Ubuntu Security :: Install A Firewall GUI And Make Special Settings?
Aug 19, 2010
I just erased WinXp and installed Ubuntu on old laptop. I intend to use it later ot connect to public Wi-Fi. Do i need to install a firewall GUI and make any special settings? I didn't encrypt home folder during installation. I probably should have done it. But i am already low on system resources (224MB ram, 1.2Ghz CPU). Would that use up any additional resources? Would it make computer run slower? Can i still encrypt the home folder after i installed the system?
View 3 Replies
ADVERTISEMENT
Jan 18, 2011
I run a small (cabled) network between a desktop with XP with two printers hooked to it and a laptop with Ubuntu 10.04.1 64b. I can approach and use these printers from my laptop and filesharing works also. BUT ... this only works when my Ubuntu firewall (Gufw 10.04.5) is switched off. I am operating behind my router_modem which has a hardware type of firewall switched on at all times so I presume I'm safe. Now my questions:
1. Is this really safe enough?
2. What kind of settings would Gufw need to be able to use it AND use my mini-network for printing? I have no experience whatsoever with firewall rules and settings.
View 1 Replies
View Related
Apr 15, 2010
So I know Linux has iptables, I'm rather new to linux, and I'm wondering, are the stock settings with Ubuntu/Kubuntu safe? Is there anything I need to do make them more secure? I tried adding rules myself for some things but ended up just not being able to do anything so I had to reset back to stock with iptables -F. Should I be safe running as-is?
View 4 Replies
View Related
Aug 12, 2010
I have a server with 14 IP's on eth0. I'm using virtual interfaces to handle the IP's, but the iptables don't seem to work on the virtual interface. It blocks ports that I want open. I'm not that great with iptables, I use what I have because it works for me, but as far as tweaking it, I'm pretty lost.
My iptables:
# Simple Firewall configuration
#
# Set default policies --------
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
#
# Internal Networks -----------
#-A INPUT -s <private.class.C>/24 -d <private.class.C>/24 -i eth1 -j ACCEPT
#
# Loopback --------------------
-A INPUT -s 0/0 -d 0/0 -i lo -j ACCEPT
#
# Accept established connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Services --------------------
#
# For SSH gateway
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 22 -m state --state NEW -j ACCEPT
#
# For SMTP gateway
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 25 -m state --state NEW -j ACCEPT
#
# For FTP server
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 20 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 21 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 53 -m state --state NEW -j ACCEPT
#
# HTTP services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 80 -m state --state NEW -j ACCEPT
#
# HTTPS services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 443 -m state --state NEW -j ACCEPT
#
# POP-3 services
#-A INPUT -p tcp -s 0/0 -d 0/0 --dport 110 -m state --state NEW -j ACCEPT
#
# IMAP services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 143 -m state --state NEW -j ACCEPT
#
#PLESK
#-A INPUT -p tcp -s 0/0 -d 0/0 --dport 8443 -m state --state NEW -j ACCEPT
#
#Games
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28960 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28960 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27666 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27666 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28961 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28961 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28962 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28962 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27015 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27015 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27016 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27016 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27017 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27017 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27020 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27020 -m state --state NEW -j ACCEPT
# Disallow fragmented packets
-A INPUT -f -j DROP
#
# Log & Block broadcast packets
-A INPUT -d 255.255.255.255/0.0.0.255 -j LOG
-A INPUT -d 255.255.255.255/0.0.0.255 -j DROP
# Log & Block multicast packets
-A INPUT -d 224.0.0.1 -j LOG
-A INPUT -d 224.0.0.1 -j DROP
#
# Log and drop all other incoming packets
-A INPUT -j LOG
-A INPUT -j DROP
#
COMMIT
View 18 Replies
View Related
Apr 14, 2010
I'm involved in a project to students set up a network security training lab using vmware. I want to simulate (in a very rough way) scanning through a poorly configured router or firewall. The easiest way I can think of to simulate this is to use a linux vmware image with two virtual nic cards to act as a firewall with the attacker on the outside network and a domain controller, web server, and database server on the inside network.
I would like to start students off with a firewall script that exposes everything on their internal network to the attacker. Is there an easy way to (mis)configure iptables to do this?. The model I'm trying to replicate is something like this. Attackers were on a 10.10.x.x network, defenders were on a 192.168.x.x network. As an attacker I could nmap 192.168.x.x and see every machine and every service on the defenders side even if they moved a service to an unexpected location. how I can implement a similar configuration using a linux image as firewalls/routers in vmware?
View 1 Replies
View Related
Apr 28, 2011
i want to install a firewall for my ubuntu server (vps)what the best firewall for ubuntu? my ram is 512 mb.how to install firewall from console ?
View 9 Replies
View Related
Jul 25, 2010
Is there a firewall I can install that will only let certain MAC addresses through on a certain port?
View 2 Replies
View Related
Jun 7, 2011
I am going to wipe off Windows from my laptop & install only Ubuntu 11.04. Do I need to install a antivirus system, I know about the firewall form ubuntu software centre i.e. firewall confiiguration.
View 9 Replies
View Related
Aug 6, 2010
if ubuntu netbook remix have a built-in firewall, and how does this firewall work when i install applications like Valknut? Do i have to change firewall, or does it make the changes automatically? If i need to manually change open ports in firewall, then i want a easy to understand gui, if there is one. I want to add port-ranges, with options [tcp],[udp],[both] or single ports with same options. Im looking at Guarddog, since i installed all deps for Guidedog. how Guarddog would behave with ubuntu's config?
View 9 Replies
View Related
May 9, 2011
Can we use iptables as firewall instead of Juniper firewall
View 2 Replies
View Related
Jun 28, 2011
attempting to reinstall 11.3, my system always freezes up at different points. Always during actual installation (not setup). Burned an 11.4 disc and the same happens. First was a DVD, but the new one is a CD, and now with the new version, a little dialogue comes up at the start to tell me 1 gig of RAM may not be enough. Well, it always was before. Is there a certain combination of settings which may make it run better? Also, a live session works fine.
View 9 Replies
View Related
Oct 26, 2010
I wanted to make a video and edit it all together with special effects and all that good stuff, bells and whistles, I want something like Windows Movie Maker, or better, im not a pro at this, back when I was 16 I was pretty damn good but its been a while, I have downloaded a few different editing softwares that I have come across and im not happy with any of them, such as:
Avidemux
Pitivi
LiVES
now Pitivi comes standard with the newest install of ubuntu, but it sucks, sorry, its has nothing, or im missing something, and for LiVES I just cant seem to get it to do what I want, its very confusing, I just want something with a simple UI like WMM or something along those lines, it doenst have to be linux based, but if your going to give me something that doenst work fresh install,
View 7 Replies
View Related
Jun 6, 2010
I'm installing Slackware 13.1 on a Samsung N150 netbook and am stuck trying to make the special keys do their normal functions when using a virtual terminal, that is not under X. Under X + Xfce it can be done via Menu->Settings->Keyboard->"Application Shortcuts".
In essence the question is how to make a special key (example Fn+Up to increase screen brightness) run a command in the background.
Changed title and text to make clear that the command should not run in a virtual terminal but while the display is being used for a virtual terminal, that is after Ctrl+Alt+F2 for example.
View 4 Replies
View Related
May 30, 2009
I give access all the groups adm, im, etc. but when I try to run the visudo command the system don't let since I dont have privilege.
View 7 Replies
View Related
Mar 17, 2010
Everytime i login my screen resolution is 640x480_60 Then i in a terminal change resolution to 1680x1050
Code:
cvt 1680 1050
xrandr --newmode "1680x1050_60.00" 146.25 1680 1784 1960 2240 1050 1053 1059 1089 -hsync +vsync
xrandr --addmode VGA-0 "1680x1050_60.00"
xrandr -s "1680x1050_60.00"
How can i make these settings default everytime i login?
View 9 Replies
View Related
Apr 29, 2010
confirm or deny if 10.04 and Windows 7 cleanly dual boot? If Win7 is already installed and I plan on installing 10.04 after, do I need to make special changes to get them to dual boot properly?
View 9 Replies
View Related
Sep 23, 2010
I have a Suse11 box with 2 network cards:
I have squid as a proxy on the Suse box, and with the default firewall I have to enable masquerading to allow clients on the eth3:1-3 to send and receive mail through the Suse box. I found the Suse firewall completely inadequate (all P2P software/connections are allowed once you enable masquerading) and had to install ConfigServer Security & Firewall. In die configuration of csf I could get my way around getting smtp to work for the eth3:1-3 clients, but pop3 connections does not go through the box. I know I need to allow port 110 and 995 to masquerade of NAT (or something) and then the same for port 22
View 2 Replies
View Related
Sep 2, 2010
We're in the process of implementing an offsite backup of all our servers to a remote Linux server. We're using rsync over ssh.What I've found is that characters such as ±, ¶,´ and £ are replaced on the Linux server with underscores.I don't mind if it changes these characters in the filenames of documents, but when it renames a language pack from Espa±ol.clx to Espa_ol.clx, it could cause issues for us further down the line.
What do I need to do differently to make the special characters copy over correctly? For the initial sync which will take place locally, before the machine is moved offsite, I have SAMBA enabled. I am able to copy files from Windows to the Samba share, retaining the original filename, though it looks different in the Linux directory listing, i.e. t̻st becomes ĻstThese files get deleted by rsync when it runs, as it does not match the filenames.
View 1 Replies
View Related
Mar 28, 2010
I have tried various rules, like opening port 53 for the DNS with little success. I finally figured that you need to set the source port to 53 and NOT the destination port.However, I have been unable to figure out what ports apt-get requires. The only way I get it to work is to accept everything in iptables.
View 1 Replies
View Related
Apr 6, 2011
what I need to do to the firewall in order to make a shared printer available to other machines on my network?
I have the printer set up and have tested it with the firewall switched off, but as soon as I restart the firewall, the printer is inaccessible.
I thought that all traffic on the internal network was allowed, but it seems that I need to create an explicit rule in order to get the shared printer working. Unfortunately, I haven't been able to figure out how to do that yet.
View 2 Replies
View Related
Feb 23, 2011
I tried installing F-prot's linux scanner but it doesn't seem to want to install and I am tired of messing with it.
So I am wondering if I even need it or if there is something else.
I am behind a firewall already with my router if that helps any.
I guess I am having trouble understanding why virus protection is less necessary.
Do people not write viruses for linux systems?
View 7 Replies
View Related
Mar 3, 2011
i have configured the squid for my lan. My lan has three redhat 5.3 web servers. Now by using proxy server, i wish to give access to external clients for my web server and restrict to local client, accessing wan through port 80
View 2 Replies
View Related
Apr 26, 2011
I'm a little security paranoid, there are a lot of times that my terminal is available to prying eyes and listless fingers. As a security minded individual, I would like to make sure to lock down my Ubuntu (11.04b3) install in one of the best ways I can think of, and require a dongle to access my box. Is this something any of you other security minded people have done?
What are other great ways to lock my terminal? I would like to make sure that not only the "average" user, but also the ABOVE average user will not be able to penetrate my system without a key. Let me know what you think, and other measures I can take.
View 9 Replies
View Related
Apr 20, 2010
I have a work desktop plugged into the work network. As I opened my firewall settings I noticed that it is turned off. My question is how should I configure it? I saw that the interface isn't assigned to any zone... I should assign to internal zone and open some port that I need in order to work? There are some guidelines for configuring the firewall?
View 2 Replies
View Related
Jan 30, 2010
I have a CentOS 5 server in which I use Virtual Hosting and each domain has its own user/pass for login to upload files. The path is /var/www/vhosts/domain name]/httpdocs/What im attempting is setting up the creation of the [domain name] folder from an administration backend under PHP, which I am developing. What Im worried about is if I allow PHP to run command line commands such as mkdir, then what is stopping anyone from doing the same from their php files on my server??? What is the best way to properly setup my server to allow automated creation of the domain structure within my folder system
View 3 Replies
View Related
Jul 20, 2010
I have Ubuntu running on an old PE server. It is running Virtualbox with an instance of Ubuntu inside. The instance is there to run my honeypot.
The server box IP is192.168.1.10. The Virtualbox is bridged with it's own IP of 192.168.1.200. The honeypot daemon is listening to 192.168.1.201 with arpd.
I set up the UFW with DENY. And then enabled only the ports leading to the honeypot scripts which are abound to IP .201. I then forwarded the ports necessary to run VNC to .200.
Here is the UFW status:
buntu@ubuntu-desktop:/var/lib$ sudo ufw status
Status: active
To Action From
-- ------ ----
192.168.1.201 21/tcp ALLOW 21/tcp
192.168.1.201 4444/tcp ALLOW 4444/tcp
192.168.1.201 5544/tcp ALLOW 5544/tcp
[Code].....
View 8 Replies
View Related
May 23, 2010
Will I need to actiavte the firewall that comes with Ubuntu since I'm using Transmission?
View 9 Replies
View Related
Aug 13, 2010
I am new to the Ubuntu/Linix world (less than a week).
I have tried the search, but have had difficulty finding threads on this.
Can someone recommend an excellent firewall to use with Ubuntu?
View 9 Replies
View Related
Aug 14, 2010
I have a VPS (Ubuntu 8.04 server eition) and as such am stuck with using a software firewall.
i currently have UFW installed.
I would ideally like to have my firewall be a little rude, or rather just not polite. I know what i am asking will break the RFC, but i consider this ok due to the security benefits.
I would like to have my firewall
1) ignore (eg drop without responding)all packets that dont start with a syn flag
2)for all other traffic that is currently blocked, have it dropped (again drop it without responding)
If there are any other rules you can think of i would like to know them. I already have only the services i want open and the rest blocked.
View 7 Replies
View Related
Nov 4, 2010
I've been using Windows for quite a few years now. I loved the way how I used to set incoming/outgoing rules for my applications. But I'm having hard time doing that in Ubuntu. I tried searching for a good GUI for iptables but I need your help selecting the best. I might learn iptables someday but for the time being I will be using a nice GUI. I'm currently using GUFW, I've tried Firestarter. All I need is a firewall that would allow me to configure rules for my applications.
View 9 Replies
View Related
