Re: [Fedora] Seeing input on Securing the Linux system from intrusions and attacks.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Daniel B. Thurman wrote:
I have finally got my F8 setup and running so now I am reviewing the
security issues that needs to be taken into account.

I have looked into trying many things to protect and harden my systems,
but I thought I'd ask members what they are doing/using to defend their
systems against attacks and unwanted intrusions?  Would it be neat
if there was an automatic non-human defender to do it for you while you
sleep?  Dream on.

I would like to focus on securing Fedora. I have tried snort w/Base etc.,
Tripwire, Fam, nmap, Iptable techniques, and so on.

Does anyone have any advice, links to great sites focused on security
and how to secure your linux box against intrusions and attacks?


What you need to do depends on what you're trying to protect. If you're not running any servers, then things are pretty cheesy - you only need to worry about invited data (websites you visit, email you receive and such)....

I don't run Fedora for anything important. I don't know how serious the Fedora project is about security, but I see the the need to keep upgrading to be a security hazard in itself. Where I want updates for an extended period, I prefer a RHEL clone or Debian.

I content myself with a vpn (openvpn) to secure remote access, shorewall for my firewall. I don't use hosts.{allow,deny} - I don't see that they offer anything much that iptables can't do.

Typically my firewalls allow ssh from those IP addresses I might use (only Australian, not all), and rate-limited from others (in case I got it wrong).

I also limit access to remote sites; my systems cannot be used to port-scan others.

I also keep an eye on my logs; I've spotted some virus-infected Windows laptops over time.

Finally (I think) I use the firewall to help control spam; if spam gets through my other countermeasures, I often block entire /24 (and larger, up to /11 in one case) networks from which I receive spam.



Thanks!


No virus found in this outgoing message.
Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.17.9/1198 - Release Date: 12/26/2007 5:26 PM


--

Cheers
John

-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx  Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux