Re: securing this workstation.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2025-04-25 at 18:38 -0600, home user via users wrote:
> I do need for Firefox, Thunderbird, and dnf to be able to interact with 
> the "outside world" appropriately.  I do occasionally need to be able to 
> download or upload things.
> Beyond those (and maybe other appropriate things that don't at the 
> moment come to mind), I do not want anyone or anything to be able to get 
> into this workstation.  For example, no "ssh", "scp", "rlogin".

I'll ask the obvious:  Do you run any servers?  e.g. Do you have a mail
server, or a webserver, that you try out locally?

Generally speaking, you don't unless you deliberately set them up.  And
if you don't have any servers listening for connections, there isn't
anything for an outside to connect to.  And if you do set up servers,
you have to reconfigure them to listen to the outside world.

CUPs used to be installed (printer server), probably still is, but
doesn't need to be running, and should only be listening to LAN
addresses anyway.

When they set up fibre internet to my home they asked me to connect a
computer directly to their fibre adapter to test the network,
I connected a laptop with Fedora.  They couldn't detect anything,
normally they can fingerprint a device by its chattiness.  All they
knew was that an IP had been assigned to the device.

So a firewall is just belts and braces, or redundant.

 netstat -ltuvpe

Will show what's listening (l) for connections on your computer using
TCP (t), and UDP (u), with verbose (v) answers, showing info about the
program (p) doing so, with extended (e) information.

You could post the output of that here if you wanted confirmation.

-- 
 
uname -rsvp
Linux 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
 
Boilerplate:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.
 

-- 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux