Hey, Jim: On Tue, Nov 10, 2009 at 19:15, Jim Douglas <jdz99@xxxxxxxxxxx> wrote: > Is the firewall up and running by default effective? It's a home machine but > I plan on adding a web server. The default Fedora firewall is pretty good. Just make sure that the 'iptables' service is running (should be, by default). You can use the GUI 'system-config-services' tool to look at what's running, or run 'sudo service iptables status' from the command line. About that web server... See below for an opinion on that. > What is the best anti-virus? In my experience, most Linux users/systems don't bother. I think it's generally considered to be a low-probability threat on Linux. You can certainly use ClamAV (open-source signature-based AV), but I don't know how much it will integrate with your other programs' usage. You're almost definitely NOT going to find the kind of comprehensive, all-seeing, all-knowing, checks-all-file-access AntiVirus suite that you've grown to know in the Windows world. Here are some basic local desktop usage rules that should keep you pretty safe: - Run a firewall that blocks unsolicited Internet traffic. - Don't run anything as 'root'. Configure and use 'sudo', and keep the password checking turned on, even though it's a little hassle. - Keep any data that you want to protect in your home directory, and remove access to your home dir for "other" (non-owner, non-group) users. - Make regular backups of your home directory, and store your backups on physically separate media (a remote machine, maybe, or an external hard drive). Keep your backup disk physically disconnected when you're not making/restoring a backup, or at least change the ownership and permissions of the stored backups so that only 'root' can access or modify them. Now, about your web server: Lots of people do this, and it can be perfectly safe. BUT: Any internet-accessible service represents a potential vector of attack. If you take the precautions outlined above, but you poke a hole in the firewall to allow HTTP/HTTPS traffic to your web server, you have to treat that web server process a little more carefully. Read up on securing your web server, and make sure you understand the security mechanisms (SELinux, chroot, privilege separation, filesystem perms, etc.) that are in place. You will probably be OK--a little effort/knowledge will make the next guy a bigger target than you. Good luck. -Ryan -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines