you didnt have to reinstall from a bad kernel.
you could of just used a live cd and chroot your hard drive. then you could use your src or the cdroms to recompile.
i had to do that a couple of times when i was fighting with gentoo. no real safe-mode in linux(single user doesnt count!!!).
This was a while ago.. but I rembemer that it was messed up bad enough.. and I didnt have a recover CD.
Hell with sourcemage I messed up rebuiling my entire system and lost bin-utils and tar and gz and bzip and a lot of other commands a lot of people use for basic file system navagaition.. Ive recovered in less then a day. The bad kernel was also a long time ago when I was new to linux.
To Secure Linux (by Lynux Penguin):
Modify as you see fit.
First: Get a router. This is a MUST. You may even buy another computer to act as a router but get a router! Then, when on Linux learn ipchains/iptables etc. Reject just about every port until you want to present something.
Then go read a book called:
Linux Administrator's Security Guide
By Kurt Seifried
Then download this and be happy that the LDP exists ^_^
Securing-Optimizing-Linux-The-Ultimate-Solution-v2.0.pdf
That should suffice ^_^
-LP
Asking the right question is sometimes more important than knowing the answer.
Please read the FAQ
C Reference Card (A MUST!)
Pointers and Memory
The Essentials
CString lib
I hate routers i wont use the things, i do have a hub however. What do you mean by using another pc as a router? Bear in mind this computer will run hl server and other things for lan parties...
thnx for the link..
a hub wont do much, atleast make it a switch.
a seperate pc for a router is a good way to go. a cisco router will cost a way to much alonf with some of the cheaper knockoffs. the pc(which could be a 386 anything with 4MB ram..) would be the gateway.
the gateway would get the internet connection on the first nic and then think. it would look at a rule set to see what it should do. if it passes it would go threw the second nic to your hub/switch to teh rest of your network..
i used to have one, but its dead(compaq prolena 66mghz, 24MB ram, 512MB hdd)...
i wonder how bad it would be a for a lan party. since its not a proxy it cant be that bad. do you mean people on your wan or lan? its couldnt slow down your lan.
i dont see how that pc to the lan would be any different then my pc since its firewalled, ie net--my pc---network.
People dont access the net thru my lan only my pc the only thing comps that arne me can do is get to public files.
Heres wat i want, my pc connects to the net and is firewalled. My pc is hooked into my local lan of maybe two pcs thru a hub. My pc can access the files on these pc's at will, but i want NO internet to get to those computers....i have heard of something called a dead box? wats that?
Also, how can i make sure people can only access what i say on linux, ie the game im hosting and some folder named public?
Last edited by RoD; 07-21-2003 at 12:07 PM.
your router would be a dedicated firewall/router on a unix, beats norton.
plus then you can atleast hope that if some one gets in their only screw around with the computer you dont care about(the router). its a lonf shot but its something. plus you wouldnt have to have a firewall on every pc, something that can be annoying for games.
its kind of kool if your into this kind of stuff. or you could get something like the hotbrick, pricey but it sounds pretty kool.
<edit>
any one ever use the hotbrick?
Why the heck would anyone spend $700 on a firewall for your home when you can buy a $70 DSL/Cable NAT router with a 4 or 5 port switch? That hotbrick would be extreme overkill for a home LAN. Who the heck needs 2 WAN ports for redundancy, VPN support, IDS, and stateful inspection at home?
What you want would be extremely easy ROD. Just be sure you don't setup ip masquerading on the Linux box and you don't have to worry about the LAN PCs accessing the Internet. You need to firewall your PC to restrict the incoming traffic on your Internet interface but let out outgoing traffic on it so you can surf the web and stuff alright. You also can set the firewall to allow all traffic on the LAN interface so you or the LAN PCs don't have a problem talking with each other.
Last edited by damonbrinkley; 07-21-2003 at 12:49 PM.
Well i have dialup so a cable/dsl wouldnt help me : )
I run zone alarm pro 4.0 on my pc setup to only allow traffic out with a few exceptions, and tightly monitored. So as long as i dont setup that on the linux box it will never try and access the net? Also i can setup ZA to monitor a network but im afraid that will mess with lan parties, which at them i only want the one folder showing to ANY pc (they'd all be windows) except my pc, and full access to ports that games like HL host on.
yes it is overkill, but every one has to admit its kool. thats they only reason i mentioned it. most of the dsl routers arnt the greatest so something else is need.Why the heck would anyone spend $700 on a firewall for your home when you can buy a $70 DSL/Cable NAT router with a 4 or 5 port switch?
isnt ip masquerading needed for the nat?
are you playing the game only at your house or house and internet?
Setup Samba to just share that one folder you want the users to have access to and that's all you need to do.
You can set iptables to accept all traffic for certain ports on whichever interface is your LAN interface.
My Cable/DSL router has been working perfectly for about 2 years now.Originally posted by mart_man00
yes it is overkill, but every one has to admit its kool. thats they only reason i mentioned it. most of the dsl routers arnt the greatest so something else is need.
isnt ip masquerading needed for the nat?
are you playing the game only at your house or house and internet?
ip masquerading is nat but he doesn't want the LAN machines accessing the Internet so he doesn't have to worry about it.
do you run a firewall on your pcs? does the router have that kind of extras? i never really played with mine, maybe it was more over kill than i thought.My Cable/DSL router has been working perfectly for about 2 years now.
Nope, no firewall on my PCs. My Cable router just performs NAT for my two PCs on my LAN.Originally posted by mart_man00
do you run a firewall on your pcs? does the router have that kind of extras? i never really played with mine, maybe it was more over kill than i thought.
I only play the games within the lan...whats samba? Seeing as how i dont know the ports for each game people will bring can i set it up to allow people to connect to any open port running a server? IE a half life dedicated server will auto open a port then the HL client looks for it, can i jus tell linux to let the games open the port? Internally of course because my windows pc isnt letting the net past to the network.
