Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Few questions about harding fedora 27 workstation security.

Hi, I have a number of questions in regards to securing the Fedora 27 workstation.

  1. Is it best to use the default Firewall that comes with Fedora or switch to iptables? Also, which one is more user-friendly out of these two?
  2. What would you recommend as a good av that compliments selinux, and does not produce too many false positives? Or, is there really no need to install any av on a workstation? I think that it would probably be a good idea since I have some TCP ports open being used by services search as TeamViewer, Spotify etc. I was thinking about closing the ports but then I am not sure I would be able to use any of those services.

What I am basically looking for is if there is any need for all them is an AV product with real-time protection that also checks for rootkits and more, A good firewall, and SELinux which is installed already anyway or something that can be placed instead of SELinux which is equally good or better.

  • What in addition or whatever security measures should I be taking with a workstation? This is what I have done and continue to do daily so far:
  • Check for software updates.
  • Made sure firewall is enabled.
  • Using the latest version of Firefox with the add-ons such as ublock, https everywhere, and NoScript.
  • Avoiding install flash.
  • Making sure that I only install packages from the software center, terminal, or that the path of the application leads back to fedora project.
  • Making sure I have no open ports on my system whatsoever.

That's about it.