Screensaver takes too much time to fade-out...

Thu Dec 15 13:30:58 UTC 2011

I have been mostly just reading this forum, but I decided it is time to
comment on this thread.

To Craig, I agree.  Courtesy and respect would go a long way in making this
forum more attractive to new attendees.  I find myself afraid to post
questions because of some of the snide responses.

To Jake, Wow, excellent advice, which I plan on taking myself since I am
about to abandon   Suse for fedora, the reason I have been reading this
forum.  Thank you for such clear and well thought out instruction.

To Linda, good luck in securing your system.  I looks like you got some
good advice.

On Thu, Dec 15, 2011 at 8:08 AM, Jake Shipton <jakems at fedoraproject.org>wrote:

> On 14/12/11 23:13, Linda McLeod wrote:
> > Re: Screensaver takes too much time to fade-out the previous pix, but...
> > Re: "RE: F14 login fails on backup copy; gdm error?"
> >
> > From:
> >     "Joe Zeff" <joe at zeff.us>
> > To:
> >      <users at lists.fedoraproject.org>
> >
> >
> >
> > "Extraordinary claims require extraordinary proof.  What evidence do you
> > have that strangers have targeted your machine and repeatedly trashed
> > it?"
> >
> >
> > The evidence is in this 5-inch stake of evidence, and in this box beside
> > the tower.. which proves that they destroyed a lot of my property, and
> > proves that psychotic-humans destroyed their greatest scientist yet...
> >
> >
> >
> > "What have you done to make your computer either an easier or harder
> > target?"
> >
> > Everything I could understand, in the many Linux forums...
>
> >
> Okay.. Let's talk security :-).
>
> Right so before I get started I would like to say:
>
> If you are serious about making your machine secure, you will have to
> learn a thing or two about security. Reason being: a machine is only as
> secure as you make it. (Regardless of OS)
>
> In this mail I will try to give you some basic security tips which
> should get you a bit more secure than you appear to be now. From my own
> personal experience.
>
> You claim to have people "targeting" you.. and considering what you say
> and claim it wouldn't surprise me. But anyhow, that's not what I am here
> to discuss :-).
>
> So, first things first. If your machine has recently been targeted and
> "trashed", reinstall the OS. Chances are, if they got in once, they
> probably left them selves a nice easy backdoor (rootkit even).
>
> The safest and quickest way to remove one of these on a home computer is
> to just wipe the OS (They can be removed manually, but that takes a bit
> more skill..) - Install the very latest version of Fedora (16), (if
> using Fedora, I'm assuming you are as your on a Fedora list)
>
> Ensure when setting up your system you do not use the same password
> twice, or the same password you use anywhere else. Each password should
> be unique and should consist of Upper and Lower case letters, Numbers
> and Symbols (For example: MyPa55W0rd&2012&2011).
>
> Once you've got your new shiny OS installed, immediately run "yum
> update" as root. Make sure all packages are downloaded and installed.
>
> The Next step is to find out exactly what you will and won't be using.
> Obviously, you will need a GUI if this is a home computer so use yum to
> install a desktop environment such as GNOME or XFCE or KDE etc,
> depending on your preferences. Personally I prefer XFCE.
>
> Remove all software which you do not use at all. (You may want to
> research things before removing them)
>
> Now you should set up your firewall (through a GUI if you prefer) ensure
> you have no open ports which you do not use. So in Fedora's case open up
> system-config-firewall. The first screen you will see probably has a
> load of checkboxes next to various service names. You will probably want
> to untick if unused the following:
>
> - SSH (I will explain later how to make one of these a bit more secure.)
> - FTP
> - HTTP
>
> and any others of which you do not recognise. Switch to "Other Ports"
> ensure this is blank and empty, or if needed open any ports not listed
> on previous page which you _NEED_.
>
> Go to trusted interfaces. Also mostly should pretty much be all unticked
> unless otherwise required.
>
> Switch to ICMP Filter, and tick the following:
>
> - Echo Reply
>
> Now click apply (You'll be amazed how many people forget to click apply
> and just close the firewall settings..)
>
> Okay cool, so that's your firewall sorted (For now)
>
> Let's move onto securing services, and disabling one's you do not use.
>
> For example, you said you have no idea what SSH is, if I remember
> correctly this is enabled by default. If you do not use it disable it:
>
> systemctl disable sshd.service
>
> Do the same for other unused services (Be very careful with this though...)
>
> Just as a safecheck ensure you do have your firewall enabled:
>
> systemctl enable iptables.service
> and
> systemctl enable ip6tables.service
>
> Now lets talk system logs. System logs are a great way to detect odd
> behaviour on your machine. Most machines report these by default with
> "logwatch" so no setup necessary though a quick yum install logwatch
> wouldn't hurt to be sure it's actually installed.
>
> These logs are mailed to the root user (in my case..) at 3am. And
> generally speaking while this is a safe place for them to go, it's not
> the best of choices to be logging in as root in any case other than to
> do administrative tasks.
>
> So what do you do?
>
> Simple! you get them forwarded to your normal user account. To do this:
>
> nano /etc/aliases
>
> Go right to the bottom and find/add:
>
> # Person who should get root's mail
> root:           YourUsername
>
> Press Ctrl + X to exit and save.
>
> This change won't take affect until you run the following command:
>
> newaliases
>
> Cool! Now your user account will begin receiving all of roots mail.. But
> your probably wondering "Okay, so how do I read it?"
>
> There's two ways to do this.
>
> 1) Use "mail" command
> 2) Setup dovecot and use a local email client to fetch it.
>
> For quickness I advise mail command, for seriousness I advise dovecot. I
> will not go into explaining dovecot, otherwise this email may end up
> rather long :-).
>
> I personally use Dovecot with Postfix and Thunderbird.. but be warned:
> It can get pretty tricky. There are loads of tutorials out there on how
> to set these up. But just don't follow the parts of them asking you to
> open up ports, or setting up DNS for remote access etc.
>
> Ideally on a home system you only want root mail to be local to you and
> not remotely accessible.
>
> Just to be sure everything is running, as root run this command:
>
> logwatch --output mail --range today
>
> Check your setup method for the said email. Either with mail command as
> your normal user, or via email client.
>
> Now just double check and make sure SELinux is enabled.
>
> One last thing to setup would probably be "rkhunter". I'll quickly run
> through the setup of this.
>
> "yum install rkhunter" and optionally and recommended "yum install unhide"
>
> now as root run "rkhunter --update" then "rkhunter -c"
>
> It'll give a couple of warnings due to it's database is not setup. And
> probably a couple of false positives. Just look out for the part where
> it scans for rootkits.
>
> Now seeings as this is a new install chances of being attacked already
> are pretty low. So you could go ahead and run:
>
> "rkhunter --propupd"
> then again:
>
> "rkhunter -c" to verify everything is okay and clean.
>
> So now you have a basic semi-secure system. This would hold off most
> script kiddies and whatnot. And if they do try you'll probably see them
> in your logs.
>
> There is of course more you can do to secure your system such as setting
> up fail2ban and tripwire.
>
> My next advise would be to do the following:
>
> 1) Regularly change your password, say every 3/6 months.
> 2) Watch your logs
> 3) Study up on security so you can perform tests against your own
> machine. (So you find the holes before they do..)
> 4) Stay up-to-date with system updates.
> 5) Don't give anyone your passwords.
> 6) Don't write down passwords on paper....
>
> With all of this, I don't think your system will suffer many more
> security problems if any. This is basic security (imo) and will keep you
> secure, at least more secure than you sound now.
>
> Hope this helps you stay safe :-).
>
> PS: Sorry for any grammar issues or misspellings, English is my only
> language.
>
> --
> Jake
> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20111215/43e2c905/attachment.html>