• General Linux Chat and Small Questions v. Install Arch
    4,946 replies, posted
[QUOTE=neos300;37746467]Can't, ssh is the one service we can't modify, (real world simulation bs) but we will change the root password, don't worry.[/QUOTE] Block all open ports using iptables, except the ssh port. every user you have on the system, should have very limited rights, and no sudo permissions, and only have 1 user wich has sudo permissions. also make it that if someone who has logged in onto an ssh connections, logs out, then it should execute this command: history > /path/to/history_file so everything a person makes, gets logged, and you can see what the person has done onto your system. This has saved my life once. also, use a [URL="http://en.wikipedia.org/wiki/Restricted_shell"]Restricted[/URL] shell for users who doesen't need permissions to execute any program Restricted shells are not 100% secure, but they can stop or slow down a person who doesen't know much about them.
Do you know what's really annoying? I have to setup my monitor resolution every time I boot.
[QUOTE=nehkz;37746660]Do you know what's really annoying? I have to setup my monitor resolution every time I boot.[/QUOTE] I use the same linux laptop for both school and work. At work, I use 2 24" monitors, insteas of the notebook monitor. so I have to manually edit the settings with nvidia-config each time I boot up my laptop at work. Maybe one time, Ill generate 2 separate xorg.conf files, and create a script wich adds the right files on xorg boot.
[QUOTE=T3hGamerDK;37746517]What? A real world simulation would HAVE you modify it and secure it in that way. You shouldn't know the root password, have it generate on bootup, as no user should use that account for anything but recovery, and use a well-secured sudo instead.[/QUOTE] Also, do ensure that each user that can log in to the system has a restricted quota on their home directory, and can't write to ANYWHERE else on the system. NOT ANYWHERE. They should have their own temporary directory as well.
also ditch gcc, so users can't compile their own software (or make it, so only root can compile) and move the chmod program to /root/bin, and replace it with a shell script wich does nothing. so the user can't build/execute any custom programs on the host machine, wich makes it almost impossible for him to execute malware. or maybe have a separate /home partition, wich is mounted with the 'noexec' parameter
[QUOTE=kaukassus;37746676]I use the same linux laptop for both school and work. At work, I use 2 24" monitors, insteas of the notebook monitor. so I have to manually edit the settings with nvidia-config each time I boot up my laptop at work. Maybe one time, Ill generate 2 separate xorg.conf files, and create a script wich adds the right files on xorg boot.[/QUOTE] Yeah, about xorg.conf. I don't have it on my system. Maybe this is what I'm having problems with.
[QUOTE=nehkz;37746771]Yeah, about xorg.conf. I don't have it on my system. Maybe this is what I'm having problems with.[/QUOTE] probably. usually I set my resolution on boot, by adding 'xrandr -s 1920x1200' to my .xinitrc
[QUOTE=nehkz;37746771]Yeah, about xorg.conf. I don't have it on my system. Maybe this is what I'm having problems with.[/QUOTE] You can just create a xorg.conf file, it's what X.org looks for first, IIRC.
Maybe we should write a guide about linux security. And while we're at it. we would need a better OP with links to all the Linux distros and guides too.
[QUOTE=kaukassus;37746873]Maybe we should write a guide about linux security. And while we're at it. we would need a better OP with links to all the Linux distros and guides too.[/QUOTE] Just install Sabayon. Binary and source distribution in one. Done! /sarcasm In all seriousnessnesseses, I think a thread with better guides and everything would be pretty imensively cool. One thing missing though is the ability to create "anchors" in a post #0. That would be pretty boss.
[QUOTE=kaukassus;37746719]also ditch gcc, so users can't compile their own software (or make it, so only root can compile) and move the chmod program to /root/bin, and replace it with a shell script wich does nothing. so the user can't build/execute any custom programs on the host machine, wich makes it almost impossible for him to execute malware. or maybe have a separate /home partition, wich is mounted with the 'noexec' parameter[/QUOTE] I hope they don't have marks on whether the machine remains serviceable afterwards. Otherwise you might as well suggest that he sets the whole thing read-only, booted from the network, with no user accounts enabled and nothing but init running.
[QUOTE=T3hGamerDK;37746517]What? A real world simulation would HAVE you modify it and secure it in that way. You shouldn't know the root password, have it generate on bootup, as no user should use that account for anything but recovery, and use a well-secured sudo instead.[/QUOTE] The grading software isn't very smart. [editline]21st September 2012[/editline] Also this isn't live defense, we simply have to secure it once and then were done, and most of the stuff you guys posted (While good) aren't graded. Thanks for the advice though/
So, the new tf2 update broke (again) the entire game in linux for me. Crashing leaving the spawn in every map. God dammit!
[QUOTE=Ol' Pie;37758367]So, the new tf2 update broke (again) the entire game in linux for me. Crashing leaving the spawn in every map. God dammit![/QUOTE] Why don't you just wait for Steam to get released?
[QUOTE=nehkz;37758534]Why don't you just wait for Steam to get released?[/QUOTE] Because waiting one month isn't always fun.
[QUOTE=T3hGamerDK;37758826]Because waiting one month isn't always fun.[/QUOTE] Masturbate in the meantime. [editline]22nd September 2012[/editline] Remember to switch hand often.
[QUOTE=nehkz;37758534]Why don't you just wait for Steam to get released?[/QUOTE] Steam being released doesn't mean TF2 gets released on Linux. The initial roll-out will be L4D2 only.
[QUOTE=nikomo;37759546]Steam being released doesn't mean TF2 gets released on Linux. The initial roll-out will be L4D2 only.[/QUOTE] It'll be released later on eventually. It's TF2. Come on.
[QUOTE=nikomo;37759546]Steam being released doesn't mean TF2 gets released on Linux. The initial roll-out will be L4D2 only.[/QUOTE] Considering L4D2 uses the most advanced branch of the source engine, they will more than likely do the same for the rest of the source games. Not to mention, steam is host to lots of linux-native games, and not just cheap ports (amnesia for example)
Yeah, TF2 will come, but if he stopped playing with WINE and just waited for the Linux version, we're talking about a 2-5 month wait here.
[QUOTE=FlubberNugget;37759622]Considering L4D2 uses the most advanced branch of the source engine[/QUOTE] I thought that was supposed to be Portal 2 L4D2 was, I believe, the latest TF2 one with all the film grain and stuff backported from the first one?
[QUOTE=esalaka;37760023]I thought that was supposed to be Portal 2 L4D2 was, I believe, the latest TF2 one with all the film grain and stuff backported from the first one?[/QUOTE] Oh, it was when it was released I guess But yeah, the P2 engine isn't vastly different from the previous versions. I'd say CS:GO is the most advanced branch now.
[QUOTE=FlubberNugget;37760042]Oh, it was when it was released I guess But yeah, the P2 engine isn't vastly different from the previous versions. I'd say CS:GO is the most advanced branch now.[/QUOTE] The "no loading on startup" thing really got me. Seriously.
[QUOTE=T3hGamerDK;37760051]The "no loading on startup" thing really got me. Seriously.[/QUOTE] Okay automatically the most advanced Source game right there Maybe I should buy it just to experience this.
so, just fixed it installing 1.5.13, but as i have to force no dxwrite, steam ingame is pretty fucked up (in layout, i mean) and it's really sluggish
[QUOTE=esalaka;37760473]Okay automatically the most advanced Source game right there Maybe I should buy it just to experience this.[/QUOTE] It actually made me realize how deep a problem loading times are. I'm more inclined to play CS:GO than TF2 because of this single thing. Not by a lot, but it does make a difference, and developers really really have to take note of this (I know many game developers do, but it's still VERY important).
[QUOTE=Ol' Pie;37760504]so, just fixed it installing 1.5.13, but as i have to force no dxwrite, steam ingame is pretty fucked up (in layout, i mean) and it's really sluggish[/QUOTE] The steam overlay is broken in Wine
[QUOTE=T3hGamerDK;37760550]It actually made me realize how deep a problem loading times are. I'm more inclined to play CS:GO than TF2 because of this single thing. Not by a lot, but it does make a difference, and developers really really have to take note of this (I know many game developers do, but it's still VERY important).[/QUOTE] Well, Valve tends to periodically (every few years or so) upgrade all or most Source games to the newest engine.
[QUOTE=FlubberNugget;37760559]The steam overlay is broken in Wine[/QUOTE] Don't worry, Big Picture mode overlay is broken in Windows.
Remember -novid/-nointro to your CLI options for extra fast game startiness.
Sorry, you need to Log In to post a reply to this thread.