desktop linux security (was Re: Is my computer safe enough if I use just iptables?
Marius Andreiana
mandreiana at rdslink.ro
Fri Oct 15 13:59:39 UTC 2004
On Fri, 2004-10-15 at 09:29 -0400, Harry Hoffman wrote:
> Simply put *NO* you are not safe enough. At the very least I would run a
> personal proxy (such as privoxy).
>
> A bit more paranoid... Turn off java and javascript. Prompt for all
> cookies and then only allow them to be session cookies.
>
> Even more paranoid... Setup your iptables to DROP by default INPUT and
> OUTPUT. Log the OUTPUT attempts and decide what should be passed (That
> way any "funny business" is less likely to happen).
I disagree with these. What home user would do this and then still have
time to browse properly and use the computer?
Real-life steps:
1. install only needed software. Don't perform an "everything" install
if you don't need everything.
2. enable firewall in anaconda at install time. Don't enable any ports
if you don't need them
3. System Settings -> Server Settings -> Services. Enable iptables, look
at others if they are needed.
4. Install tripwire from fedora extras
5. skim through root's mails (tripwire, logwatch)
Suggestions welcome.
--
Marius Andreiana
Galuna - Solutii Linux in Romania
http://www.galuna.ro
More information about the fedora-list
mailing list