this post was submitted on 06 Aug 2023
98 points (92.2% liked)

Linux

48247 readers
742 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Do you have any antivirus recomendations for Linux.

you are viewing a single comment's thread
view the rest of the comments
[–] bushvin@pathfinder.social 74 points 1 year ago* (last edited 1 year ago) (2 children)

I wouldn’t recommend using anti-virus software. It usually creates a lot more overhead, plus it usually mimics existing solutions already in linux. The only viruses I have ever caught using an anti-virus software on Linux are the test viruses to see if all is working fine.

Anyway, here’s my 20+ enterprise experience recommendations with Linux :

  • enable secure boot: will disable launching non-signed kernel modules (prevent root kits)
  • enable firewall: and only allow ports you really need.
  • SELinux: it is getting better, and it will prevent processes to access resources out of their scope. It can be problematic if you don’t know it (and it is complex to understand). But if it doesn’t hinder you, don’t touch it. I do not know AppArmor, but it is supposed to be similar.
  • disable root over ssh: or only allow ssh keys, or disable ssh altogether if you do not need it.
  • avoid using root: make sure you have a personal account set up with sudo rights to root WITH password.
  • only use trusted software: package managers like apt and rpm tend to have built in functionality to check the state and status of your installed software. Use trusted software repositories only. Often recommended by the distro maintainers. Stay away from use this script scripts unless you can read them and determine if they’re the real thing.

Adhering to these principles will get you a long way!

edit: added section about software sources courtesy of @dragnucs@lemmy.ml

And when in doubt, upload the file to virustotal.

[–] pglpm@lemmy.sdf.org 5 points 1 year ago (6 children)

Thank you for the advice!

Firewall on Linux is something I still don't understand, and explanations found on Internet have always confused me. Do you happen to know some good tutorial to share? Or maybe one doesn't need to do anything at all in distros like Ubuntu?

Regarding ssh: you only mean incoming ssh, right?

[–] pglpm@lemmy.sdf.org 5 points 1 year ago* (last edited 1 year ago) (1 children)

@bushvin@pathfinder.social @toikpi@feddit.uk @hevov@discuss.tchncs.de @ChonkaLoo@lemmy.world @HotBoxghost2743@lemmy.ml @c1177johuk@lemmy.world (I'm surely forgetting someone, sorry)

Thank you ALL for the great advice and guides! I'm writing from behind a laptop firewall now, and don't notice anything :) It was smoother than I expected. In the end I used UFW because it was already installed, but I'll take a look at firewalld too in some days! I don't have any incoming ssh connections (not a server), so I didn't need to worry about that :)

Really great people here at Lemmy :)

[–] HotBoxghost2743@lemmy.ml 2 points 1 year ago

You're welcome friend!

[–] hevov@discuss.tchncs.de 3 points 1 year ago

I don't think you need to configure your firewall. Firewalls are usualy used to block incomming connectings. Usualy a Firewall that blocks all incomming connections is already active on your modem/router. Adding exception to the modem/router Firewall usualy happen through port forwords.

[–] HotBoxghost2743@lemmy.ml 3 points 1 year ago (1 children)

What don't you completely understand about Linux firewall? I don't mind helping you learn

[–] pglpm@lemmy.sdf.org 5 points 1 year ago (2 children)

Thank you everyone, also @bushvin@pathfinder.social @toikpi@feddit.uk.

For example, if I open my settings (I'm on Ubuntu+KDE) I don't see any firewall settings to configure. So I expect this is automatically done by the OS, but maybe I'm wrong. A bit surprised that the system itself doesn't recommend using a firewall, to be honest.

Many firewall tutorials start speaking about "your server". Then I wonder: is this really for me? I don't have a server. Or do I?

I now see that the tutorial from @toikpi@feddit.uk gives a better explanation, cheers! So I see it's good to have a firewall simply because one connects to public wifis from time to time.

I see that both UFW and firewalld are recommended... is it basically OK whichever I choose?

[–] HotBoxghost2743@lemmy.ml 3 points 1 year ago* (last edited 1 year ago) (1 children)

The main one everybody uses at least from my knowledge and from what I've used over the last 13 years is UFW. That is what you want to use.

A firewall is very important not just for being on public Wi-Fi connections. A firewall is your extra layer of protection

I don't know what Distro you run. But it's almost the same for each one

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04

UFW is installed by default on Ubuntu. If it has been uninstalled for some reason, you can install it with sudo apt install ufw.

Using IPv6

sudo nano /etc/default/ufw

That command should come back with this

IPV6=yes

Save and close the file. Now, when UFW is enabled, it will be configured to write both IPv4 and IPv6 firewall rules. However, before enabling UFW, we will want to ensure that your firewall is configured to allow you to connect via SSH. Let’s start with setting the default policies.

Setting up default policies

sudo ufw default deny incoming sudo ufw default allow outgoing

These commands set the defaults to deny incoming and allow outgoing connections. These firewall defaults alone might suffice for a personal computer, but servers typically need to respond to incoming requests from outside users. We’ll look into that next.

To configure your server to allow incoming SSH connections, you can use this command:

sudo ufw allow ssh

This will create firewall rules that will allow all connections on port 22, which is the port that the SSH daemon listens on by default. UFW knows what port allow ssh means because it’s listed as a service in the /etc/services file.

However, we can actually write the equivalent rule by specifying the port instead of the service name. For example, this command works the same as the one above:

sudo ufw allow 22

If you configured your SSH daemon to use a different port, you will have to specify the appropriate port. For example, if your SSH server is listening on port 2222, you can use this command to allow connections on that port:

sudo ufw allow 2222

To enable UFW, use this command:

sudo ufw enable
[–] bushvin@pathfinder.social 4 points 1 year ago* (last edited 1 year ago) (1 children)

The main one everybody uses at least from my knowledge and from what I've used over the last 13 years is UFW. That is what you want to use.

I could easily say that for firewalld… 😃

Ufw is typically available/pre-installed with Debian based systems (Debian, Ubuntu, zzz), while Firewalld is typically available on Red Hat Enterprise Linux and derivates (Fedora, CentOS, Rocky, …)

But it boils down to what you prefer, really.

[–] HotBoxghost2743@lemmy.ml 2 points 1 year ago

I know all this already. But I also use arch and have been for the last 6+ years and I use ufw lol

[–] bushvin@pathfinder.social 2 points 1 year ago (1 children)

I see that both UFW and firewalld are recommended... is it basically OK whichever I choose?

Yes. Whichever works for you should be fine. In the end you should be able to manage it

[–] ChonkaLoo@lemmy.world 3 points 1 year ago

go with firewalld ufw floods dmesg with useless messages

[–] bushvin@pathfinder.social 3 points 1 year ago

Yes, usually you configure your endpoint firewall to block incoming traffic, while allowing all outgoing.

Unless you’re in a very secure zone, like DMZ’s.

[–] toikpi@feddit.uk 3 points 1 year ago

Firewall - While this tutorial is Ubuntu 16.04 it should work current versions of Ubuntu https://www.linuxbabe.com/desktop-linux/getting-started-gufw-ubuntu-16-04 It should work for other distributions once you change the package manager.

[–] bushvin@pathfinder.social 2 points 1 year ago (2 children)

ebtables and iptables can be very complex. And I failed my 1st RHCE exam because of them. But once you learn, you will never unlearn, as they are quite beautifully crafted. You just need to get into the mindset of the people who wrote the tools…

Look into firewalld It has a rather simplified cli interface: firewall-cmd

The manpages will tell you a lot.

firewall-cmd —add-service=ssh Will open the ports for your ssh daemon until you reload your firewall or reboot your system firewall-cmd —permanent —add-service=ssh Will open the ssh ports until you remove them

firewall-cmd —list-all Will show you the current firewall config

[–] kool_newt@lemm.ee 4 points 1 year ago

Try nftables directly, it's simple and straightforward, scripting syntax is easy.

[–] c1177johuk@lemmy.world 3 points 1 year ago (1 children)

Another simpler frontend for iptables I think is well suited for desktop environemnts is ufw. It does what it's supposed to do and is extremely simple to use

[–] bushvin@pathfinder.social 1 points 1 year ago

I personally do not know ufw, but if it does what it must, then you’re solid.

Linux is also about choices: do stuff the way you choose to, and makes you comfortable.