit and how big of a tinfoil hat one wants to wear.
Often security is about layers. For example, an nmap scan would reveal what is open to the world. Although there is a network layer firewall, a simple no frills rc.firewall could be added to ensure nobody hacks the computer if the network firewall is compromised.
Monitoring /var/log/secure might be more useful than monitoring /var/log/wtmp (last[b]).
There might be other ways of securing the environment. For example, development could be contained to inside a virtual machine that has no internet access.
Young children usually are not security concerns. They use whatever parents provide. Just provide them their own login account and let them play. Older children know about the outside world. They tend to get frustrated when they are denied access and start learning or recruiting friends to help them thwart parental controls unless there is a healthy relationship with the parents.
The usual caveats apply -- I'm not a security guru and do not play one on TV.
I did think about that but I'd rather learn the correct way to use it. It is the future of networking. As an educational exercise. If it was a mission critical business production server that didn't need IPv6 That's the way I'd go.
I'm just looking for the most current IPv6 and general system hardening recommendations, without going full paranoia mode.
Computer security is one of those topics where asking 10 people for advice results in 12 answers.
Security usually is about risk vs. benefit and how big of a tinfoil hat one wants to wear.
Often security is about layers. For example, an nmap scan would reveal what is open to the world. Although there is a network layer firewall, a simple no frills rc.firewall could be added to ensure nobody hacks the computer if the network firewall is compromised.
Monitoring /var/log/secure might be more useful than monitoring /var/log/wtmp (last[b]).
There might be other ways of securing the environment. For example, development could be contained to inside a virtual machine that has no internet access.
Young children usually are not security concerns. They use whatever parents provide. Just provide them their own login account and let them play. Older children know about the outside world. They tend to get frustrated when they are denied access and start learning or recruiting friends to help them thwart parental controls unless there is a healthy relationship with the parents.
The usual caveats apply -- I'm not a security guru and do not play one on TV.
Yeah, the kids are teens. I'm not really concerned about them though. Fingers crossed, but so far we still have a great relationship and there is trust there. I'm more concerned about the millions of crazies in *insert foreign country here* doing port scans, seeing that there are open ports (there have to be to host the game servers) and attempting to hack the system. I do have a domain name with a subdomain that points to this system (IPv6) using cloudflare and a bash script that runs daily to update the DNS record.
At least the system is mostly for personal stuff and worst case if someone does compromise it I could format and reinstall, only losing some sleep in the process.
I do agree there are so many opinions about security, but that's why I asked. Sometimes you get some really good ideas that you never even considered before.
If your edge device (router or modem to access the internet) supports IPv6 then the filtering there should support filtering and blocking IPv6. IF it does NOT support IPv6 then you do not have to worry about it passing through IPv6 addressed packets.
Your firewall on your host should have settings for both IPv4 and IPv6 filtering. You can always use that to secure your host, it is what it is made to do.
@dalgrim , If your routing device is a cisco/juniper/... , there is a set of security related reference templates for these and other devices & protocols that may be of use to you ...
Provided by team-cymru these have been of good service to me . Hth , JimL
I'm looking for some suggestions on securing my slackware 15 server. For now it's only running a couple video game servers for my kids and a mariadb (mysql) that I use for development. I have a firewall (dedicated hardware router/firewall/IPS) that only allows the appropriate IP4 ports through however IPv6 is a thing and not knowing as much about it I'm concerned about security on the linux box.
I have disabled SSH password logins, requiring keys.
I stay up to date with slackpkg+
I routinely manually check the last and lastb looking for any strange logins <-- I'd like a more automated way to check this, maybe something like "fail2ban".
I only run the network processes/applications I actively use.
Any other suggestions or resources?
-Brian
I really like fail2ban, you should used.
If is possible try to change the default ports, like 22(ssh) to 30350 or any high number, if you do to others services will be bette.
If you have cloudflare you can put a WAF in from off the application if you web application.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.