No Firewall?
- Inicie sesión o regístrese para enviar comentarios
I cant see any firewall, am I missing something or do I need install this via the Terminal?
Thankyou.
I'll post with the caveat that I don't actually use Trisquel (although I do use Debian so pitchforks and torches down please).
The Trisquel kernel will have firewall capabilities, configurable through a program called iptables.
How familiar are you with GNU/Linux in general?
If you're not, and don't have much time to learn, then I guess installing a graphical firewall configuration tool like ufw might be for you. I'm sure actual Trisquel users can give you better advice on which are good, how to configure them, etc.)
If you're experienced or are willing to do a bit of learning, I can recommend Debian's "Securing Debian" manual. (http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-firewall-setup). This also includes information about graphical firewall configuration tools. As Trisquel is based on Debian I guess most of the information is applicable, if a little bit out of date by now.
The script included in that manual doesn't take advantage of improvements in boot sequencing, and has what I believe is a bug in it. I include the script I use on my personal computers (minus the actual ports I leave open, which you will have to decide for yourself by adding them to the REMOTE_TCP_SERVICES variable). Once you've put your firewall script in /etc/init.d/ just run "insserv myfirewall", where "myfirewall" is the name of the script.
Let me know if you need any clarification or guidance.
| Adjunto | Tamaño |
|---|---|
| myfirewall.sh | 4 KB |
Actually, ufw isn't a graphical tool. It's a command line frontend to iptables. If you want a graphical tool, you probably want something like gufw (all are available in Trisquel repos)
EDIT: Also, there's a known problem with uploading .sh files. Could you please gzip it first?
My bad, I'm clearly not the one to ask when it comes to graphical tools :P.
I did wonder about that, hope this works.
| Adjunto | Tamaño |
|---|---|
| myfirewall.gz | 1.36 KB |
I wouldn't use the broken packages.trisquel.info for now.
EDIT: OK, actually, packages.trisquel.info is better now, but open-ath9k-htc-firmware still doesn't show up.
Trisquel (and Debian, which I use) don't come with a firewall controller installed by default. The reasons why have been debated here many times before, so don't hope for that to change anytime soon.
What I do is, I have all the Debian CDs and so I install the first one, and before I connect to the internet, I install Gufw from the CDs. That way you can control ports open and closed before you connect to the internet.
If you can't do that (since Trisquel doesn't work with Debian's CDs) you can install the CD, connect to the internet (maybe using a router firewall to greater protection) and install Gufw. Disconnect, configure firewall, and connect again.
Anyway, if you are serious about security, keep in mind that firewall is just one of many steps you need.
One thing you SHOULD do to increase your security is install the NoScript Addon for firefox/abrowser.
You might also wanna take a look at subjects such as encryption, Tor, rootkits (RKHunter for example), etc.
There is a SSH server installed by default, you might want to get rid of that if you don't have use for it.
Besides that you can forget about a firewall really.
NoScript is a very good idea.
In new installs from the 6.0.1 iso, ssh is disabled, which disabling Ruben did a week or so before the release of 6.0.1. Upgrades to 6.0.1 from installed 6.0 in which the ssh was enabled do not accomplish ssh disabling.
For those who actually use the SSH server, the "fail2ban" package is a good addition to the security of the system.
Since the default install of Trisquel does not run any other server, I do not really see how would the firewall be configured by default.
- Inicie sesión o regístrese para enviar comentarios