Ubuntu Firewall

mehmeh12

Hi

Im about to change over to ubuntu 9.10 and am wondering what firewall to use on it? Is firestarter any good?

Also compared to windows vista how secure is the linux OS?

Eliot Rosewater

Presumably one doesnt need a custom firewall in Ubuntu, or anti-virus software for that matter, because Linux-based distos are very secure operating systems. They work on a system of Super Users where system settings etc can only be configured and changed after giving the Super User password. You cant actually edit files outside of your /home directory without entering this password asfaik. So viruses cannot wreck havoc on your system without you explicitly giving them permission to do so.

In fact for a virus to work I think the user has to download it, make it executable and then give it Super User (root) privileges. Which means that if you do do that you really deserve whats coming to you :pac:


Talking specifically about Ubuntu, Im pretty sure theres a firewall by default, although Im open to correction on that.

Ive also 'heard' that the general exception to not having anti-virus software is if your running a Mail Server. Im pretty sure it was Khannie who said that.


As you can see I am a beacon of ambiguity. Its just I dont know enough about Linux-distros to give confident and fully definitive answers and that all that I say should probably be confirmed by better eduacated authority.

mehmeh12

Eliot Rosewater wrote: »

Presumably one doesnt need a custom firewall in Ubuntu, or anti-virus software for that matter, because Linux-based distos are very secure operating systems. They work on a system of Super Users where system settings etc can only be configured and changed after giving the Super User password. You cant actually edit files outside of your /home directory without entering this password asfaik. So viruses cannot wreck havoc on your system without you explicitly giving them permission to do so.

In fact for a virus to work I think the user has to download it, make it executable and then give it Super User (root) privileges. Which means that if you do do that you really deserve whats coming to you :pac:


Talking specifically about Ubuntu, Im pretty sure theres a firewall by default, although Im open to correction on that.

Ive also 'heard' that the general exception to not having anti-virus software is if your running a Mail Server. Im pretty sure it was Khannie who said that.


As you can see I am a beacon of ambiguity. Its just I dont know enough about Linux-distros to give confident and fully definitive answers and that all that I say should probably be confirmed by better eduacated authority.

Ok so i should make this super user password very long and complex? If i download files from the internet then i have to give them all explicit access to my pc?

For example if i download a program like avast antivirus for linux, i have to enter a password first before i can open and install this program?

Orion

Linux has it's own firewall built in - iptables. Firestarter and other apps are just graphical methods of managing iptables. There's no real 'best' firewall - they all just manage the same firewall so it's just a matter of which graphical method one you get a feel for. I use Firestarter myself but I've started moving from it to editing iptables directly - purely for learning purposes.

As regards AV if you're serving files to Windows machines (mail server or file server) then it's good practice to have AV scanning these files. It's to protect the Windows boxes not the Linux box.

Orion

Actually you should set no password for root at all so it can't be used. When you try to do something administrative you will be asked for a password. This password is your own one - not root's. It's basically asking you to confirm that you want to carry out this action and ensuring that it is you in the first place.

Orion

Another note - you generally don't have to download and install anything - that's the Windows way. In Ubuntu you use the package manager. Select the app you want and press the Apply button - it downloads it, downloads any dependencies, resolves any conflicts and installs it all for you. It will ask for your password before doing this as in my last post.

mehmeh12

Macros42 wrote: »

Linux has it's own firewall built in - iptables. Firestarter and other apps are just graphical methods of managing iptables. There's no real 'best' firewall - they all just manage the same firewall so it's just a matter of which graphical method one you get a feel for. I use Firestarter myself but I've started moving from it to editing iptables directly - purely for learning purposes.

As regards AV if you're serving files to Windows machines (mail server or file server) then it's good practice to have AV scanning these files. It's to protect the Windows boxes not the Linux box.

Can the iptables firewall be hacked into easily-im behind a router firewall but how do i know if a attack is blocked or not?

Ah no im just using this pc as my own personal computer-can i still download files using ubuntu-what if these files have viruses?

Orion

mehmeh12 wrote: »

Can the iptables firewall be hacked into easily-im behind a router firewall but how do i know if a attack is blocked or not?

Ah no im just using this pc as my own personal computer-can i still download files using ubuntu-what if these files have viruses?

You use use logwatch to monitor intrusions. It's all logged anyway but logwatch compiles the information and mails it to you.

You can download files. Standard common sense still applies - only download from trusted sources. but the likelihood of a file having a virus that affects Linux is negligible.

Eliot Rosewater

mehmeh12 wrote: »

Ok so i should make this super user password very long and complex?

On Ubuntu the super user password is the same as your user password. I would say you dont need to worry about its length, to be honest. Normal password procedure applies such as having a mixture of numbers, lowercase and higher-case letters and weird characters if you so choose.

mehmeh12 wrote: »

If i download files from the internet then i have to give them all explicit access to my pc?

Well if your downloading files you intend to run as applications then I suppose yes. Otherwise, and 100% of the time for me, no. You just download files as normal to your hard disk and view them.

However downloading and installing software is a lot easier and superior in Ubuntu (and most Linux variants) than in Windows. You just go Applications > Ubuntu Software Centre and search for the software you want. Suppose you wanted FileZilla software. You just search "FileZilla," click on it, and click install. Ubuntu will automagically download and install the software for you. You usually wont even need to restart the computer. (You will be prompted for your password here of course, as installing software involves editing the system ie "root privileges".)

Apologies if Id made it sound more complex and strict than it is, and the Ubuntu learning curve isnt anywhere near as steep as Ive probably made it out to be. Suffice to say that viruses are a lot less likely to infect Linux based OS's than Windows! For a more technical and precise explanation you can wait til some of the Linux "heavyweights" here such as Naikon post.

(bet your under pressure to post now Naikon :pac:)

mehmeh12 wrote: »

For example if i download a program like avast antivirus for linux, i have to enter a password first before i can open and install this program?

Im not sure how one installs Avast but I would presume that you would have to run it as root to install it.

Interesting links btw on the whole issue of Ubuntu and viruses:
https://help.ubuntu.com/community/Antivirus
https://help.ubuntu.com/community/Linuxvirus

Fundamentally:

If you don't know why you're typing in your password, don't do it.

Once again I would like to apologize if Ive made things sound complicated. There usually not!

EDIT: Macros42 is right about root password in Ubuntu. In other Linux OS's its different, and my comments above were more distro-unspecific than they should have been.

mehmeh12

Ok but how will i know the difference between ubuntu asking me for a password to do something and the root password?

Also what is the root? is the root the files i have stored on my hard drive?

Eliot Rosewater

mehmeh12 wrote: »

Ok but how will i know the difference between ubuntu asking me for a password to do something and the root password?

Once again, apologies for confusing you. The only time you enter your user password is at login. If you are prompted to enter a password any other time its looking for the root password. And in Ubuntu the password to get Super User privileges ("root password") is the same as the normal user password.

Its similar to the way Windows Vista prompts you for a password to run programs you downloaded. However the Windows password check is kind of superficial.

mehmeh12 wrote: »

Also what is the root? is the root the files i have stored on my hard drive?

Yep. If a program has root privileges it means the program has permission to edit files anywhere on your disk. The root user is the Super User, and root has permission to do anything. You cant login as root at all, which is good as you dont want a normal program to accidentally delete your files.

When a program prompts you for a password its looking for root privileges. The software installer needs root privileges to install stuff on your drive, so it asks for the password. Stuff like that. But for general programs you wont ever be asked for root password.


Its actually not as big a deal as I seem to have made it out to be! I hope I havent scared you away...

croo

Eliot Rosewater wrote: »

On Ubuntu the super user password is the same as your user password.

I don't which to confuse and you directions are correct. But the root (superuser) password on ubuntu is not set rather than the same as the user. After all you can have many users .. it cannot be the password of all of them!

While it can be changed via configuration when you sudo, by default it is always looking for the password of the logged in user not root (which as I say in ubuntu has no password). It wishes to confirm that you are infact that user and then it will confirm to that this user has permissions, as defined in the "sudoers" file to perform that which you wish - man sudoers provides detailed information.

The commands su & sudo are commonly used to attained root user privileges so "su" is often misinterpreted as SuperUser while actually it refers to Switch User and in fact sudo can be configured to temporarily provide the access and privileges of any user/group.

I'm being a little pendantic I know, and do not wish to confuse the OP, because as I said to begin with your instructions are by and large correct.

Also it should be noted that this "no root password" feature is unique ubuntu and it decedents - well perhaps some others too but is by no means the norm linux (or unix).

Finally, you can set a password for root if need be on ubuntu, it simply not set by default.
if you enter
$ sudo su -
you will now root. Now enter passwd and you can enter a password for root access.

Eliot Rosewater

@croo, I understand the sudo passwords thing - its just I had gone so far in confusing the OP I was trying to make it sound simpler I tried to formulate a phrasing that would be technically correct while being understandable but I couldn't!

EDIT: btw pedantry is usually welcome as you learn something new.

mehmeh12

Ok sound without sounding like a total dufus this is what i think i know so far:

I installed mint elyssa the other day and near the initial installation a screen popped up saying do i want to have a root password;i said no. Whenever i need to access something that requires root privileges like Mint update i give a my own user password for that program. Therfore for the most part my pc is running with minimal privileges unless i specifically give a password to for something to activate, and that the only root level place in my system is the home folder.

Am i right?

ravydavygravy

mehmeh12 wrote: »

Ok sound without sounding like a total dufus this is what i think i know so far:

I installed mint elyssa the other day and near the initial installation a screen popped up saying do i want to have a root password;i said no. Whenever i need to access something that requires root privileges like Mint update i give a my own user password for that program. Therfore for the most part my pc is running with minimal privileges unless i specifically give a password to for something to activate, and that the only root level place in my system is the home folder.

Am i right?

Yes, apart for the last part - "the only root level place in my system is the home folder" - what you mean is the only part of the filesystem you can fully access with your own user privileges is your home folder (not strictly true, but close enough).

Don't forget that the reason why you input your own password for root level actions is because you are using sudo to do everything. On a system where sudo isn't in use (other types of linux/unix for example), you'd need to use the root password instead. But ubuntu and its clones (like mint) all use sudo by default.

Well done.

Dave

mehmeh12

Ok so by having low level privileges for most things am i safe to connect to the internet?

Im behind a router firewall but im using wireless so if my wireless got hacked i would open to attack directly i think. I already tried firestarter and guard dog but i found the gui of these really confusing. My understanding is that ip tables is by default set to close all my ports to outside access but it will not stealth my ports. Do people run linux with no personal firewall?

BOZG

mehmeh12 wrote: »

Ok so by having low level privileges for most things am i safe to connect to the internet?

Im behind a router firewall but im using wireless so if my wireless got hacked i would open to attack directly i think. I already tried firestarter and guard dog but i found the gui of these really confusing. My understanding is that ip tables is by default set to close all my ports to outside access but it will not stealth my ports. Do people run linux with no personal firewall?

It's recommended that you should but some people don't. iptables is set to allow everything by default. You can change it to blacklist everything and set-up a whitelist if that's the level of security you want.

I think ufw has become the standard GUI on Ubuntu from 9.10. Have a look at that and see what you think.

ravydavygravy

mehmeh12 wrote: »

Ok so by having low level privileges for most things am i safe to connect to the internet?

Im behind a router firewall but im using wireless so if my wireless got hacked i would open to attack directly i think. I already tried firestarter and guard dog but i found the gui of these really confusing. My understanding is that ip tables is by default set to close all my ports to outside access but it will not stealth my ports. Do people run linux with no personal firewall?

Iptables by default allows all access - its up to you to configure it to do otherwise. As mentioned, in ubuntu, you'll probably find it easier to use ufw. To deny all traffic by default, run:

$ sudo ufw default deny

More info here: https://help.ubuntu.com/community/UFW
Dave