# N00b wonders about security

## Garepjotr

Ok i know im lazy but i just cant go over 200 topics just for some things... i cant read that long on a screen. anyway:

Im a a linux n00b and i just inttalled Gentoo (after 3 weeks of effort). Me being happy with my acomplishment recieves a mssg: asking if i tought about security before i intall a OS like linux coz it isnt a n00b OS like Windhoos (wich i know). The guy was quite pissed or sumthing, calling me a script kiddie and a fool for installing linux for fun :S... ( i installed it to learn). Anyway:

It did get me wandering wat kind of securitie issues are vital for (gentoo)linux. He said there where many exploits and stuff. 

U ppl got any tips/triks/advices for the security of my linux installation??

----------

## NeddySeagoon

Garepjotr,

The most essential thing is to keep your system up to date.

Do and emerge sync followed by emerge world -uD to get everything.

How often depends on your degree of paranoia.

Second, if you have always on internet, run a firewall. A dedicted PC is best but setting up iptables is probably OK. It will keep script kiddies out anyway. 

Regards,

NeddySeagoon

----------

## Garepjotr

ok thnx... i have a router wich can have iptables i think... how should i configure it

----------

## NeddySeagoon

Garepjotr,

I use Smoothwall for a fiewall on a dedicated PC. There's lots of stff on Google on configuring firewalls.

Regards,

NeddySeagoon

----------

## Atom Smasher

I have a linksys router and have its internal firewall setup.  Is this enough or is some other dedicated machine better? ??

Also,  is there an emerge for the latest patches or just do emerge world  ??

thanks

----------

## k12linux

 *Atom Smasher wrote:*   

> Also,  is there an emerge for the latest patches or just do emerge world  ??

 

emerge rsync

emerge -up world (list availble updates)

emerge -u world (install them)

The only tricky part can be updating config files using etc-update afterwards.

----------

## k12linux

 *Garepjotr wrote:*   

> U ppl got any tips/triks/advices for the security of my linux installation??

 

Keep your system up to date.  And at the very least, emerge iptables and set up a /var/lib/iptables/rules-save file with something like this:

:INPUT DROP [0:0]

:FORWARD DROP [0:0]

:OUTPUT ACCEPT [0:0]

[0:0] -A INPUT -i lo -j ACCEPT 

[0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Then rc-update add iptables default followed by /etc/init.d/iptables start

----------

## Private_X

Garepjotr:

Have a look at the gentoo-security-howto -> http://www.gentoo.org/doc/en/gentoo-security.xml. Thats probably what you are looking for.

----------

## Garepjotr

ok thnx all for the support... i'll loolk @ it as soon as im sober again  :Wink: 

----------

## 100%hound_dog

if you are going to setup a firewall which I would encourage, you will have to compile netfilter\iptables support into the kernel and then emerge iptables. I liked the simplicity of the rules metioned in one of the above threads, but you will probably need to add some of your own if you plan on using it as any type of server or administering it with ssh. Maybe you would also like to install tripwire on you system for a little more security. Tripwire is pretty easy to set up, just emerge it and go to the /etc/tripwire directory and run the install script. Tripwire is neat for understanding what your operating system is doing in that it will give you a great behind the scences tour of what goes on with rotating and deleting log files, tmp files and such. In case you are hacked it would be even more useful in that you could see what files were deleted or altered. Have fun and good luck

----------

## Garepjotr

wow... i just checked on this tread and i was reading ur replys.... and then i see one of my replys :S

 *Quote:*   

> 
> 
> ok thnx all for the support... i'll loolk @ it as soon as im sober again 
> 
> 

 

i must have been really drunk since i couldnt remeber that i looked @ it before... but anyway thnx

i did emerge world -uD and emerge iptables and now i have something that lets my configure iptables graficaly... i wil look @ the howto's 2

----------

## professorn

A proxy is also an alternative if he's going to dedicate a firewall machine. It will also be harder to setup but will (hopefully) give better prot. But its maybe most efficent if you have users....

----------

