Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Bulletproofing OpenSUSE?

  1. #1

    Default Bulletproofing OpenSUSE?

    I guess that the default settings are more than enough for most people, but as my windows machine has been recently hacked by a retard that works for accenture (last week I removed another trojan) I wonder the settings, the programs/services that I should install or remove to get openSUSE to a new level of security. I mostly use firefox. Thanks in advance.

  2. #2
    Join Date
    Jun 2008
    Location
    Central Pa. , USA
    Posts
    94

    Default Re: Bulletproofing OpenSUSE?

    Linux.com :: Running Windows viruses with Wine

    Just us an anti virus on your Linux machine.To keep from infecting a windows machine.
    Inquiring minds want to know?

  3. #3

    Default Re: Bulletproofing OpenSUSE?

    That's what you hear all the time, ha, ha. Sadly you can't get rid of windows yet, in my case there are no linux drivers for my dell 964 printer.

    Any security tweaks for those really paranoid people out there?

  4. #4
    ab@novell.com NNTP User

    Default Re: Bulletproofing OpenSUSE?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I guess I don't entirely understand what the issue is here. Viruses
    from windows won't likely run in Linux unless they are made to be
    cross-platform (difficult at best). Assuming you are following all the
    basic computing rules that apply to any operating system including least
    privileges (don't run as a privileged user.... almost ever), being smart
    about your browsing/downloading/emails (don't go bad places, get bad
    things, or open e-mail from people you know and NEVER open an attachment
    you aren't expecting, even from people you know as address books are
    accessible to viruses as much as the user on the system) and possibly
    run antivirus software (there are native options for Linux like AVG) you
    should be fine. The default firewall blocks everything so if you open
    ports do so taking the necessary precautions but you should be fairly
    safe from outside attacks.

    There are lots of "hardening" books, papers, etc. online and in stores
    that you can investigate. I'd start online just because it's fast and free.

    Good luck.





    opensusejunkie wrote:
    | That's what you hear all the time, ha, ha. Sadly you can't get rid of
    | windows yet, in my case there are no linux drivers for my dell 964
    | printer.
    |
    | Any security tweaks for those really paranoid people out there?
    |
    |
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFIWSQY3s42bA80+9kRAjXKAJ4um4WyAeQxxxa4K/fwd8A/iVvdKACbB5Wz
    pr2lN5/6wY/+iJppEh1z2LU=
    =Co8K
    -----END PGP SIGNATURE-----

  5. #5
    Join Date
    Jun 2008
    Location
    Natchez, MS, USA
    Posts
    518

    Default Re: Bulletproofing OpenSUSE?

    The easiest way would be to stay out of Windows.

    I think openSUSE is pretty secure. You can use decent passwords and keep current on the updates and you should be O.K.. I have been running it since 9.1 and never had any issue with being hacked, virus infections, malware, etc. and all I did was follow standard practices.

    If you are running a server that has ports open to the public, then you might want to do some hardening, but otherwise, it seems like a lot of unnecessary work.

  6. #6

    Default Re: Bulletproofing OpenSUSE?

    Quote Originally Posted by opensusejunkie View Post
    That's what you hear all the time, ha, ha. Sadly you can't get rid of windows yet, in my case there are no linux drivers for my dell 964 printer.

    Any security tweaks for those really paranoid people out there?
    ClamAV, any windows virus should be destroyed, so you don't have to worry about them going to windows, while being downloaded on linux

    Honestly though, the SuSE firewall works fine, just follow these rules:
    1. Never run anything as root/su, unless your sure you can trust it
    2. Don't try building anything, almost everything you will ever need can come from packman, or the build service search


    That said, if you do ever indeed run a virus as a user, it can only harm whatever that user has access to, I would recommend shutting the computer off, then login in as root, start yast, delete the account, and keep the files, after you make a new one, delete the virus and everything should be back to normal
    "If it ain't broke, find something wrong with it"

  7. #7
    Join Date
    Jun 2008
    Location
    Albuquerque, NM, USA
    Posts
    87

    Default Re: Bulletproofing OpenSUSE?

    AppArmor, firewall, and anti-virus if you share anything with Windows.

    AppArmor is amazing. Check out the administration guide and the wiki as well as the AppArmor profile exchange
    It's really that much fun!
    Geeko Samurai (cc)
    My Recent Tracks

  8. #8
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    32,357
    Blog Entries
    15

    Default Re: Bulletproofing OpenSUSE?

    On Wed, 18 Jun 2008 15:04:58 GMT
    "ab@novell.com" <ab@novell.com> wrote:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > I guess I don't entirely understand what the issue is here. Viruses
    > from windows won't likely run in Linux unless they are made to be
    > cross-platform (difficult at best). Assuming you are following all
    > the basic computing rules that apply to any operating system
    > including least privileges (don't run as a privileged user.... almost
    > ever), being smart about your browsing/downloading/emails (don't go
    > bad places, get bad things, or open e-mail from people you know and
    > NEVER open an attachment you aren't expecting, even from people you
    > know as address books are accessible to viruses as much as the user
    > on the system) and possibly run antivirus software (there are native
    > options for Linux like AVG) you should be fine. The default firewall
    > blocks everything so if you open ports do so taking the necessary
    > precautions but you should be fairly safe from outside attacks.
    >
    > There are lots of "hardening" books, papers, etc. online and in stores
    > that you can investigate. I'd start online just because it's fast
    > and free.
    >
    > Good luck.
    >
    >
    >
    >
    >
    > opensusejunkie wrote:
    > | That's what you hear all the time, ha, ha. Sadly you can't get rid
    > of | windows yet, in my case there are no linux drivers for my dell
    > 964 | printer.
    > |
    > | Any security tweaks for those really paranoid people out there?
    > |
    > |
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.4.2 (GNU/Linux)
    > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
    >
    > iD8DBQFIWSQY3s42bA80+9kRAjXKAJ4um4WyAeQxxxa4K/fwd8A/iVvdKACbB5Wz
    > pr2lN5/6wY/+iJppEh1z2LU=
    > =Co8K
    > -----END PGP SIGNATURE-----

    Hi
    You could also look at nessus, it's available for 10.3, would assume
    one for 11 wouldn't be far away.

    http://www.nessus.org/nessus/

    --
    Cheers Malcolm (Linux Counter #276890)
    SLED 10.0 SP2 x86_64 Kernel 2.6.16.60-0.23-smp
    up 7 days 13:21, 0 users, load average: 0.13, 0.10, 0.09
    GPU GeForce 8600 GTS Silent - Driver Version: 173.14.09


  9. #9

    Default Re: Bulletproofing OpenSUSE?

    You could also put a hardware firewall in front of your computer, as I did. I used ipcop. All you would need to do this is an older computer (pentium 2 or 3, or even pentium 1), with at least 16 MB of ram, an old hard drive or flash drive even, and it could even be fanles to limit the noise. IPCop.org :: The bad packets stop here!

  10. #10

    Default Re: Bulletproofing OpenSUSE?

    yes you can make more secure, if you nwant added security you need SELinux. very very hard to set up though in my opinion, but it's very very good. maybe you are a little too paranoid, for general good security a good root password is needed, never ever log in as root, and only install things from a trusted source and you will be fine. stop thinking the windows way

    in my opinion for a normal desktop, linux as it is is secure enough for what most people need, SELinux takes it to the next level which is not needed for most people, maybe for top secret info like nasa or something.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •