[sf-lug] update from computer newbie
Rick Moen
rick at linuxmafia.com
Fri Jul 7 13:08:39 PDT 2006
Quoting forwarded mail from Jeff Gibson (and maybe Bob Sungib wouldn't
mind forwarding my comments back?):
> I should be getting my pclinuxos installation cd in the mail today and
> my goal is to install it this weekend (sonic.net tells me I should
> have my dsl turned on this coming Monday). I've spent the last few
> weeks at the library canvassing the web for installation guides and
> help, as well as printing out the pclos installation guide and reading
> relevant forum posts.
It's a slightly modified Mandriva w/KDE emphasis that runs from a "live
CD" setup by default. Therefore, most materials on the Internet about
Mandriva (formerly Mandrake Linux) are also useful, and to a lesser
extent so is stuff about RPM-based distributions generally.
> Most guidelines unfortunately assume a dual boot install (w/ Windows)
> but I prefer to erase MS and have pclos as a sole os on my hd. Any
> suggestions or cautions would be appreciated. I would think that
> erasing Windows would make a linux installation easier but I'm a
> newbie so who knows?
Your intuition is dead on the money, sir! Congratulations; that is an
insight that seems to elude a lot of newcomers who insist on trying to
conjure up insanely complex multiboot systems and then act all surprised
that the result is a bit confusing.
> I understand that once you've done a few installs it's a piece of cake
> but for me it seems very daunting. I'll give it a go this weekend and
> see what happens.
That's one reason why CABAL, SVLUG, LUGOD, SlugLUG, and sometimes SacLUG
hold events where we walk people through the installs. CABAL's events
are held every 2nd and 4th Saturday afternoon & evening at my house in
Menlo Park (w/exceptions noted on the Web page at
http://linuxmafia.com/cabal/), the next one being...
:r! cal
July 2006
Su Mo Tu We Th Fr Sa
1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31
...tomoorrow. Transportation and time permitting, you'd be most
welcome.
> One other question: in setting up a firewall in pclos my choices of
> what to allow are these: Apache Web server, BitTorrent, CUPS/IPP print
> server, Domain Name Server, FTP server, ICMP Echo (ping) Request, Mail
> Server, Open ssh Daemon, POP and IMAP server. Many of these are
> necessary I'm sure to receive e-mail, download files, print, etc., but
> is there anything on this list you would suggest to block (disallow)?
> Thanks for your help.
Actually, not a single one of those (except, see note about CUPS) needs
to be accessible to the public in order to let you receive e-mail,
download files, or similar operations. So, if you want, you _can_
certainly disallow incoming access to those daemons' network ports --
without regret until the day you decide (if you ever do) publish those
services to the global Internet, and find they're mysteriously
inaccessible. (The problem-child exception is the CUPS network daemon
for printing. See below.)
Anyway, all but two of those (Bittorrent and ping) being daemon (server)
processes, my personal preference is to just not run them, if you don't
want the public to be able to get to them (with again, the exception
being the CUPS daemon, since without it running, almost certainly you
can't print). Altnernatively, if for some of those you want them
available to local-system users but not remote ones, you can most often
configure them to be accessible on the loopback network interface (at IP
address 127.0.0.1) only, which, again, makes inbound-traffic firewalling
superfluous because the service isn't advertised to the outside world at
all.
I'd have to consult my notes on CUPS to remember how you do something
similar with it. I vaguely recall that there are network-access
controls built into the config files.
And I personally think that blocking incoming ping is silly and
clueless, the mark of not knowing real threats from fake ones.
If all of the above is just too much to deal with, just take the default
choice during installation and make a mental note to revisit the
question, later.
More information about the sf-lug
mailing list