Re: Screensaver takes too much time to fade-out...



I have been mostly just reading this forum, but I decided it is time to
comment on this thread.

To Craig, I agree. Courtesy and respect would go a long way in making this
forum more attractive to new attendees. I find myself afraid to post
questions because of some of the snide responses.

To Jake, Wow, excellent advice, which I plan on taking myself since I am
about to abandon Suse for fedora, the reason I have been reading this
forum. Thank you for such clear and well thought out instruction.

To Linda, good luck in securing your system. I looks like you got some
good advice.

On Thu, Dec 15, 2011 at 8:08 AM, Jake Shipton <jakems@xxxxxxxxxxxxxxxxx>wrote:

On 14/12/11 23:13, Linda McLeod wrote:
Re: Screensaver takes too much time to fade-out the previous pix, but...
Re: "RE: F14 login fails on backup copy; gdm error?"

From:
"Joe Zeff" <joe@xxxxxxx>
To:
<users@xxxxxxxxxxxxxxxxxxxxxxx>



"Extraordinary claims require extraordinary proof. What evidence do you
have that strangers have targeted your machine and repeatedly trashed
it?"


The evidence is in this 5-inch stake of evidence, and in this box beside
the tower.. which proves that they destroyed a lot of my property, and
proves that psychotic-humans destroyed their greatest scientist yet...



"What have you done to make your computer either an easier or harder
target?"

Everything I could understand, in the many Linux forums...


Okay.. Let's talk security :-).

Right so before I get started I would like to say:

If you are serious about making your machine secure, you will have to
learn a thing or two about security. Reason being: a machine is only as
secure as you make it. (Regardless of OS)

In this mail I will try to give you some basic security tips which
should get you a bit more secure than you appear to be now. From my own
personal experience.

You claim to have people "targeting" you.. and considering what you say
and claim it wouldn't surprise me. But anyhow, that's not what I am here
to discuss :-).

So, first things first. If your machine has recently been targeted and
"trashed", reinstall the OS. Chances are, if they got in once, they
probably left them selves a nice easy backdoor (rootkit even).

The safest and quickest way to remove one of these on a home computer is
to just wipe the OS (They can be removed manually, but that takes a bit
more skill..) - Install the very latest version of Fedora (16), (if
using Fedora, I'm assuming you are as your on a Fedora list)

Ensure when setting up your system you do not use the same password
twice, or the same password you use anywhere else. Each password should
be unique and should consist of Upper and Lower case letters, Numbers
and Symbols (For example: MyPa55W0rd&2012&2011).

Once you've got your new shiny OS installed, immediately run "yum
update" as root. Make sure all packages are downloaded and installed.

The Next step is to find out exactly what you will and won't be using.
Obviously, you will need a GUI if this is a home computer so use yum to
install a desktop environment such as GNOME or XFCE or KDE etc,
depending on your preferences. Personally I prefer XFCE.

Remove all software which you do not use at all. (You may want to
research things before removing them)

Now you should set up your firewall (through a GUI if you prefer) ensure
you have no open ports which you do not use. So in Fedora's case open up
system-config-firewall. The first screen you will see probably has a
load of checkboxes next to various service names. You will probably want
to untick if unused the following:

- SSH (I will explain later how to make one of these a bit more secure.)
- FTP
- HTTP

and any others of which you do not recognise. Switch to "Other Ports"
ensure this is blank and empty, or if needed open any ports not listed
on previous page which you _NEED_.

Go to trusted interfaces. Also mostly should pretty much be all unticked
unless otherwise required.

Switch to ICMP Filter, and tick the following:

- Echo Reply

Now click apply (You'll be amazed how many people forget to click apply
and just close the firewall settings..)

Okay cool, so that's your firewall sorted (For now)

Let's move onto securing services, and disabling one's you do not use.

For example, you said you have no idea what SSH is, if I remember
correctly this is enabled by default. If you do not use it disable it:

systemctl disable sshd.service

Do the same for other unused services (Be very careful with this though...)

Just as a safecheck ensure you do have your firewall enabled:

systemctl enable iptables.service
and
systemctl enable ip6tables.service

Now lets talk system logs. System logs are a great way to detect odd
behaviour on your machine. Most machines report these by default with
"logwatch" so no setup necessary though a quick yum install logwatch
wouldn't hurt to be sure it's actually installed.

These logs are mailed to the root user (in my case..) at 3am. And
generally speaking while this is a safe place for them to go, it's not
the best of choices to be logging in as root in any case other than to
do administrative tasks.

So what do you do?

Simple! you get them forwarded to your normal user account. To do this:

nano /etc/aliases

Go right to the bottom and find/add:

# Person who should get root's mail
root: YourUsername

Press Ctrl + X to exit and save.

This change won't take affect until you run the following command:

newaliases

Cool! Now your user account will begin receiving all of roots mail.. But
your probably wondering "Okay, so how do I read it?"

There's two ways to do this.

1) Use "mail" command
2) Setup dovecot and use a local email client to fetch it.

For quickness I advise mail command, for seriousness I advise dovecot. I
will not go into explaining dovecot, otherwise this email may end up
rather long :-).

I personally use Dovecot with Postfix and Thunderbird.. but be warned:
It can get pretty tricky. There are loads of tutorials out there on how
to set these up. But just don't follow the parts of them asking you to
open up ports, or setting up DNS for remote access etc.

Ideally on a home system you only want root mail to be local to you and
not remotely accessible.

Just to be sure everything is running, as root run this command:

logwatch --output mail --range today

Check your setup method for the said email. Either with mail command as
your normal user, or via email client.

Now just double check and make sure SELinux is enabled.

One last thing to setup would probably be "rkhunter". I'll quickly run
through the setup of this.

"yum install rkhunter" and optionally and recommended "yum install unhide"

now as root run "rkhunter --update" then "rkhunter -c"

It'll give a couple of warnings due to it's database is not setup. And
probably a couple of false positives. Just look out for the part where
it scans for rootkits.

Now seeings as this is a new install chances of being attacked already
are pretty low. So you could go ahead and run:

"rkhunter --propupd"
then again:

"rkhunter -c" to verify everything is okay and clean.

So now you have a basic semi-secure system. This would hold off most
script kiddies and whatnot. And if they do try you'll probably see them
in your logs.

There is of course more you can do to secure your system such as setting
up fail2ban and tripwire.

My next advise would be to do the following:

1) Regularly change your password, say every 3/6 months.
2) Watch your logs
3) Study up on security so you can perform tests against your own
machine. (So you find the holes before they do..)
4) Stay up-to-date with system updates.
5) Don't give anyone your passwords.
6) Don't write down passwords on paper....

With all of this, I don't think your system will suffer many more
security problems if any. This is basic security (imo) and will keep you
secure, at least more secure than you sound now.

Hope this helps you stay safe :-).

PS: Sorry for any grammar issues or misspellings, English is my only
language.

--
Jake
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org