From: Newsbox (nospam_for_me_please_at_thanks.invalid)
Date: Thu, 12 May 2005 19:00:39 -0400
On Thu, 12 May 2005 21:58:05 +0000, Jacco wrote:
> On Thu, 12 May 2005 17:34:07 -0400, Newsbox wrote:
>>> Hope that helps you.
>> Also, if this is your first Linux experience, even more fundamental than
>> the above (and still on topic here): never log on as root, and for many
>> really good reasons. What to do instead:
> Thanks for all your typing. Its not my first experience with linux. You
> answered previous posts about rkhunter - my posts about that hopefully
> indicated I have had linux systems for several years.
You never know who is writing, who may claim lots of knowledge and
experience, and sometimes later turn out to have taken little care about
simple things. Glad it wasn't you.
> I have, in the past, generally written netfilter rules using vi
> (rc.firewall type scripts) but have played with front ends. I think a GUI
> is much better if suitable for what I want to do.
Someone mentioned that Shorewall writes OUTPUT table rules, so might be
closer to what you asked for.
> Regarding your comments on the security models. I guess I like the
> "ask me first me if the system tries to do something" model of Zonealarm
> and think it has a unique advantage over the "trust that I have the thing
> set up right and check every now and then" model I have with linux (even
> with all the tools you have mentioned).
It's quite possible to write rules that will initiate an action including
popping up a window. You might want to look at "wish" to make a custom
popup of your choice. I tend to concur that if a packet bounces off the
firewall either way, the firewall has done its job and the log can wait
until I'm ready to read it. I don't think Firestarter will write OUTPUT
table rules. You'd have to go to Shorewall or add your own rules as I do.
As far as identifying processes that want to output packets, I'm sure it
can be done but question the value. To each his own. I could see its
value in windows, but that's another story. No executables should ever be
installed under Linux without (someone's) permission, and then with
only limited privileges. Security is, after all, just a matter of trust,
which you can restore and renew at your own chosen intervals, with
relatively straightforward, well documented and mostly automated
procedures. The newer software also has many improvements. If you can't
trust your system for a few hours then you can't trust it for a second,
and it's probably suitable as nothing more than a toy. That's why I don't
use windows; the best software firewall in the world will not make windows
secure enough for any serious purpose. I trust my Linux systems without
intrusive popups. To each his own.
Anyway, you wrote the question, but there may be other readers with the
same question who don't have the benefit of your years of experience.
There was no way to know what your experience was from what you wrote on
this group. So it wasn't just for your benefit. But, you are welcome.