|
> From: chris@xxxxxxxxxxx > To: fedora-list@xxxxxxxxxx > Date: Tue, 10 Nov 2009 19:53:34 -0500 > Subject: Re: new install, Firewall, anti-virus? > > On Wed, 2009-11-11 at 00:15 +0000, Jim Douglas wrote: > > I just trashed Windows 7 and installed FC11 but before I connect to > > the internet how best could I protect the machine? > > > > Is the firewall up and running by default effective? It's a home > > machine but I plan on adding a web server. > > > > What is the best anti-virus? > > > > (Bye, bye windows!) > > > > Thanks, > > Jim > > Hi Jim, > > You should definitely use the built-in firewall along with SELinux. > There are several firewall tools available withing Fedora; they pretty > much all use iptables to do the actual filtering, and vary only in the > complexity of the rulesets which they create. > > As far as anti-virus solutions go, you will find very few on Linux, and > most of those are for scanning Windows viruses (e.g., if acting as a > fileserver or mailserver to Windows computers). It's not that Linux > viruses have never been created, it's just that we patch the > vulnerability that the virus attacks rather than spend energy writing > and circulating virus signatures and so forth. For best protection, keep > your system up-to-date using the built-in tools (if you're using this as > a desktop system, you'll get a notification when updates are available, > which will be frequently; if you're using this as a server and not > logging in very often, you should consider enabling automatic updates). > > A couple of other things: > - Disable remote root access -- "PermitRootLogin No" > in /etc/ssh/sshd_config > > - Ensure that your passwords are not easy to guess -- there are a number > of slow brute-force attacks active out there. > > - If running a webserver, you may need to set some SELinux booleans to > enable particular web applications (assuming you're serving more than > sta> > A couple of other things: > - Disable remote root access -- "PermitRootLogin No" > in /etc/ssh/sshd_configtic web pages). Do this carefully, and don't enable more access than > necessary. This will prevent an exploited web script from doing things > that it should not. To be extra safe/paranoid, run the webserver in a > virtual machine (which has the side effect of making it easier to move > to another system, e.g., put it on a laptop temporarily when you upgrade > your main machine or replace hardware). > > -- > Chris > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines how can I open with kwrite as root and edit the file? > > A couple of other things: > - Disable remote root access -- "PermitRootLogin No" > in /etc/ssh/sshd_config Thanks, Jim Bing brings you maps, menus, and reviews organized in one place. Try it now. |
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
