Learning Linux
-
@Dashrender said:
Thanks for that explanation - much better than just adding my name to the sudoers file
Yes, that really should not happen. Not realistically.
-
@Dashrender said:
but I'm still wondering about the virus/malware protection.
Don't go around browsing websites from your server. Problem solved
-
With User Account Control in Windows, if my user has local admin rights, I still get prompted (normally) so even if some malware is trying to run, if I get an unexpected prompt I should be wary and most likely deny the access.
Does something like that apply here? in a non gui, I'm not sure how it could. I'm probably over thinking it. In a CLI the only things that are running are those that I type.
As for someone gaining access to my account, I guess I just need to make sure I have a good password.
-
@Dashrender said:
With User Account Control in Windows, if my user has local admin rights, I still get prompted (normally) so even if some malware is trying to run, if I get an unexpected prompt I should be wary and most likely deny the access.
In Linux it will just fail, doesn't even prompt you.
-
@Dashrender said:
Does something like that apply here? in a non gui, I'm not sure how it could. I'm probably over thinking it. In a CLI the only things that are running are those that I type.
This is what sudo does. It's just proactive instead of reactive.
-
@Dashrender said:
As for someone gaining access to my account, I guess I just need to make sure I have a good password.
Or use a key. Or a key plus a password. Or add another for of two or even three factor authentication.
-
Make sure you are running fail2ban.
-
awesome, thanks...
-
Had to be done
-
-
Ubuntu uses the sudo group instead of wheel, for some reason. Just a crazy desire to be non-standard.
-
Where did wheel come from?
-
@Dashrender said:
Where did wheel come from?
https://en.wiktionary.org/wiki/big_wheel
big wheel (plural big wheels)
(idiomatic) A person with a great deal of power or influence, especially a high-ranking person in an organization. She's a big wheel at IBM. -
LOL - when I think of Big Wheels I think of a three wheeled vehicle for kids...
-
Using @scottalanmiller 's definition, I think of Big Wig, lol. Must be where my southern heritage shows, lol.
-
Why do so many instructions assume selinux is turned off? Don't you want it enabled to protect you?
That and fail2ban?
-
@Dashrender said:
Why do so many instructions assume selinux is turned off? Don't you want it enabled to protect you?
That and fail2ban?
Because they are lazy, as are most shops, andn so they just disable it.
Although to be fair, turning it off for an install and enabling again when done is fine. It's running operationally without it that is bad.
-
@scottalanmiller said:
@Dashrender said:
Why do so many instructions assume selinux is turned off? Don't you want it enabled to protect you?
That and fail2ban?
Because they are lazy, as are most shops, andn so they just disable it.
Although to be fair, turning it off for an install and enabling again when done is fine. It's running operationally without it that is bad.
OK disable/re-enable fine - but I would think.. there would be some configuration requirements for whatever you installed? i.e. some instructions for said changes to selinux?
-
@Dashrender said:
OK disable/re-enable fine - but I would think.. there would be some configuration requirements for whatever you installed? i.e. some instructions for said changes to selinux?
Not always. Traditionally MySQL could not install without SELinux being disabled, but once installed you turn it back on and it runs fine.
-
Since only CentOS uses SELinux, I think that a lot of app developers question the value of investing too much time in doing it the "right way" when they can just disable it and move on. Other Linux use different technologies so the time needed to any one of them right can be quite a bit.
