Fedora 18 security questions.

Tim ignored_mailbox at yahoo.com.au
Fri Mar 22 06:11:59 UTC 2013

On Thu, 2013-03-21 at 07:31 -0700, William Mattison wrote:
> I have a single desktop connected only to the internet.  It's
> dual-boot: Fedora 18 and windows 7 home.  In Fedora, it has more than
> one user id.
> I skimmed/read through the Fedora 18 security guide, and much of the
> Fedora 18 installation guide and the Fedora 18 sys. admin. guide.  As
> best as I can tell, the only thing that I need to do is make sure the
> default firewall is active 

And what does a firewall do to help you?  Acts as a barrier between
outsiders and services on your computer that can be connected to.  If
you have no servers listening out for connections, there's little to
worry about.  It's far more important to set up any servers properly,
than to just plonk a firewall up hoping that it'll do what you like.
Especially if you're one of those people who keep on disabling the
firewall to get some task done (who's then left all their badly
configured services vulnerable while they did that).

What would be a listening server?  People who install Apache or mail
servers, to try them out (could be you, but we don't know, and they
don't listen to the world by default).  People who have NFS servers for
file serving between machines (not you, by your description).  People
who have SSH servers running for remote access to a terminal (not needed
by you, possibly, but we don't know if you're going to log in from the
internet back to home, and I don't recall whether one's installed and
running by default).

As for surprise exploits, you've got pretty much two vectors in Linux:
Something wrong with the web browser.  And users installing random
software from the internet without due care.  Neither of which a
firewall is going to protect you from.  Because such exploits are going
to send out a connection, firewalls rarely stop outgoing connections,
and any responses will be allowed through most firewalls for being
*related* to an allowed outgoing connection ("related" connections are
usually allowed to go through firewalls).

Hence, the importance of learning your software (what you have running,
and how it's supposed to work), and not depending on magic firewalls.

In Windows the situation is similar, except that you have less control
over the services that it may be running.  There's a plethora of them,
with little configuration options presented to the ordinary user.  Hence
the user reliance on firewalls.  And people are prone to installing
really bad software, hence the reliance on anti-malware of various

[tim at localhost ~]$ uname -r

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.

More information about the users mailing list