What Linux tools and security??

weegie.geek

JustPassingBy wrote: »

It's entirely the point. If an exploit is fixed within a week (say) you'd be happy. If it took two years you might be a little disgruntled.

What makes you think the time to fix a security hole is of no consequence?

If it was open for 2 years it'd be suicide for that distro/package.

Look at the unreal ircd. I don't think they'll be getting many new users. That's a little more serious than an exploit going unpatched of course.

And it doesn't matter how happy I am, if the service running on my machine gets exploited in the hours, days, weeks, months or years between the exploit being discovered and the exploit being patched, I'd be a bit annoyed. If that could've been avoided by me locking that port down using iptables, I'd be fine.

You seem to think it's ok to leave a port open if the maintainers of the package fix exploits in a timely manner.

You don't know how long an exploit is known to black hats before white hats find out about it. A week of an exploit being officially known could be months of one group of black hats knowing about it.

Mr_Oink

Appears we have a couple of folk in denial about the security aspects of Linux. The simple truth is a restrictive policy is still better security practice than an 'all open' policy. Thankfully I think 'just passing by' is only in charge of a home hobby machine and nothing important :-)

weegie.geek

I don't believe it is, but even if a firewall WAS just paranoia, what harm does it do? Arguing against it is daft. A properly setup firewall either helps or does no harm. Better safe than sorry, no?

JustPassingBy

Mr_Oink wrote: »

Appears we have a couple of folk in denial about the security aspects of Linux.

Well, a couple of folks have clearly demonstrated a default Ubuntu install has no ports open to the internet. Which makes classifying the machine as "entirely open to the outside world" about as far from the actual situation as you can get.

So pointing out that advice to configure a firewall (given in post #23) to block packets to ports which won't accept such packets in the first place is a denial or rejection. But not of security aspects, only of poor and irrational advice.

JustPassingBy

weegie.geek wrote: »

I don't believe it is, but even if a firewall WAS just paranoia, what harm does it do? Arguing against it is daft. A properly setup firewall either helps or does no harm. Better safe than sorry, no?

With no services on the machine being offered to the outside world it is not so much the lack of harm being done but the complete pointlessness of setting up a firewall which is the issue. It gives no benefit. Why bother?

weegie.geek

JustPassingBy wrote: »

With no services on the machine being offered to the outside world it is not so much the lack of harm being done but the complete pointlessness of setting up a firewall which is the issue. It gives no benefit. Why bother?

You'll find that in all my examples there have been services running, as you well know because you and I have been discussing security holes in things. Moving the goalposts to suit yourself?

buzbyxman

fwor
60+ posts and 4 pages, but the OP has not been back as far as we know...[/QUOTE]


fwor Thank you for your concern, but I am confused by most of the replies. My original question was :-

Things like CC cleaner (all for Linux) also things like free fire wall, Anti virus.
Also where is a good site to get these things?
Finally how do I download them??

Now some of this has been answered and thanks to those that have posted. But I have found most of this thread confusing for example "open ports" surely at the end of the day a yes/no with regard to the firewall would suffice? Its good tha a debate has been opened but I have not commented because I feel that I can not further the debate as I do not have the knoledge to do so!
Therefore fwor I wonder what you ment by your comment??

Thanks
:beer:

weegie.geek

For something (say a ftp server or an SSH server) to be accessible from other machines (local or on the internet) they open ports. Port 21 is the standard port for FTP, and port 22 is the standard port for SSH. The daemon will sit and listen for connections on that port.

Some things you'll run but you'll only want them accessible from your lan, or certain internet IPs. There are a few ways to do this, but the most usual way is by setting the firewall to only allow certain IPs to connect to these ports.

As an added layer of security you should probably run things on non-standard ports as well as firewall them, just in case.

Linux doesn't have a habit of dropping files all over your hard drive, and there's no registry to get full of rubbish so there's no real need for a CCleaner type thing on linux.

Most day to day tools you'd want to use you can download through your distro's package manager. It's like add/remove programs in windows, but it will pull apps from the web and install them. apps need to be compiled specifically for your flavour of linux, and are kept in your distro's repositories. The package manager grabs them from the repositories and installs them. Less common apps you'll have to download from the web and install manually, but most things like open office, firefox etc will be a couple of clicks away from being installed, using the package manager.

I don't use any gui linux stuff so I'm not sure what package managers are any good. Someone else will be able to step in and suggest one.

JustPassingBy

weegie.geek wrote: »

You'll find that in all my examples there have been services running, as you well know because you and I have been discussing security holes in things. Moving the goalposts to suit yourself?

Not consciously. What was uppermost in my mind at the time was the rather curious idea being promoted that closed ports needed protection by using a firewall. I was also concerned to explore the notion that being safe rather than sorry was a sound basis for action.

Like you I run ssh. I want it accessible from any IP. I am very confident there are no serious security concerns with the present version of ssh I'm using so I see no need to restrict access to it.

You, on the other hand, do restrict access. That's your choice. It could be done from sshd.conf or using tcp wrappers but for some reason you use iptables (which is commonly called a firewall). That's ok, but note a firewall isn't needed to achieve your objective. Also note ssh is secure anyway and you have set it up securely so your restrictions don't increase security in any way.

Now for these dastardly black hats. They know a way of subverting ssh. We don't care what they know. We only care when they use the methods they have devised. And when they do use them in any significant way we notice and fix the hole.

If these black hats are competent enough to crack ssh they'll also be well into IP spoofing. So what does your firewall (or tcp wrappers) do for you then? That's assuming these black hats are more interested in weegie.geek's machine rather than one on the Bank of England's network.

But what about the time interval between a serious attack on ssh and a fix becoming available? It might only be a couple of days but during that time you're surely at risk if you leave the service running?

There are at least 1000,000,000 machines on the network so the odds of you not being hit are very much in your favour, especially when you factor in the plethora of different software distributions and setups, the nature of the exploit and the time it takes to spread. Some machines will succumb. 1,000? 10,000.? Who knows. Tough. The remainder will upgrade to the new version of ssh and become safe.

JustPassingBy

buzbyxman wrote: »

Things like CC cleaner (all for Linux) also things like free fire wall, Anti virus.
Also where is a good site to get these things?
Finally how do I download them??

You do not need a firewall. You do not need antivirus software. You do not need anything like CC cleaner. All you need to do is learn is how to update and install software.

Just use the machine. Everything will work out fine. You'll be secure and happy.