RE: new install, Firewall, anti-virus?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





> From: chris@xxxxxxxxxxx
> To: fedora-list@xxxxxxxxxx
> Date: Tue, 10 Nov 2009 19:53:34 -0500
> Subject: Re: new install, Firewall, anti-virus?
>
> On Wed, 2009-11-11 at 00:15 +0000, Jim Douglas wrote:
> > I just trashed Windows 7 and installed FC11 but before I connect to
> > the internet how best could I protect the machine?
> >
> > Is the firewall up and running by default effective? It's a home
> > machine but I plan on adding a web server.
> >
> > What is the best anti-virus?
> >
> > (Bye, bye windows!)
> >
> > Thanks,
> > Jim
>
> Hi Jim,
>
> You should definitely use the built-in firewall along with SELinux.
> There are several firewall tools available withing Fedora; they pretty
> much all use iptables to do the actual filtering, and vary only in the
> complexity of the rulesets which they create.
>
> As far as anti-virus solutions go, you will find very few on Linux, and
> most of those are for scanning Windows viruses (e.g., if acting as a
> fileserver or mailserver to Windows computers). It's not that Linux
> viruses have never been created, it's just that we patch the
> vulnerability that the virus attacks rather than spend energy writing
> and circulating virus signatures and so forth. For best protection, keep
> your system up-to-date using the built-in tools (if you're using this as
> a desktop system, you'll get a notification when updates are available,
> which will be frequently; if you're using this as a server and not
> logging in very often, you should consider enabling automatic updates).
>
> A couple of other things:
> - Disable remote root access -- "PermitRootLogin No"
> in /etc/ssh/sshd_config
>
> - Ensure that your passwords are not easy to guess -- there are a number
> of slow brute-force attacks active out there.
>
> - If running a webserver, you may need to set some SELinux booleans to
> enable particular web applications (assuming you're serving more than
> sta>
> A couple of other things:
> - Disable remote root access -- "PermitRootLogin No"
> in /etc/ssh/sshd_configtic web pages). Do this carefully, and don't enable more access than
> necessary. This will prevent an exploited web script from doing things
> that it should not. To be extra safe/paranoid, run the webserver in a
> virtual machine (which has the side effect of making it easier to move
> to another system, e.g., put it on a laptop temporarily when you upgrade
> your main machine or replace hardware).
>
> --
> Chris
>
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines


how can I open with kwrite as root and edit the file?

>
> A couple of other things:
> - Disable remote root access -- "PermitRootLogin No"
> in /etc/ssh/sshd_config

Thanks,
Jim


Bing brings you maps, menus, and reviews organized in one place. Try it now.
-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux