| View previous topic :: View next topic |
| Author |
Message |
Mansoff
n00b
Joined: 17 Dec 2011
Posts: 12
|
 Posted: Mon Dec 19, 2011 2:20 pm Post subject: New to Gentoo and GNU/Linux OS |
 |
|
This post is from Links browser, got a lot of problems in installation and other thinks before this post, but now Gentoo is up and i need some usual thing in it.Atm Gentoo has only command line.
--Anti-virus(free)
--Good File Manager.
--Browser Firefox.
--Something for internet radio.
So this in "must have".
need help to get it. I know about "emerge", but want to see proffesional gentoo user opinnion. |
|
| Back to top |
|
 |
kite14
Tux's lil' helper
Joined: 07 Nov 2006
Posts: 113
Location: Pordenone/Italy
|
| Posted: Mon Dec 19, 2011 2:37 pm Post subject: |
|
|
Congrats for your new gentoo installation.
You now have a basic installation without a graphic desktop:
you need to install the "X window server" (the bottom layer
which give you graphic capabilities) and a desktop manager
(such as Gnome, KDE, LXDE, XFCE, ...) which provides a
graphic environment, file manager and other utilities.
You can find further docs at the Gentoo Desktop Documentation Resource page. |
|
| Back to top |
|
|
<3
l33t
Joined: 21 Oct 2004
Posts: 629
|
| Posted: Mon Dec 19, 2011 2:41 pm Post subject: Re: New to Gentoo and GNU/Linux OS |
|
|
| Mansoff wrote: | | This post is from Links browser, got a lot of problems in installation and other thinks before this post, but now Gentoo is up and i need some usual thing in it.Atm Gentoo has only command line. |
OK first thing is first, if you are a newbie you I want to make sure you know about the Gentoo Documentation Reasources.
Being that you are a newbie I am going to assume you don't want to be at command line all the time, you probably want X and a desktop manager (DM). Depending on what you are looking for there is a desktop manager to suit your needs. The most popular ones are KDE, Gnome, XFCE and Fluxbox. My suggestion is to start with either KDE or Gnome. You can read about installing them by first reading the X Server install HOWTO which you will need to install before picking a DM then picking a DM here http://www.gentoo.org/doc/en/index.xml?catid=desktop.
| Mansoff wrote: |
--Anti-virus(free) |
ClamAV
| Mansoff wrote: |
--Good File Manager. |
Depends on your your desktop manager but if you want something that isn't tied to a particular DM try the Gentoo File manager (it is available from portage)
| Mansoff wrote: |
--Browser Firefox. |
.... Firefox? I don't understand.
| Mansoff wrote: |
--Something for internet radio. |
pandora
| Mansoff wrote: |
So this in "must have".
need help to get it. I know about "emerge", but want to see proffesional gentoo user opinnion. |
|
|
| Back to top |
|
|
fangwen
Tux's lil' helper
Joined: 23 Oct 2011
Posts: 128
Location: Shanghai, China
|
| Posted: Mon Dec 19, 2011 3:20 pm Post subject: |
|
|
Mansoff,
Linux users get trouble with viruses in very rare cases, so you don't need to worry about that.
_________________
All operating systems suck. This one just sucks less. |
|
| Back to top |
|
|
destroyedlolo
Apprentice
Joined: 17 Jun 2011
Posts: 236
Location: Close to Annecy
|
| Posted: Mon Dec 19, 2011 3:34 pm Post subject: Re: New to Gentoo and GNU/Linux OS |
|
|
Congratulation make it running.
| Mansoff wrote: |
--Anti-virus(free)
|
For what : disable unneeded ports (telnet, ftp ...), choose good password for remaining ones and that's all.
| Mansoff wrote: |
--Good File Manager.
|
To be short, it will depend on your desktop manager : for newbies, Gnome if very accessible (at least v2, I didn't tried v3) : thanks to its good Nautilus.
Now Gnome is a bit fat, so I switched all my machine to LXDE/PCManFM and I'm happy with them.
I would add to your list LibreOffice, GIMP and VLC (which is good as well for web radio). |
|
| Back to top |
|
|
JESSEJJ89
Tux's lil' helper
Joined: 22 Dec 2011
Posts: 90
|
| Posted: Thu Dec 22, 2011 10:15 pm Post subject: |
|
|
If your new to Gentoo I would review this guide before installing software.
http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=2&chap=2
I'm pretty new myself and I find this guide very helpful when installing software. You could check what USE flags others use on certain software such as VLC, etc. |
|
| Back to top |
|
|
ultraincognito
Guru
Joined: 03 Jun 2011
Posts: 308
Location: Ukraine
|
| Posted: Fri Dec 23, 2011 8:16 am Post subject: Re: New to Gentoo and GNU/Linux OS |
|
|
| Mansoff wrote: | | --Anti-virus(free) |
If you worry then you can use SeLinux but I don't think that it's very necessary. |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 27783
Location: 56N 3W
|
| Posted: Fri Dec 23, 2011 2:26 pm Post subject: |
|
|
Mansoff,
Most linux systems running anti-virus software do so to protect windows systems that connect to the internet through them.
Provided you take normal Linux security precautions you won't need anti-virus on Gentoo.
Only ever use the root account for system admin.
Only run services that you need, so you present less opportunity to the outside world.
Linux is not proof against social engineering and websites that download malicious javascript to your browser.
Its good to run two browsers, one with and one without Java. Only permit scripts to run from sites you trust.
If your system is connected directly to the internet, so use a firewall. iptables is provided inthe kernel for this but you will also need some firewall rules.
The other things you want depend on which Graphical User Interface you choose. The hevyweights are Gnome and KDE if you are running on lightweight hardware, you might like simething with lower CPU and RAM requirements.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
archrax
n00b
Joined: 05 Dec 2011
Posts: 22
|
| Posted: Fri Dec 23, 2011 8:20 pm Post subject: |
|
|
Hi,
Hope I'm not thread-hijacking here.
Regarding Neddy's last post.
iptables is provided in the kernel you say - but that is the kernel that you've compiled yourself. But iptables is not provided on the minimal installation CD (please correct me if I'm wrong). Surely it should be? A Gentoo build can take quite a while (assuming you are not working on it full time and are spreading it out over a few days), during which you have no firewall and are exposed.
Or am I missing something? |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 27783
Location: 56N 3W
|
| Posted: Fri Dec 23, 2011 9:00 pm Post subject: |
|
|
archrax,
iptables is not provided on the liveCD kernel.
During your install, what services are you running that listen for incoming connections from the internet?
About the only one I can think of is sshd but you secure that by not permitting root logins and setting a strong password ... don't you?
The paranoid can turn off password logins altogether and drop their public key on the box.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
archrax
n00b
Joined: 05 Dec 2011
Posts: 22
|
| Posted: Fri Dec 23, 2011 9:53 pm Post subject: |
|
|
Neddy, thanks for the response.
| Quote: | | During your install, what services are you running that listen for incoming connections from the internet? About the only one I can think of is sshd but you secure that by not permitting root logins and setting a strong password ... don't you? |
My next question is going to betray my ignorance regarding this network stuff. Assuming I'm not running a server, do http and ftp only listen to connections initiated by the user? On desktops, is sshd the only service listening out for incoming stuff? In which case, why bother with a firewall at all if you are just running a desktop workstation?
On a more practical note: How do you prevent root logins?
Also how do you do the following?
| Quote: | | The paranoid can turn off password logins altogether |
| Quote: | | and drop their public key on the box. |
Don't even know what the last one means. Key?
Thanks once again. |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 27783
Location: 56N 3W
|
| Posted: Fri Dec 23, 2011 10:55 pm Post subject: |
|
|
archrax,
A firewall server two purposes. It keeps nasty stuff out and it prevents nasty suff phoning home, if it ever gets in. Most people disable the latter functionality as its harder to set up.
If you run a webserver, you will have services listening on posts 80 and 443. FTP listens on port 21. sshd listens on port 22. Look in n/etc/services to see what ports are used by what services. If there are no services listening for connections you have no need of a firewall.
On my system just now | Code: | $ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost.localdoma:ipp *:* LISTEN
tcp 0 0 *:59704 *:* LISTEN
tcp 0 0 NeddySeagoon:59704 mediaserver:774 ESTABLISHED
tcp 0 0 NeddySeagoon:44359 HUBBARD.CLUB.CC.CM:ircd ESTABLISHED
tcp 38 0 NeddySeagoon:35598 bittern.gentoo.os:https CLOSE_WAIT
tcp 0 444536 NeddySeagoon:885 mediaserver:nfs ESTABLISHED
tcp 0 0 NeddySeagoon:47039 farad.oftc.net:ircd ESTABLISHED
tcp6 0 0 [::]:56068 [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:ipp [::]:* LISTEN |
You can see that sshd is listening on IPv4 and IPv6. I need to look into what is on 59704, I think ists mediatomb offering UPnP.
To stop sshd accepting root logins you edit /etc/ssh/sshd_config. Specifically change #PermitRootLogin yes to PermitRootLogins no and restart sshd.
Key based logins will just work if you add your public ket to ~/.ssh/authorized_keys on the target system and have your private key on the local system.
Use ssh-keygen to make a key pair.
When you have checked that you can log in with your key and you can still use sudo to gain root if you need it, you can turn off password based logins in /etc/ssh/sshd_config
Note: that sshd will still appear to offer password based logins but they wil always fail.
You will be asked for your key passphrase to unlock your private key.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
archrax
n00b
Joined: 05 Dec 2011
Posts: 22
|
| Posted: Sat Dec 24, 2011 12:00 am Post subject: |
|
|
Neddy,
Thanks for your detailed and helpful reply. I really appreciate it.
I'm not running a server yet, but may do someday. I do have a firewall and I did spend days learning iptables just so that it can do the latter - stop nasty stuff phoning home - and you're right - it wasn't easy!
Thanks for teaching me about how to find out which services are running. Also I didn't know you could login to sshd using a key.
Thanks once again buddy! Now, back to work on my paranoid and secure Gentoo installation (I'll have a bash at hardened Gentoo one day...).  |
|
| Back to top |
|
|
|
Installing Gentoo
