Yeah, I’m not really sure why Linux distros seem to come packed with so many applications. Perhaps to try to show people what it can do, and that they really don’t need Windows. Hmm. The main difference is, anything that is on a Windows machine, is pretty much always running; at least in the background - services, drivers, etc. In Linux, this is not the case. Yeah, there may be 527 installed applications by default ;D but none of them are running except actual system operations; and not many of those.

My difficulty has been learning how to think in “Linux.” I’ve learned over the years how to think in “Windows” and now I’m having to learn a new language (so to speak). I’m realizing that really, they’re not that different in the way things work deep down at the core - the problem is that Windows has renamed everything and restructured the way it appears to fit together, thus creating confusion when one tries to leave that environment.

For a simple example, the Linux way of numbering drives - hda, hda2, hdb, hdb2 and so on, vs c, d, e, f, etc. At the core of Windows they’re really hd0, hd1, hd2 with partitions within each one. Much closer than one would think…

I still have Windows installed, and will keep it for at least a while, until I really get the hang of Linux and make sure I can do all I need to do.

LM

Hey Leoni,

There is an alternate install CD available for Ubuntu which you have more options on how you want to install the OS (OEM, etc…) you may be able to change the programs that it comes with when installing as well.

Justin

LM,

As for memory usage, you’re probably right that Linux runs only the necessary things. I think that my CPU fan didn’t run on high rpm:s quite as often as with Windows. And Firefox did start quicker. But one thing that really wasn’t faster with Ubuntu, was the boot-up time. Not counting the login procedure (which I don’t have on XP but didn’t care to disable on Ubuntu), Ubuntu was slower.

Yeah, it takes time to learn a new language, especially if one isn’t a child anymore.

---

Hey Justin,

I haven’t seen that. Only the alternatives of Kubuntu, Xubuntu and Edubuntu.

I think you have a new avatar? Did you make it in Bryce 5.5?! From what I can see it would be possible, but then it’s ■■■■ well done!

---

LA

Same thing with PCLOS. From Grub to login screen is 71 seconds (consistent). With Windows, from Grub to login is 39 seconds (also consistent). However, login to usable desktop is 30 seconds for Linux, 92 for Windows.

Overall, the Linux time is shorter… I usually boot and then multitask in another room…

LM

PS: Yes, that is a cool avatar, Justin. (:CLP)

Screenshot of how to download Alternative Install CD is attached.

Thanks LM and Leoni on the compliments of the new avatar, I have another one, what do you think?

Credits go to my friend S.Z. Craftec

Justin

[attachment deleted by admin]

Hey J, that’s another great avatar

With your screen shot, I got reminded of that option. But what is the point with the alternative install? Just no live cd? Then I think I’d prefer the main install, I’m not into the text-based thing about Linux… I’m all graphical oriented.

(Btw, also a nice FF theme ;))

/LA

Thanks Leoni, glad you like the new avatar too, Firefox Theme is Noia Extreme :D.

The Alternate installer is more for OEM’s this way they have more control during the installation so I thought that with the alternate installer you could stop a lot of the unwanted programs from being installed

Justin

Hiya,
I’m completely new to Linux - have only recently installed Kubuntu Feisty Fawn - but it seems to be a very good alternative to my Windows XP Home, which is installed on the same HD. However, not having an awful lot of time, but very much yearning for at least setting up the basics in Kubuntu, I thought I’d simply ask in my favourite forum
I have an ASUS notebook w/ a monitor resolution: 1280x800. Now, Kubuntu set the monitor to 1024x748 (which looks o.k. but is of course not quite right). I tried to change to 1280x800 but when I press “apply”, the screen gets kinda messed up. Is there a way to get Kubuntu to acknowledge the correct resolution?
If further info is needed, I’ll supply most happily.
What’s more, are there any good firewalls (heard you wouldn’t need one, but I’ve lived with windows too long) and AVs for Kubuntu?
Thanks in advance for your help, which, I’m sure, will be much better than google’s,
grampa.

grampa,

The “firewall” in linux is based on iptables or ipchains, which is accessed in various ways (usually through command line, but some distros have a built-in method for working with it).

My opinion, the easiest way is to use a GUI interface like FireStarter or GuardDog. They are called “firewalls” but really what they are is an interface so you don’t have to use the command line.

I have a similar monitor issue in Linux; it won’t allow me to use the full size of the screen. Dang it! What do I have a 19-inch monitor, if I can’t use it all? I reset it once, and couldn’t get back into Linux on reboot; kept getting an error message. I finally had to use safemode to get a command line, and was able to access a dos-like screen for the video settings and change the resolution back; then everything was fine again.

Perhaps Justin will have some good input for you there…

LM

IMO, it’s probably the driver. Check this file, /etc/X11/xorg.conf . Example, type this in the terminal:

cat /etc/X11/xorg.conf

and look for this section:

Section "Device" Identifier "ATI Technologies Inc Radeon Mobility X700 (PCIE)" Driver "fglrx" BusID "PCI:1:0:0"

this is my output actually, identifier is my video card, and fglrx is the ATI proprietary driver. With this driver, my resolution matches of course. The problem: Ubuntu has this GUi stuff, proprietary driver manageriosomething, and i don't know if one can just ignore it. I use Debian. I am a newbie like you guys, although forced to learn how to do stuff manually. ;D But: Find out how to install the latest driver for (K)Ubuntu for your card. Googling should produce good results.

Back-Track is a good linux distro for wireless network pen testing.

grampa, I’m glad to see you in this thread.

Have you solved the problems now?

As for firewalls, great explanations above I think. Unfortunately this was actually one of the main reasons (among a couple of others) that kept me from leaving Windows, when I tried Ubuntu. I wasn’t patient enough to find something to control outbound traffic, that Comodo does so pedagogic. In other words, I’m just too paranoid to leave a system secured by Comodo Firewall Pro!

/LA

I just came across a reference to an application-based firewall interface for Linux, called TuxGuardian. http://tuxguardian.sourceforge.net/

Hasn’t been updated in a while, but realistically I don’t guess it would need to be. As opposed to network-based firewalls like FireStarter, it only appears to monitor applications.

Thus, I’m not sure if you could run it in conjunction with one of those, thus giving you two firewall interfaces, and more comprehensive protection.

LM

The trouble just to write this post. Iceweasel crashing argh… Back to Opera.

I’ve thought about that one, TuxGuardian. And others, my bookmarks are huge in that department (maybe we could exchange bookmarks ;D ). Another great one is Zorp, but way complicated, and much more complete (but it doesn’t do exactly what TuxGuardian does).

But i would suggest learning iptables, the real firewall already installed, from the author (Networking Concepts HOWTO and Packet Filtering HOWTO are a must for the desktop pc):
http://www.netfilter.org/documentation/index.html#documentation-howto

And this post in the Debian forum:
http://forums.debian.net/viewtopic.php?t=16166&postdays=0&postorder=asc&start=0&sid=34b4fc62085f8c62b2c1a9ccc123c9cb
this one helps to see how it all comes together imo.

The most complicated parts are mangling and NAT, but for the desktop, you won’t need them. Just a light preview:
iptables basically has 3 tables: INPUT, OUTPUT, and FORWARD. Each have their own rules, and policy (if no rules match, the policy is applied, ie, Accept, Drop or Reject; Drop is silent, Reject sends the ICMP error etc., not “stealth”). FORWARD you just set the policy to Drop and leave it be (block all silently). OUTPUT is everything your computer sends out (to make it as the XP firewall for example, just leave the policy to Accept). INPUT is where you set the rules of which packets get in. Every incoming packet comes through here.

Everything else is knowing the commands, and how to read the rules. It’s NOT that hard for the desktop pc IMHO. Knowing if my rules are perfect or not is beyond me, but that’s the same with Windows firewalls, and this one is way powerful! Learn this, don’t waste time with GUI’s.

PS: i’ve seen the rules made by Firestarter, and they confuse me! I prefer to build my own ruleset.
LM, go with this, you won’t regret it.

Edited a bit.

Tnx for those links, Pedro. I basically knew that much about it (as far as what it does/how it works). It’s the working in console/command line that I prefer to avoid. CFP definitely helps understand rules creation, I think.

Firestarter, just like GuardDog, applies the concept of Deny if not Allowed regarding Inbound connections (unsolicited). So nothing’s coming in, and that’s what I want. If there’s an alert, I just click on the entry and create a rule - I’ve done this to allow my ISP’s servers the contact they need.

I’ve watched the connections in real-time, and that’s where Linux is so sweet compared to Windows. Probably close to half my network rules in Windows are blocking various OS-related connections that can’t seem to be stopped any other way. In Linux, that stuff is simply not connecting. My browser connects. My email client connects. That’s it.

If I understand correctly, there is a way (in Console, of course) to bind ports to services, and possibly to applications. At some point I’d like to get there. For now, I prefer GUIs (I know, I know, I’m not a true Linux geek if I don’t like Console…) because time and energy is a great commodity!

LM

PS: check out this article about zorp… Paranoid Penguin - Application Proxying with Zorp, Part I | Linux Journal

LM, what i’m saying is, i’m not so sure i’d want a GUI to configure the rules, not knowing what these are. Simple way of checking anyway,

iptables -L -n

if it’s confusing, you’re like me, what is Firestarter doing anyway?

That link is where i read about Zorp, and why i stay away from it, at least for now (it seems to be for a corporation or something ;D ).

I forgot, use the same command but without the “-n” argument. Or with “-v”.

The Zorp idea does not scare me; its operations make sense. And once again, it’s just gui-fying the Console operations for you. After all, you could do that in Windows, if knew how and wanted to (not use a GUI firewall, that is).
Zorp makes sense to me as I read this article quite a while back (and followed the links through to other info) about bridging firewalls.

http://www.securityfocus.com/infocus/1737

I think there’s a certain level of trust (aside from laziness) that goes into using a GUI for your firewall. If you can’t trust it to do what it needs to do, you must do it yourself. That’s likely why there are so many firewall tests, to “prove” that the FW works (just like virus, trojan, or other malware tests). The thing is, these tests simply show that the application can work, not that it does work in real life, nor that it works well. It only shows that it responds favorably to the test. So you’re still back to “level of trust.”

The reason I like guis is because I don’t want to have to mess with this:

iptables -A INPUT -i ppp0 -p tcp --syn --destination-port ! 80 -j DROP

or this:

iptables -A INPUT -p tcp -m mac --mac-source 00:11:22:33:44:55 --dport 22 -s 192.168.0.3 -j ACCEPT

If you’re only copy/pasting from a tutorial, it really serves little purpose as you still don’t understand what you’re doing. If you’re coding (and that’s essentially what you’re doing there) IMO you need to know what it all means (so that when it breaks…).

If you’re trying to learn it so you can fully understand the system and build your own firewall, then that’s great!

But that’s why God made computer programmers, and gave them brains far more powerful than mine, IMO. ;D So that they could make a GUI for me to use, so that my brain wouldn’t have to explode with random characters, letters, and numbers swirling around in the chaos of insanity!

I like that tutorial on the Debian site, btw; that’s nicely laid out and (IMO) easy to understand. There are also entire books written on how to firewall Linux. Yikes!

LM

PS: If you want an overwhelming FW (speaking facetiously) look at Hogwash with Snort…

Well, you will need to understand iptables to use these advanced programs.

Also note that iptables commands are not coding (common LM :o), simply the user interaction is done with commands, and not with a GUI.
Firestarter is not a firewall, it’s a configuration tool for iptables the firewall; there is no comparison with CFP for instance, where the GUI and the driver is both by Comodo, and not separable. I know you know this, but i’m stressing the fact that what you’re really using is iptables. (the router too)

IF it were a rules based GUI, i would be more comfortable (like CPF GUI, or something; firestarter is comparable to XP’s fw functions, not really but closer), but anyway, now that i understand iptables, i really prefer it.
I think you will too , you’re smart enough. Anyone who can help other like you have done here, can build simple iptables rules for the desktop.

The reading material i suggest is really done in a day, it was for me.
Everything else will come from practice, and you will be prepared for future iptables versions. Just read what’s new, and you’re set. With a GUI, i don’t know, it has to be updated, if the guy is still around!

Alas, Zorp is a Linux OS, just like Trustix; it’s meant to be used on a server or gateway, rather than as a desktop FW.

I know building an iptables fw is not the same as writing code from a technical standpoint, but from a user standpoint, is there really a difference between 16 lines of something like this:

iptables -A INPUT -i ppp0 -p tcp --syn --destination-port ! 80 -j DROP

and this:

cls
if not exist “%SYSTEMDRIVE%\Documents and Settings%USERNAME%\DESKTOP\CFP3Backup” goto :new
goto :archive

:archive
echo Clearing oldest backup - please wait
del “%SYSTEMDRIVE%\Documents and Settings%USERNAME%\DESKTOP\CFP3Backup\Prior\CFPRUles.REG” >nul:
echo Storing previous backup - please wait …
copy “%SYSTEMDRIVE%\Documents and Settings%USERNAME%\DESKTOP\CFP3Backup\CFPRUles.REG” “%SYSTEMDRIVE%\Documents and Settings%USERNAME%\DESKTOP\CFP3Backup\Prior\CFPRUles.REG”
echo Archiving current rule set - please wait …
REGEDIT /E “%SYSTEMDRIVE%\Documents and Settings%USERNAME%\DESKTOP\CFP3Backup\CPFRUles.REG” “HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro”
goto :end

(code excerpted from panic's post here): https://forums.comodo.com/cfp_beta_corner/script_to_backup_cfp_v3_alpha_settings-t10947.0.html

To the average user, I don’t think there’s a difference - either one is gobbledygook. And when it comes to Linux, I’m just an average user… ;D

I’m fully aware that firestarter et al is simply a gui interface for iptables; I’ve mentioned that before. Okay, so it’s a stretch to compare iptables w/firestarter to cmdagent.exe w/cfp.exe - my point was that it’s simply a gui that allows you to interface with the true firewall to control policy. As far as what it does, though, iptables more closely resembles CFP’s NetMon than Windows XP FW, since XP FW doesn’t have outbound control and isn’t stateful.

You’re going to force me to use it, aren’t you? ;D I can smell it. I’m going to have to change my name to “My Name is Nobody” and shoot it out, then dig a hole, jump in and pull it on top of me to get away, LOL!

Don’t worry, I will be giving it a shot. But for now, I’m stickin’ with the gui. Have neither time nor inclination to change my ways ATM…

LM