Re: new install, Firewall, anti-virus?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2009-11-11 at 00:15 +0000, Jim Douglas wrote:
> I just trashed Windows 7 and installed FC11 but before I connect to
> the internet how best could I protect the machine?
> 
> Is the firewall up and running by default effective? It's a home
> machine but I plan on adding a web server.
> 
> What is the best anti-virus?
> 
> (Bye, bye windows!)
> 
> Thanks,
> Jim

Hi Jim,

You should definitely use the built-in firewall along with SELinux.
There are several firewall tools available withing Fedora; they pretty
much all use iptables to do the actual filtering, and vary only in the
complexity of the rulesets which they create.

As far as anti-virus solutions go, you will find very few on Linux, and
most of those are for scanning Windows viruses (e.g., if acting as a
fileserver or mailserver to Windows computers). It's not that Linux
viruses have never been created, it's just that we patch the
vulnerability that the virus attacks rather than spend energy writing
and circulating virus signatures and so forth. For best protection, keep
your system up-to-date using the built-in tools (if you're using this as
a desktop system, you'll get a notification when updates are available,
which will be frequently; if you're using this as a server and not
logging in very often, you should consider enabling automatic updates).

A couple of other things:
- Disable remote root access -- "PermitRootLogin No"
in /etc/ssh/sshd_config

- Ensure that your passwords are not easy to guess -- there are a number
of slow brute-force attacks active out there.

- If running a webserver, you may need to set some SELinux booleans to
enable particular web applications (assuming you're serving more than
static web pages). Do this carefully, and don't enable more access than
necessary. This will prevent an exploited web script from doing things
that it should not. To be extra safe/paranoid, run the webserver in a
virtual machine (which has the side effect of making it easier to move
to another system, e.g., put it on a laptop temporarily when you upgrade
your main machine or replace hardware).

--
Chris

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux