Re: new install, Firewall, anti-virus?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Hey, Jim:

On Tue, Nov 10, 2009 at 19:15, Jim Douglas <jdz99@xxxxxxxxxxx> wrote:
> Is the firewall up and running by default effective? It's a home machine but
> I plan on adding a web server.

The default Fedora firewall is pretty good. Just make sure that the
'iptables' service is running (should be, by default). You can use the
GUI 'system-config-services' tool to look at what's running, or run
'sudo service iptables status' from the command line.

About that web server... See below for an opinion on that.

> What is the best anti-virus?

In my experience, most Linux users/systems don't bother. I think it's
generally considered to be a low-probability threat on Linux. You can
certainly use ClamAV (open-source signature-based AV), but I don't
know how much it will integrate with your other programs' usage.
You're almost definitely NOT going to find the kind of comprehensive,
all-seeing, all-knowing, checks-all-file-access AntiVirus suite that
you've grown to know in the Windows world.

Here are some basic local desktop usage rules that should keep you pretty safe:

 - Run a firewall that blocks unsolicited Internet traffic.
 - Don't run anything as 'root'. Configure and use 'sudo', and keep
the password checking turned on, even though it's a little hassle.
 - Keep any data that you want to protect in your home directory, and
remove access to your home dir for "other" (non-owner, non-group)
 - Make regular backups of your home directory, and store your backups
on physically separate media (a remote machine, maybe, or an external
hard drive). Keep your backup disk physically disconnected when you're
not making/restoring a backup, or at least change the ownership and
permissions of the stored backups so that only 'root' can access or
modify them.

Now, about your web server: Lots of people do this, and it can be
perfectly safe. BUT: Any internet-accessible service represents a
potential vector of attack. If you take the precautions outlined
above, but you poke a hole in the firewall to allow HTTP/HTTPS traffic
to your web server, you have to treat that web server process a little
more carefully. Read up on securing your web server, and make sure you
understand the security mechanisms (SELinux, chroot, privilege
separation, filesystem perms, etc.) that are in place. You will
probably be OK--a little effort/knowledge will make the next guy a
bigger target than you.

Good luck.


fedora-list mailing list
To unsubscribe:

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux