Slashdot Mirror

← Back to Stories (view on slashdot.org)

GNOME, Security, Linux, and Cable Modems?

Posted by Cliff on from the keeping-your-secure-box...secure dept.

beagle asks: "I just signed up for Time Warner's Road Runner service, and I'm concerned for security on my home machine now. As I started to crack down on my box over the weekend, I noticed that GNOME has about ten ports open in the range of 1030-1040, for such things as gpilotd, tasklist (sp?), and other similar apps. I shut off inetd, named, sendmail, and all other basic services except httpd. Of course, ssh is the only remote login method I support. However, I run Helix GNOME at home (I don't at work; I only ssh into the work machine - no console) and I don't want to stop using GNOME."

"I have always been more lax about security on my home Linux box than I have been on my public Linux box, but now that my home machine will be online all the time, security becomes more of an issue.

Are there any security concerns related to GNOME? Should I worry about all these ports that GNOME is using? Is there anything I can do to beef up security on the machine? (There are bunches of other UNIX sockets open too - ORBIT comes to mind - but I'm only worried about the TCP sockets.) Of course, I have Zone Alarm for when the machine is running Windows (once in a blue moon), but I don't know of anything like that for a single Linux box.

I know I could use a spare machine as a firewall and run Linux's IP masquerading. My only spare machine, however, is an old 486dx2-66 with an NE2000 ethernet card. Not exactly a speed demon, and speed is exactly why I got a cable modem. (Well, that and my wife is tired of me tying up the landline every night.)

So, what about it, gurus of Slashdot? Is my best option to go ahead and run IPFW and IP Masquerading on my old 32MB 486? Do I even need to worry about the ports GNOME is using at all?"

3 of 335 comments (clear)

  1. Update your Gnome install by Mike+Hicks · · Score: 5

    I believe that these problems have largely been fixed in the recent versions of Helix Gnome. If you just run helix-update, you can download the new packages that use Unix sockets by default instead.

    I remember having similar frustration myself, and I was happy when it was fixed.
    --
    Ski-U-Mah!

  2. ipchains by Manuka · · Score: 5

    Simply run ipchains with a set of rules that firewall that individual machine. There is a script at http://firewall.langistix.com that I wrote which will do precisely that if only given one interface. Combined with intrusion detection, it can be a very powerful tool.

  3. The ports open. by miguel · · Score: 5

    Each port open is a CORBA connection from an application that supports being controlled through CORBA.

    To access those services you do have to know the secret password (which is generated once for each session) so it is basically as secure has being able to log into your computer.

    Now, we realized that this was a potential problem and some systems are shipping with ORBit CORBA sockets disabled (Helix GNOME ships with a disabled CORBA socket connection) as well as other distributions that have turned this feature off.

    If you want to play it safe (although no security holes are known to exist in ORBits incoming processing path) you can put this in your /etc/orbitrc:

    ORBIIOPUSock=1
    ORBIIOPIPv4=0
    ORBIIOPIPv6=0

    Miguel