Securing Linux

[PastEgo]

okay so i am relatively new to linux

tywais mentioned that ubuntu is less secure than suse and free bsd is really secure

so how do i go about securing my ubuntu

does anyone know the titles of any good books or websites

maybe someone can even throw a pointer or two or more

thanks

PastEgo

[Richard-BKK]

Hello PastEgo,

Secure, in which form... security on computers has scare levels, is it against web-intrusion... breaking into your computer manually by keyboard access, or by theft of your notebook?

For most Linux in general is better then MS Windows, FreeBSD is really strong to network intrusion, but not so strong to direct intrusion (keyboard or computer access).

Personally I not belief that FreeBSD is going a much better job in networking protection, they by default block everything, many unexperienced network managers get lost in the settings of FreeBSD.

I use a simple Firewall, which I used from the time the project started, it is simple click and select firewall for Linux... probably there are more now-a-day... but this one works great for me. I use Firestarter... it is available for most Linux distributions....

[PastEgo]

firestarter is installed as part of ubuntu

yes i have set it up very easy

i was just wondering if there is anything else i need to do or should do

maybe change my account so it doesn't have root privs via sudo and create a special admin account

just playing with ideas thats all

[Richard-BKK]

Again, what we protecting against. Are you scared somebody will steal your notebook, or are you affright of somebody getting access to your data by network access?

[Crushdepth]

Ubuntu should give you an adequate level of security for use on a desktop or notebook, and supposedly doesn't listen on any ports out of the box. If you installed Firestarter and keep your machine patched (and have a good password) its unlikely you are going to have a problem. Life gets more interesting if you want to run it as an internet facing webserver or start opening up ports/services on your network (ie. opportunities for abuse).

If you are worried about losing a laptop with sensitive information on it then you really need to encrypt the data because your account password offers no protection at all against someone with physical access to the machine (eg. you can turn password authentication off in the grub bootloader).

[dave_boo]

Disable any and all services you aren't using. Are you printing from that computer? No CUPS. Are you running a webserver? No SAMBA. No NFS. Here's a pretty good read on network security, and going to the main page will give you old, but still relevant information.

[PastEgo]

richard sorry for the delay

it is a desktop pc no network

plugged in via router to net

dave that is what i was after just could not phrase it right i did the same in xp ages ago but thats got more security holes than a sieve

disabling services i do not use that could possibly pose a security risk thank you

[PastEgo]

anyone got a good link to a list of unessary services ii can turn off

thick question samba i run apache er help

[jackdanielsesq]

I believe most ex M$ folks are para. Linux, in all shapes/sizes is pretty secure 24/7.

I run everything as root - always have since I learned how to dress myself - because I refuse to be treated like a kid.

I used to run W2K & XP without AV in LA, USA even and never got into trouble. Of course, one has to be extremely careful all the time,

but that is life in the fast lane, period. A bunch of us did that, even some ZDNET folks.

I have never had a problem with any Linux in over 5 years of intensive net work, ever.

There are more false positives every day. Stay sane, turn off unnecessary services - ctrl+esc - until it drops out and look for all the

heavy resource users and abusers. I do that right from the get-go anyways.

Live fast, die young und have a good looking corpse.

BR>Jack