Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20/21 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #16  
Old 14th March 2009, 04:58 PM
PZ4 Offline
Registered User
 
Join Date: Mar 2009
Location: NL
Posts: 26
Quote:
Originally Posted by Evil_Bert View Post
Well, the decision has to be up to you, but, in my circumstances, I wouldn't install any of those on a regular desktop.
Browsing, Bittorrent, SIP VOIP, instant messaging, IMAP are the only things I use, so the default FW and it's settings should be
enough then, to be secure?

Last edited by PZ4; 14th March 2009 at 05:02 PM.
Reply With Quote
  #17  
Old 14th March 2009, 05:00 PM
Evil_Bert Offline
Retired Again - Administrator
 
Join Date: Nov 2007
Location: 'straya
Posts: 3,293
Quote:
Originally Posted by PZ4 View Post
This sounds rather unsecure, one has no security fixes applied and has to become root for the entire sys to have them installed.
I think there's a misunderstanding somewhere. Only a few essential processes will run with root privileges to install updates in F10. PackageKit (the default package manager and updater) reduces risk of compromise during the update process, as I understand it.

But, I'm not an expert in this area.
__________________
Marching to the beat of his own conundrum.
Reply With Quote
  #18  
Old 14th March 2009, 05:04 PM
Evil_Bert Offline
Retired Again - Administrator
 
Join Date: Nov 2007
Location: 'straya
Posts: 3,293
Quote:
Originally Posted by PZ4 View Post
Browsing, Bittorrent, SIP VOIP, instant messaging, IMAP are the only things I use, so the default FW and it's settings should be
enough then to be secure?
It's not possible for me to understand your security environment sufficiently to be able to give a firm answer. If it were me, I would leave it at the firewall (reviewed and adjusted as necessary) and with SELinux enforcing. But that's just me.
__________________
Marching to the beat of his own conundrum.
Reply With Quote
  #19  
Old 14th March 2009, 05:04 PM
PZ4 Offline
Registered User
 
Join Date: Mar 2009
Location: NL
Posts: 26
Quote:
Originally Posted by Evil_Bert View Post
I think there's a misunderstanding somewhere. Only a few essential processes will run with root privileges to install updates in F10. PackageKit (the default package manager and updater) reduces risk of compromise during the update process, as I understand it.

But, I'm not an expert in this area.
II thought that was Policykit?
Reply With Quote
  #20  
Old 14th March 2009, 05:05 PM
stefan1975 Offline
"Stefan the converted" -- forum Macintosh® Glee Club leader
 
Join Date: May 2007
Location: 127.0.0.1
Age: 39
Posts: 1,247
why would it be insecure (for a desktop non the least) to run a "su -c yum update" to update your system? I mean your OS will still run as pz4 and just yum is running as root, if you have just the default repos enabled you *know* your updates are comming from fedora (unless you mistrust the default repos as well). I really do not see the issue with updating your system through yum, i even update my RHEL servers like that for the past 8 years. Otherwise you can always download your updates in a VM, burn them on cd, and manually install them in your dekstop OS, but how fanatic does one have to be? This is not windows and even without a yum update and FW and SElinux enabled, and with as little services running as possible your are already pretty secure ootb, so I *really* would not worry in that regard.

and *YES* the default is secure enough for 99.9% of all regular users, otherwise you might want to run openbsd without X.

I'd rather worry about updates breaking your fedora install then a security flaw be exploited, unless you are google or M$ i really doubt you'll be targeted.

stefan
__________________
"$ su - bofh"
OS: Mac OSX Snow Leopard (x64 by default), W7_Enterprise_X64, F12_x64_KDE
Hardware: late 2009 Macbook 13", MSI Wind 10"
Browser: Opera 10.10, Safari 4
Registered linux user #459910

Last edited by stefan1975; 14th March 2009 at 05:07 PM.
Reply With Quote
  #21  
Old 14th March 2009, 05:06 PM
PZ4 Offline
Registered User
 
Join Date: Mar 2009
Location: NL
Posts: 26
Quote:
Originally Posted by Evil_Bert View Post
It's not possible for me to understand your security environment sufficiently to be able to give a firm answer. If it were me, I would leave it at the firewall (reviewed and adjusted as necessary) and with SELinux enforcing. But that's just me.

Home user with a NAT router.
Reply With Quote
  #22  
Old 14th March 2009, 05:12 PM
PZ4 Offline
Registered User
 
Join Date: Mar 2009
Location: NL
Posts: 26
Quote:
Originally Posted by stefan1975 View Post
why would it be insecure (for a desktop non the least) to run a "su -c yum update" to update your system? I mean your OS will still run as pz4 and just yum is running as root, if you have just the default repos enabled you *know* your updates are comming from fedora (unless you mistrust the default repos as well). I really do not see the issue with updating your system through yum, i even update my RHEL servers like that for the past 8 years. Otherwise you can always download your updates in a VM, burn them on cd, and manually install them in your dekstop OS, but how fanatic does one have to be? This is not windows and even without a yum update and FW and SElinux enabled, and with as little services running as possible your are already pretty secure ootb, so I *really* would not worry in that regard.

and *YES* the default is secure enough for 99.9% of all regular users, otherwise you might want to run openbsd without X.

I'd rather worry about updates breaking your fedora install then a security flaw be exploited, unless you are google or M$ i really doubt you'll be targeted.

stefan
OK, this clears things up. I thought the entire system would get the same privileges when su is used and for the entire duration of the user session in this instance, like is the case in Windows within a administrator account, or a root account in Linux.

Last edited by PZ4; 14th March 2009 at 05:21 PM.
Reply With Quote
  #23  
Old 14th March 2009, 05:15 PM
Evil_Bert Offline
Retired Again - Administrator
 
Join Date: Nov 2007
Location: 'straya
Posts: 3,293
Quote:
Originally Posted by PZ4 View Post
II thought that was Policykit?
No. PackageKit (via yum) updates your system.
__________________
Marching to the beat of his own conundrum.
Reply With Quote
  #24  
Old 14th March 2009, 05:24 PM
PZ4 Offline
Registered User
 
Join Date: Mar 2009
Location: NL
Posts: 26
Quote:
Originally Posted by Evil_Bert View Post
No. PackageKit (via yum) updates your system.
I know yum is used for updates, but I meant that I thought that Policykit is for privilege management. The same what sudo is within the command-line interface. Nevermind

Last edited by PZ4; 14th March 2009 at 05:29 PM.
Reply With Quote
  #25  
Old 14th March 2009, 05:26 PM
Evil_Bert Offline
Retired Again - Administrator
 
Join Date: Nov 2007
Location: 'straya
Posts: 3,293
Quote:
Originally Posted by PZ4 View Post
Nevermind
I never do.
__________________
Marching to the beat of his own conundrum.
Reply With Quote
  #26  
Old 14th March 2009, 05:32 PM
PZ4 Offline
Registered User
 
Join Date: Mar 2009
Location: NL
Posts: 26
off-topic: Do you know a any good GUI tool for the compilation of a source tarball? I need to compile TrueCrypt because its not even present in rpm fusion?

Last edited by PZ4; 14th March 2009 at 05:40 PM.
Reply With Quote
  #27  
Old 14th March 2009, 05:49 PM
stefan1975 Offline
"Stefan the converted" -- forum Macintosh® Glee Club leader
 
Join Date: May 2007
Location: 127.0.0.1
Age: 39
Posts: 1,247
Quote:
Originally Posted by PZ4 View Post
Home user with a NAT router.
maybe i am missing your point here, but if your fedora pc is not directly connected to the internet but behind a (firewalled) NAT router and you apparantly do not port-forward to your fedora desktop (since you wanted all ports closed), why worry about your fedora firewall at all, it is not as if packets on open ports are being routed to your pc anyway, but rather dropped by the router if there is no active forwarding rule, you might as well disable it in your LAN. with your router being the DHCP server and giving you a local (10.x or 192.x) address.

stefan
__________________
"$ su - bofh"
OS: Mac OSX Snow Leopard (x64 by default), W7_Enterprise_X64, F12_x64_KDE
Hardware: late 2009 Macbook 13", MSI Wind 10"
Browser: Opera 10.10, Safari 4
Registered linux user #459910
Reply With Quote
  #28  
Old 14th March 2009, 05:52 PM
stefan1975 Offline
"Stefan the converted" -- forum Macintosh® Glee Club leader
 
Join Date: May 2007
Location: 127.0.0.1
Age: 39
Posts: 1,247
Quote:
Originally Posted by PZ4 View Post
off-topic: Do you know a any good GUI tool for the compilation of a source tarball? I need to compile TrueCrypt because its not even present in rpm fusion?
why not just use dangermouses rpm's for F10 for that? http://dnmouse.org/fedora/truecrypt/10/i386/

stefan
__________________
"$ su - bofh"
OS: Mac OSX Snow Leopard (x64 by default), W7_Enterprise_X64, F12_x64_KDE
Hardware: late 2009 Macbook 13", MSI Wind 10"
Browser: Opera 10.10, Safari 4
Registered linux user #459910
Reply With Quote
  #29  
Old 14th March 2009, 06:54 PM
PZ4 Offline
Registered User
 
Join Date: Mar 2009
Location: NL
Posts: 26
Quote:
Originally Posted by stefan1975 View Post
maybe i am missing your point here, but if your fedora pc is not directly connected to the internet but behind a (firewalled) NAT router and you apparantly do not port-forward to your fedora desktop (since you wanted all ports closed), why worry about your fedora firewall at all, it is not as if packets on open ports are being routed to your pc anyway, but rather dropped by the router if there is no active forwarding rule, you might as well disable it in your LAN. with your router being the DHCP server and giving you a local (10.x or 192.x) address.

stefan
I will also install it on a family member's PC, which is not connected to a NAT router.

Last edited by PZ4; 14th March 2009 at 06:58 PM.
Reply With Quote
  #30  
Old 14th March 2009, 06:57 PM
PZ4 Offline
Registered User
 
Join Date: Mar 2009
Location: NL
Posts: 26
Quote:
Originally Posted by stefan1975 View Post
why not just use dangermouses rpm's for F10 for that? http://dnmouse.org/fedora/truecrypt/10/i386/

stefan
I already installed the truecrypt-6.1-1.fc10.i386.rpm and when I try to mount a volume I'm asked for a administrator password which I then gave, but nothing happened. Secondly I would also like to know how compile it myself with a GUI tool and also for possible future use.

Last edited by PZ4; 14th March 2009 at 07:07 PM.
Reply With Quote
Reply

Tags
default, f10, secure, standardly

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
i need to secure my pc Fausto Using Fedora 5 25th October 2007 07:43 AM
How secure is default apache settings? thisone Servers & Networking 0 22nd March 2006 12:39 AM
how to change the default page of apache from index.htm to default.htm sourin Servers & Networking 6 16th December 2005 05:08 PM
how to change the default page of apache from index.htm to default.htm sourin Servers & Networking 0 14th December 2005 01:42 PM
Default sink works, default source doesn't, Intel 845Gv2 Andy_Lapham Hardware & Laptops 1 1st April 2005 06:02 AM


Current GMT-time: 22:05 (Monday, 22-12-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
...MAS Engineering Hangar5, KLIA Travel Photos - Ceasar's Palace Photos on Instagram