Arch Linux

Nomearod

Member

Registered: 2008-05-23

Posts: 19

Security

I have installed Arch some weeks ago, and I'm loving it. However, before that I only used "friendly" distros which had everything configured by default.

I never worried about things like setting up a firewall, since iptables was already running. But this week I was reading the wiki and came across with an article about setting up a firewall.

I installed Iptables and followed the wiki to set it up, but is there anything else that I should do? Since I only installed it this week, and I don't have a very strong user's password (root's password is much more safer), should I reinstall Arch? Is there any risk that anyone attacked my PC and put some scripts or something like that?

I hope that I don't sound to paranoiac about security

sniffles

Member

Registered: 2008-01-23

Posts: 275

Re: Security

"is there anything else that I should do?"

Are you asking if there are other security measures you can / should take? There are tons. Use the google and point it to keyphrases such as "linux security" or "securing linux" etc.

"Is there any risk .. ?"

Of course. This risk will always exist as long as your computer is connected to the internet. Should you reinstall Arch? Probably not. For one thing I doubt you actually got hacked, for another I doubt you'd be able to properly secure your system even once you did reinstall (i.e. you'd end up with a box as (in)secure as the one you currently have)

Know this: security does not mean running scripts or commands provided by various websites -- without actually understanding what they do.

P.S.: Boy, you don't know the meaning of 'paranoic about security'

Last edited by sniffles (2008-06-12 14:04:19)

dyscoria

Member

Registered: 2008-01-10

Posts: 1,007

Re: Security

Are you running any services like ssh? If not then you don't have a great deal to worry about.

If someone has indeed tried to attack your PC then /var/log/auth.log should be filled with failed password attempts.

---

flack 2.0.6: menu-driven BASH script to easily tag FLAC files (AUR)
knock-once 1.2: BASH script to easily create/send one-time sequences for knockd (forum/AUR)

abhidg

Member

From: City of Kol

Registered: 2006-07-01

Posts: 184

Website

Re: Security

You can always use a firewall frontend like firestarter.
If you don't run any servers or unneeded daemons, then there should
not be a problem. Also if you run the ssh daemon, make sure to
use only key based configuration as it is much more secure.

You should also protect changes to grub config by securing it with
a password.
If you are even more paranoid, you can always password protect
the BIOS to prevent bootup without password. At least you should
password protect configuration changes to BIOS and disable CDROM
boot, otherwise anyone would be able to put in a liveCD, boot and access
all your data. You could also encrypt the entire filesystem if you want
using cryptsetup.

The user password can always be changed. Open a terminal and type
passwd press enter. You'll be asked for the old password, and then the
new password (twice).

Zepp

Member

From: Ontario, Canada

Registered: 2006-03-25

Posts: 334

Website

Re: Security

You can always use a firewall frontend like firestarter.
If you don't run any servers or unneeded daemons, then there should
not be a problem. Also if you run the ssh daemon, make sure to
use only key based configuration as it is much more secure.

You should also protect changes to grub config by securing it with
a password.
If you are even more paranoid, you can always password protect
the BIOS to prevent bootup without password. At least you should
password protect configuration changes to BIOS and disable CDROM
boot, otherwise anyone would be able to put in a liveCD, boot and access
all your data. You could also encrypt the entire filesystem if you want
using cryptsetup.

The user password can always be changed. Open a terminal and type
passwd press enter. You'll be asked for the old password, and then the
new password (twice).

I don't really see the point in BIOS passwords and GRUB menu passwords, assuming the person already has physical access to the machine. There ok if the computer is physically secure, but I doubt it, and with that in mind these sorts of changes are just a nuissance with no real security benefit.

The rest of the advice is good though, don't have anything listening on any ports except maybe ssh. if you do run ssh secure it by enabling key authentication, forcing SSHv2 and disallowing remote root logins.

moljac024

Member

From: Serbia

Registered: 2008-01-29

Posts: 2,676

Re: Security

You can always use a firewall frontend like firestarter.
If you don't run any servers or unneeded daemons, then there should
not be a problem. Also if you run the ssh daemon, make sure to
use only key based configuration as it is much more secure.

You should also protect changes to grub config by securing it with
a password.
If you are even more paranoid, you can always password protect
the BIOS to prevent bootup without password. At least you should
password protect configuration changes to BIOS and disable CDROM
boot, otherwise anyone would be able to put in a liveCD, boot and access
all your data. You could also encrypt the entire filesystem if you want
using cryptsetup.

The user password can always be changed. Open a terminal and type
passwd press enter. You'll be asked for the old password, and then the
new password (twice).

I don't really see the point in BIOS passwords and GRUB menu passwords, assuming the person already has physical access to the machine. There ok if the computer is physically secure, but I doubt it, and with that in mind these sorts of changes are just a nuissance with no real security benefit.

The rest of the advice is good though, don't have anything listening on any ports except maybe ssh. if you do run ssh secure it by enabling key authentication, forcing SSHv2 and disallowing remote root logins.

For some intruders a BIOS password is enough to stop them

---

The day Microsoft makes a product that doesn't suck, is the day they make a vacuum cleaner.
--------------------------------------------------------------------------------------------------------------
But if they tell you that I've lost my mind, maybe it's not gone just a little hard to find...

Nomearod

Member

Registered: 2008-05-23

Posts: 19

Re: Security

I don't even know what ssh is (I know it's something to authenticate something, but that's all...) so probably I don't use it

So, there's no need to reinstall arch to start from the beginning and install a firewall from there, right?

BTW, to encrypt my hard drive, do I need to reinstall?

abhidg

Member

From: City of Kol

Registered: 2006-07-01

Posts: 184

Website

Re: Security

BTW, to encrypt my hard drive, do I need to reinstall?

The partitions have to be reformatted AFAIK. I don't
have encrypted partitions, so can't tell you for sure.