Security - to be safe on slackware 10.2
 

Hi, i am newbie in slackware.

I want to know what security (firewall, antivirus, logging not with "root") to use, to be safe.
Slackware i am using for home PC without other computers (one PC).

Can somebody give me good advices?

make sure you block all incoming connections with iptables...

get rid of any software you have installed which you don't need...

make sure you always keep your system up to date with the latest patches that patrick volkerding puts out...

use the firefox web browser, and install the noscript extension...

just my two cents...

Edit /etc/inetd.conf and comment out lines representing services you don't need. If I remember right (a long-shot, granted), ports 37 (time) and 113 (auth) are unnecessarily listening. Restart inetd with "/etc/rc.d/rc.inetd restart"

Also, any services you're only using locally (CUPS, Sendmail, X etc. etc.) should be set up to only listen on localhost.

Project Files has a nice rc.firewall script that can be dropped into /etc/rc.d/ (and chmod +x) that blocks all incoming connections by default. It's easy to edit (very well commented). http://projectfiles.com/firewall/ (get the latest 2.0 version).

You can subscribe to the "security" mailing list over at slackware.com for notifications of any necessary updates. Security patches can be found at:

ftp://ftp.slackware.com/pub/slackwar...ches/packages/

There are some 60 updates there for 10.2 -- not all of which you'll need.

Probably a bunch of things I've missed...

or you could also just uninstall inetd... :)

Yeah, exactly. chmod -x on all the stuff you don't want to run. I love the way Pat set stuff up. It's so easy to change without even editing a file!

Auth is used for identification, for example, when you are logging to IRC server. So if you are planning to chat on IRC, don't disable it. Otherwise you will have to wait for server's response.
Sadly, don't know about time purpose.

Thanks for the advices

I want more information please post more :)

I have my slackware box running using DHCP and have it behind a router, a NAT firewall isn't perfect, but, it provides some protection.

well, another thing you could do to harden your box is to recompile your kernel using a stripped-down config (only the options you need) and also you could patch it with the grsecurity patch: http://www.grsecurity.net/

if you need a kernel compile guide here's a neat one:

http://www.digitalhermit.com/linux/K...ild-HOWTO.html

Thanks evrery one for those advises.

good to know those ports are good-for-nothing .... closing ... done. Fine :D

now, why do those 2 ports come open by default if are not used?