"Is It Safe?" is a line I borrow from the 1976 classic movie thriller "Marathon Man", starring Dustin Hoffman and Lawrence Olivier. If you haven't seen it, I recommend you do. It should definitely make an impression on you.
That's what I hope to do here--make an impression on you.
Not to scare you or anything, but the answer to this entry's title, where the Internet is concerned, is an emphatic No.
Since I am a Linux advocate and the Distro of my choice is openSUSE I thought it would be appropriate to begin with a series of topics regarding configuring your Linux system.
Perhaps the most important aspect you should be aware of regarding your operating system is Security. Let me be clear on this:
"No system, be it Linux, Mac OSX, FreeBSD, Windows, is 100% safe."
Security as they say is a process, not an application.
You need to be vigilant and take steps in configuring your system to provide the best possible security at all times.
What can you do? Well, begin by considering use of an operating system which has good core security features. Arguably, openSUSE, currently version 10.3, of all the Linux distributions, is the most secure system you can use in its default configuration.
There are many things to consider that can improve on basic security.
GNU/Linux emulates, to a large extent, many of the core features of Unix. If you come with a Unix background, all the better. You should feel right at home. If not, and you are perhaps a Windows IT professional, that is to your advantage. In fact, I would submit, when you live with Linux, you'll gradually over time begin to comprehend and appreciate the breadth of features at your disposal and reach a comfort level in day-to-day use. If you are a total 'neophyte', my advice to you is: "hang in there", and don't be afraid. If anything, openSUSE 'hides' most every part of the finer 'inner-workings' of Linux behind a graphical user interface (GUI). If you come with BSD or Mac OSX experience, you should be fine as well--there are many similarities and concepts that their GUIs and kernels share in common that are akin to UNIX.
What makes GNU/Linux great, but not unique, is that it completely it 'decouples' the GUI from the Linux kernel. This 'partitioning', if you will, of various blocks of operating system functionality is central to Linux's 'Modularity' and flexibility. Modularity is a topic I will delve into further on another day. The GUI that I am going to reference here today is KDE. Most of what is discussed here will pertain in GNOME as Novell saw fit to replicate the same functionality in both GUIs so as to achieve uniformity (not 100% because of the limits imposed by GUI design philosophies and differences).
With FreeBSD or OpenBSD you can also choose your GUI just like with Linux. In fact, Linux and the aforementioned BSDs can be run without a GUI entirely, in 'headless' character-based mode. In fact, many internet websites are configured intentionally to run in headless mode to conserve memory. Administration is then done over a Secure Shell (ssh) command line interface with no GUI. Those 'modules' simply aren't installed and not needed.
OK, lets get into it a bit deeper. Let's talk about YaST. When it comes to doing most configuration via the KDE or GNOME GUIs on openSUSE, the first place you visit is YaST. Occasionally you will find yourself opening a Bash Terminal Window to a command shell to do certain things, but alot can be done entirely from the GUI in YaST. Readers who are coming from Windows can make an analogy to Windows Control Center. YaST, stands for 'Y'et 'a'nother 'S'etup 'T'ool.
Click on KMenu->System->Configuration->YaST (Administrator Settings)
Type in your Administrator (root) password.
YaST Control Center Menu
When it comes to security and openSUSE 10.3, Novell's AppArmor is enabled by default. AppArmor runs on top of Linux Security Modules. Essentially, it binds itself to the Linux kernel at boot time and puts a sandbox around any process or processes you deem need protection. AppArmor is similar to SELinux, but easier to configure and maintain. Let's take a closer look at the 'Novell AppArmor' page. Click on it now.
AppArmor Page Menu
'Add Profile Wizard' will take you through the creation of an individual profile for an application or individual executable you specify. It's fairly straight-forward to use. To see what profiles are currently defined, we'll go into 'Edit Profile', even though I will not be editing one specifically. We just want to see what's there. Click on 'Edit Profile'.
AppArmor Edit Profile Screen
As you can see, there are several profiles listed with the full path to the location on each.
Note here my PC also has a profile defined for Firefox. This adds an additional layer of security around your Firefox internet sessions.
You can press Abort to return to the Novell AppArmor Menu and close the Yast Control Center via File->Quit.
In Is It Safe? - Part 2, I'll go into further detail about AppArmor and show how to configure a Firefox profile and cover the 'Security and Users Page', which includes SuSEFirewall a graphical tool for configuring iptables.
Until then, be safe.
--dietrich
YaST Control Center Menu
When it comes to security and openSUSE 10.3, Novell's AppArmor is enabled by default. AppArmor runs on top of Linux Security Modules. Essentially, it binds itself to the Linux kernel at boot time and puts a sandbox around any process or processes you deem need protection. AppArmor is similar to SELinux, but easier to configure and maintain. Let's take a closer look at the 'Novell AppArmor' page. Click on it now.
AppArmor Page Menu'Add Profile Wizard' will take you through the creation of an individual profile for an application or individual executable you specify. It's fairly straight-forward to use. To see what profiles are currently defined, we'll go into 'Edit Profile', even though I will not be editing one specifically. We just want to see what's there. Click on 'Edit Profile'.
AppArmor Edit Profile ScreenAs you can see, there are several profiles listed with the full path to the location on each.
Note here my PC also has a profile defined for Firefox. This adds an additional layer of security around your Firefox internet sessions.
You can press Abort to return to the Novell AppArmor Menu and close the Yast Control Center via File->Quit.
In Is It Safe? - Part 2, I'll go into further detail about AppArmor and show how to configure a Firefox profile and cover the 'Security and Users Page', which includes SuSEFirewall a graphical tool for configuring iptables.
Until then, be safe.
--dietrich
Blog feed
Comments Feed
Leave a comment