Here’s the ideal start to find out about the options available to safeguard your Ubuntu PC & data, using antivirus & firewall softwares, plus iptables.
This section of the Karmic Koala Bible weighs the basic firewall & anti-virus options for sole Linux PCs & network clients. It analyses security concerns, linking to some of the finest reference about iptables and the overall topic.
(OK, let’s be frank .. it’s dull as s-h-1-t .. but if you have any doubt then do skim through it, and I’ll try to make it as painless as possible.)
In simple copy/paste steps .. from zero to hero.
Scroll down for the full series index.
Wake up and smell the Ubuntu! Hope it helps. the_guv
Thing is, I can’t bring myself to write up a guide like this, where effectively you’re putting your business, to whatever extent, in my hands, without a word of caution. Bad Karma!
Yes, Linux is safe, strikes me. Essentially it is, with a system where you as ‘root’, else a priviledged Super User, would have to execute a virus or port-opener, to compromise things.
Then again, you know what? I’ve done that very thing in my silly-sod past, and who knows what clever hack-tactic may ensnare my inquisitive nature once again. Times change, knowledge develops, viruses evolve and ports may somehow be prised.
There are three trains of thought on this subject:-
I have sympathy with each. But ..
Fact is, different setups require different strategies, and a post such as this cannot provide anything other than a roundup of the options and a few pointers. Talking of which ..
Here are some options:-
We’re a little in the deep end here, to be honest. But like anything, it gets much simpler (just down the page, I promise) so take heart (as well as an aspirin.)
Installed by default, iptables can be tuned to your needs to provide super-strong defence, but the ruleset syntax requires some time to get to grips with. Some reference:-
Hmmn, let’s apply the brakes a little. For the uninitiated, there is a better way!
Not only does that sound appealing, but you’ve already got it, installed by default. It’s just disabled until enacted.
Once enabled, you can input commands from the Terminal to create bespoke rules for the iptables, which as you may have gathered is rather easier than setting out the iptables ruleset directly. To make life even more uncomplicato – in fact pretty darn simple – there’s a GUI called GUFW that can sit on top, effectively working as an iptables’ dummy guide. Coupled with a little reading from above, playing with GUFW is a great way to gain fundamental understanding, fast.
I’m not gonna give you all the commands, because Ubuntu already did and these guides are terrific:-
And for UFW’s GUI, GUFW, check out:-
GUFW has a download link. Ignore that and, instead, type, imaginatively enough:-
sudo aptitude install gufw
And run it by typing the uniquely uncomplicated:-
Or, if you like, use the utterly uncomplicated menu:-
System > Configuration > Firewall Configuration
By contrast to ubergeek chessmaster Oskar Andreasson’s scary iptable doctorate thesis, GUFW running on UFW really is for human beings, or more regular ones anyhow, with barely a whiff of intimidation. And the beauty, of course, is that the ABC knowledge of the one leads to a sincere interest in the geek alphabet soup of the other. Isn’t that romantic?
Not dissimilar to UFW, and again with its user-friendly GUI, Firestarter hooks into your pre-existing iptables.
While the tiniest bit more demanding, again Firestarter is pretty easy to use and there’s a mighty simple manual to help. In fact, even if you go another route, but are a newbie and want some kind of iptable security solution, read that manual because it really is the Sesame Street of iptables.
To install it:-
sudo aptitude install firestarter
And to run its wizard:-
When you’re done configuring the wizard, a console will open and you can play with that too, for instance to start or stop the thing or see what ports are open. When you quit the Firestarter console and the panel icon disappears, it’s firewall remains up, unseen. Even if you specifically stop the Firestarter firewall which, having configured and started it, you have to do from within the console or from the command line, you still have your iptables to protect you.
If you share via a Samba network, and think your colleagues may, shall we say, be a little Windozed (yeah, let’s face it, I mean, er, not entirely savvy), this option may prove valuable.
Look up AVG for Linux, for one.
And ClamAV is popular with Ubuntans (even if it does sound like an STD.) To install that:-
sudo nano /etc/apt/sources.list
.. and add the repository:-
deb http://ppa.launchpad.net/ubuntu-clamav/ppa/ubuntu karmic main
.. save that file, then add this key:-
sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xf80220d0e695a455e651ac4d8ab767895adc2037
Lastly, get it:-
sudo aptitude update && sudo aptitude upgrade
And that really is quite enough about that. I mean, God’s teeth! Are you still reading this? Well, I say, your stamina is estimable. Personally, I was asleep at the wheel.
Then again, I hope that’s handy, not off-putting.
Set up Koala .. tweak it to perfection .. & maximize productivity .. for work & play.
That's what the Karmic Koala Bible does, stepped out in easy copy/paste guides.
From Linux initiates to intermediates, here's what you need.