I have been mostly just reading this forum, but I decided it is time to comment on this thread. <div><br></div><div>To Craig, I agree. Courtesy and respect would go a long way in making this forum more attractive to new attendees. I find myself afraid to post questions because of some of the snide responses. </div>
<div> </div><div>To Jake, Wow, excellent advice, which I plan on taking myself since I am about to abandon Suse for fedora, the reason I have been reading this forum. Thank you for such clear and well thought out instruction. </div>
<div><br></div><div>To Linda, good luck in securing your system. I looks like you got some good advice.<br><br><div class="gmail_quote">On Thu, Dec 15, 2011 at 8:08 AM, Jake Shipton <span dir="ltr"><<a href="mailto:jakems@fedoraproject.org">jakems@fedoraproject.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 14/12/11 23:13, Linda McLeod wrote:<br>
> Re: Screensaver takes too much time to fade-out the previous pix, but...<br>
> Re: "RE: F14 login fails on backup copy; gdm error?"<br>
><br>
> From:<br>
> "Joe Zeff" <<a href="mailto:joe@zeff.us">joe@zeff.us</a>><br>
> To:<br>
> <<a href="mailto:users@lists.fedoraproject.org">users@lists.fedoraproject.org</a>><br>
><br>
><br>
><br>
> "Extraordinary claims require extraordinary proof. What evidence do you<br>
> have that strangers have targeted your machine and repeatedly trashed<br>
> it?"<br>
><br>
><br>
> The evidence is in this 5-inch stake of evidence, and in this box beside<br>
> the tower.. which proves that they destroyed a lot of my property, and<br>
> proves that psychotic-humans destroyed their greatest scientist yet...<br>
><br>
><br>
><br>
> "What have you done to make your computer either an easier or harder<br>
> target?"<br>
><br>
> Everything I could understand, in the many Linux forums...<br>
<br>
><br>
</div>Okay.. Let's talk security :-).<br>
<br>
Right so before I get started I would like to say:<br>
<br>
If you are serious about making your machine secure, you will have to<br>
learn a thing or two about security. Reason being: a machine is only as<br>
secure as you make it. (Regardless of OS)<br>
<br>
In this mail I will try to give you some basic security tips which<br>
should get you a bit more secure than you appear to be now. From my own<br>
personal experience.<br>
<br>
You claim to have people "targeting" you.. and considering what you say<br>
and claim it wouldn't surprise me. But anyhow, that's not what I am here<br>
to discuss :-).<br>
<br>
So, first things first. If your machine has recently been targeted and<br>
"trashed", reinstall the OS. Chances are, if they got in once, they<br>
probably left them selves a nice easy backdoor (rootkit even).<br>
<br>
The safest and quickest way to remove one of these on a home computer is<br>
to just wipe the OS (They can be removed manually, but that takes a bit<br>
more skill..) - Install the very latest version of Fedora (16), (if<br>
using Fedora, I'm assuming you are as your on a Fedora list)<br>
<br>
Ensure when setting up your system you do not use the same password<br>
twice, or the same password you use anywhere else. Each password should<br>
be unique and should consist of Upper and Lower case letters, Numbers<br>
and Symbols (For example: MyPa55W0rd&2012&2011).<br>
<br>
Once you've got your new shiny OS installed, immediately run "yum<br>
update" as root. Make sure all packages are downloaded and installed.<br>
<br>
The Next step is to find out exactly what you will and won't be using.<br>
Obviously, you will need a GUI if this is a home computer so use yum to<br>
install a desktop environment such as GNOME or XFCE or KDE etc,<br>
depending on your preferences. Personally I prefer XFCE.<br>
<br>
Remove all software which you do not use at all. (You may want to<br>
research things before removing them)<br>
<br>
Now you should set up your firewall (through a GUI if you prefer) ensure<br>
you have no open ports which you do not use. So in Fedora's case open up<br>
system-config-firewall. The first screen you will see probably has a<br>
load of checkboxes next to various service names. You will probably want<br>
to untick if unused the following:<br>
<br>
- SSH (I will explain later how to make one of these a bit more secure.)<br>
- FTP<br>
- HTTP<br>
<br>
and any others of which you do not recognise. Switch to "Other Ports"<br>
ensure this is blank and empty, or if needed open any ports not listed<br>
on previous page which you _NEED_.<br>
<br>
Go to trusted interfaces. Also mostly should pretty much be all unticked<br>
unless otherwise required.<br>
<br>
Switch to ICMP Filter, and tick the following:<br>
<br>
- Echo Reply<br>
<br>
Now click apply (You'll be amazed how many people forget to click apply<br>
and just close the firewall settings..)<br>
<br>
Okay cool, so that's your firewall sorted (For now)<br>
<br>
Let's move onto securing services, and disabling one's you do not use.<br>
<br>
For example, you said you have no idea what SSH is, if I remember<br>
correctly this is enabled by default. If you do not use it disable it:<br>
<br>
systemctl disable sshd.service<br>
<br>
Do the same for other unused services (Be very careful with this though...)<br>
<br>
Just as a safecheck ensure you do have your firewall enabled:<br>
<br>
systemctl enable iptables.service<br>
and<br>
systemctl enable ip6tables.service<br>
<br>
Now lets talk system logs. System logs are a great way to detect odd<br>
behaviour on your machine. Most machines report these by default with<br>
"logwatch" so no setup necessary though a quick yum install logwatch<br>
wouldn't hurt to be sure it's actually installed.<br>
<br>
These logs are mailed to the root user (in my case..) at 3am. And<br>
generally speaking while this is a safe place for them to go, it's not<br>
the best of choices to be logging in as root in any case other than to<br>
do administrative tasks.<br>
<br>
So what do you do?<br>
<br>
Simple! you get them forwarded to your normal user account. To do this:<br>
<br>
nano /etc/aliases<br>
<br>
Go right to the bottom and find/add:<br>
<br>
# Person who should get root's mail<br>
root: YourUsername<br>
<br>
Press Ctrl + X to exit and save.<br>
<br>
This change won't take affect until you run the following command:<br>
<br>
newaliases<br>
<br>
Cool! Now your user account will begin receiving all of roots mail.. But<br>
your probably wondering "Okay, so how do I read it?"<br>
<br>
There's two ways to do this.<br>
<br>
1) Use "mail" command<br>
2) Setup dovecot and use a local email client to fetch it.<br>
<br>
For quickness I advise mail command, for seriousness I advise dovecot. I<br>
will not go into explaining dovecot, otherwise this email may end up<br>
rather long :-).<br>
<br>
I personally use Dovecot with Postfix and Thunderbird.. but be warned:<br>
It can get pretty tricky. There are loads of tutorials out there on how<br>
to set these up. But just don't follow the parts of them asking you to<br>
open up ports, or setting up DNS for remote access etc.<br>
<br>
Ideally on a home system you only want root mail to be local to you and<br>
not remotely accessible.<br>
<br>
Just to be sure everything is running, as root run this command:<br>
<br>
logwatch --output mail --range today<br>
<br>
Check your setup method for the said email. Either with mail command as<br>
your normal user, or via email client.<br>
<br>
Now just double check and make sure SELinux is enabled.<br>
<br>
One last thing to setup would probably be "rkhunter". I'll quickly run<br>
through the setup of this.<br>
<br>
"yum install rkhunter" and optionally and recommended "yum install unhide"<br>
<br>
now as root run "rkhunter --update" then "rkhunter -c"<br>
<br>
It'll give a couple of warnings due to it's database is not setup. And<br>
probably a couple of false positives. Just look out for the part where<br>
it scans for rootkits.<br>
<br>
Now seeings as this is a new install chances of being attacked already<br>
are pretty low. So you could go ahead and run:<br>
<br>
"rkhunter --propupd"<br>
then again:<br>
<br>
"rkhunter -c" to verify everything is okay and clean.<br>
<br>
So now you have a basic semi-secure system. This would hold off most<br>
script kiddies and whatnot. And if they do try you'll probably see them<br>
in your logs.<br>
<br>
There is of course more you can do to secure your system such as setting<br>
up fail2ban and tripwire.<br>
<br>
My next advise would be to do the following:<br>
<br>
1) Regularly change your password, say every 3/6 months.<br>
2) Watch your logs<br>
3) Study up on security so you can perform tests against your own<br>
machine. (So you find the holes before they do..)<br>
4) Stay up-to-date with system updates.<br>
5) Don't give anyone your passwords.<br>
6) Don't write down passwords on paper....<br>
<br>
With all of this, I don't think your system will suffer many more<br>
security problems if any. This is basic security (imo) and will keep you<br>
secure, at least more secure than you sound now.<br>
<br>
Hope this helps you stay safe :-).<br>
<br>
PS: Sorry for any grammar issues or misspellings, English is my only<br>
language.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Jake<br>
</font></span><div class="HOEnZb"><div class="h5">--<br>
users mailing list<br>
<a href="mailto:users@lists.fedoraproject.org">users@lists.fedoraproject.org</a><br>
To unsubscribe or change subscription options:<br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/users</a><br>
Guidelines: <a href="http://fedoraproject.org/wiki/Mailing_list_guidelines" target="_blank">http://fedoraproject.org/wiki/Mailing_list_guidelines</a><br>
Have a question? Ask away: <a href="http://ask.fedoraproject.org" target="_blank">http://ask.fedoraproject.org</a><br>
</div></div></blockquote></div><br></div>