Journal GeckoFood's Journal: [geek] Default security settings in Linux 5
With my system running Linux now and having successfully gotten the wireless working, I decided to go find a site that would remotely test my box to see if I have any security holes. Under Vista I have a security suite loaded that blocks port probes and whatnot, so I was curious to see how well the built-in firewall hides my Linux box on the Internet.
The only thing it uncovered was that my system responds to ping requests from the outside. All ports were closed to outside access and no services could be contacted from the outside, which is good. While responding to pings is not a huge security problem, it does make my system a little more visible on the net than I like. But, it is certainly fixable.
Wireshark also provides some interesting information. I was surprised to see all of the traffic flowing to my box, but in every case the traffic had a good explanation - email client, Firefox, instant messenger if I had it loaded and running, jabber from my ISP's servers, etc. It's a tool I will run on occasion to maintain a sanity check on traffic. I know, it's a lot like holding a bucket under a waterfall but I don't need to be overly paranoid. I have used security suites under Windows what give similar feedback and I occasionally picked through the output, and once in a great while I would see something odd like a probe for port 31337.
I have chosen a root password that I can't forget, no one else would ever know unless they know something specific from the past and is likely to never be cracked by a brute-force search.
Do I need an antivirus? It probably doesn't hurt to have one on here but I don't see a need right now. I am not silly enough to log in as root and run everything as the superuser, though I have no problems opening a terminal and working as root to install/uninstall/tweak/administer. I haven't set up sudo yet, though it's on the list.
Though it is probably a paranoid move, I start the network interface manually instead of letting it start up on system boot-up. I would rather have complete control over my system's access to the net.
I should have made this migration a long time ago. It is being driven now by work-related things, though it has been just basic laziness that prevented me from switching over sooner. Up to now my system has been an entertainment device, though I do a few things on here that are more serious (like taxes and balancing the checkbook). I really don't game on here anymore, so there's nothing to really keep me in Windows anymore.
Securing Linux (Score:1)
Pings are not a problem. It only says your machine is online and that's it... It's actually bad form not to reply to pings. Heck, it's even bad form to blackhole all ports. A simple "Closed" is more than enough. Go, and PortScan my machine at jawtheshark.com. No blackholing, and there are even open ports! Do note that your machine does exactly the "Closed" strategy, which means you can keep ping enabled just fine. Why? Because if someone probes your IP address, they will get a "Closed" reply which
Re: (Score:2)
I appreciate all the helpful advice and suggestions you have made. I have actually been running Linux in some form for a long time, but I am only now getting more serious about running it full-time and using it to access the internet. Up to this point it has been more of a hobbyist-level plaything, and I am transitioning into more serious use now.
My posts are not specifically about asking for help (though all help is most welcome!), but rather to keep track of my progress as I go and to document the milesto
Re: (Score:1)
I won't shut up anyway... My transition has been going on for way longer. There is no defined point when I "switched".
Yes, and Mac OS X. I also came from the same mindset as you, and both on Mac OS X as on Ubuntu, I did "sudo passwd" in the beginning. I found I could live without it in the long term. On Debian machines I do have a root password, because, well, it is default Debian behaviour.
Re: (Score:2)
Re: (Score:1)
Is there anything similar to fail2ban for other things such as remote desktop? I use ubuntu, which doesn't allow you to set complex passwords for remote desktop, so right now I am just blocking the port off with my router, and then logging into that and unblocking it if I need to use it.