openSUSE Forums > Archives > Novell Archives » About the SuSE Firewall and rootkit hunters.

Go Back   openSUSE Forums > Archives > Novell Archives
Reload this Page About the SuSE Firewall and rootkit hunters.
Forums FAQ Members List Search Today's Posts Mark Forums Read


Novell Archives Archived content from Novell openSUSE support forums

 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 29-Aug-2005, 05:05
ludvikengelbrekt@yahoo.co.uk
Guest
  
Posts: n/a
Default About the SuSE Firewall and rootkit hunters.
Hi,

I've been using SuSe 9.3 for about 4 months now, (and regard it as superior
to M$ in almost every respect!) this, however also means that I'm still a
bit novice Linux-wise, so please bear with me on these questions .
Perhaps it is because of my long and arduous experience with M$ that has
made me paranoid on some security issues, and perhaps I haven't really
understood the security of Linux over M$... Well here goes my two guestions:

1, Is it possible to make the firewall allow only some _programs_ to
explicitly access the internet and make it refuse the connection from all
other programs (like in all M$ type firewalls). The SuSE Firewall and e.g.
Guarddog enable tweaking only at the service level (and Guarddog doesn't
seem to be albe to function properly on SuSE). Is this even a desired
effect; does Linux use a totally different philosophy with firewalls, or do
I have to start rewriting and editing ipchains rules by hand to achieve
this? I havent really found any answers to this from any Linux firewall guides.

2, I read somewhere that rootkit programs (like rkhunter) are intended
firstly for server machines, but are there any practical benefits or
reasons to use them on a normal workstation that has continuous broadband
internet access. Am I just overreacting to all sorts of linux trojans and
spy programs?

Many thanks for any replies!
  #2 (permalink)  
Old 29-Aug-2005, 06:24
R.F. Pels
Guest
  
Posts: n/a
Default Re: About the SuSE Firewall and rootkit hunters.
ludvikengelbrekt@yahoo.co.uk wrote:

> 1, Is it possible to make the firewall allow only some _programs_ to

No. Not to my knowledge. Actually, the firewall is a packet filter that
operates on addresses and ports. It has no knowledge of applications.

> 2, I read somewhere that rootkit programs (like rkhunter) are intended
> firstly for server machines, but are there any practical benefits or
> reasons to use them on a normal workstation that has continuous broadband
> internet access.

True.

> Am I just overreacting to all sorts of linux trojans and
> spy programs?

Yes, you are :-) But better safe than sorry. Running a rootkitdetector now
and again on any host is a Good Thing (TM).

--
Ruurd
  #3 (permalink)  
Old 29-Aug-2005, 22:40
Brad Doster
Guest
  
Posts: n/a
Default Re: About the SuSE Firewall and rootkit hunters.
In article <7gCQe.4529$w73.3091@prv-forum2.provo.novell.com>, R.F. Pels
wrote:
> > 1, Is it possible to make the firewall allow only some _programs_ to
>
> No. Not to my knowledge. Actually, the firewall is a packet filter that
> operates on addresses and ports. It has no knowledge of applications.
>
However, if an application always communicates over the same port, a
firewall can be tailored to that port/application.

bd
NSC Volunteer SysOp
 

Bookmarks


« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Contact Us - openSUSE Forums - Archive - Privacy Statement - Top
© 2007 Novell, Inc. All Rights Reserved. This site uses the YAML CSS framework. All times are GMT -6. The time now is 22:33.
About openSUSE | Disclaimers | Feedback

Founded by Novell
 

Search Engine Friendly URLs by vBSEO 3.3.0 RC2