Re: [Fedora] Seeing input on Securing the Linux system from intrusions and attacks.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Daniel B. Thurman wrote:

I have finally got my F8 setup and running so now I am reviewing the
security issues that needs to be taken into account.

I have looked into trying many things to protect and harden my systems,
but I thought I'd ask members what they are doing/using to defend their
systems against attacks and unwanted intrusions?  Would it be neat
if there was an automatic non-human defender to do it for you while you
sleep?  Dream on.

I would like to focus on securing Fedora. I have tried snort w/Base etc.,
Tripwire, Fam, nmap, Iptable techniques, and so on.

Does anyone have any advice, links to great sites focused on security
and how to secure your linux box against intrusions and attacks?
What you need to do depends on what you're trying to protect. If you're not running any servers, then things are pretty cheesy - you only need to worry about invited data (websites you visit, email you receive and such)....
I don't run Fedora for anything important. I don't know how serious the Fedora project is about security, but I see the the need to keep upgrading to be a security hazard in itself. Where I want updates for an extended period, I prefer a RHEL clone or Debian.
I content myself with a vpn (openvpn) to secure remote access, shorewall for my firewall. I don't use hosts.{allow,deny} - I don't see that they offer anything much that iptables can't do.
Typically my firewalls allow ssh from those IP addresses I might use (only Australian, not all), and rate-limited from others (in case I got it wrong).
I also limit access to remote sites; my systems cannot be used to port-scan others.
I also keep an eye on my logs; I've spotted some virus-infected Windows laptops over time.
Finally (I think) I use the firewall to help control spam; if spam gets through my other countermeasures, I often block entire /24 (and larger, up to /11 in one case) networks from which I receive spam. 




Thanks!


No virus found in this outgoing message.
Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.17.9/1198 - Release Date: 12/26/2007 5:26 PM 


--

Cheers
John

-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx  Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux