Re: securing this workstation.

Tim: > > I do suppose that more than one of us should have noticed it and told > > the original poster about it. > > > > I skimmed over it and didn't really notice it. Patrick O'Callaghan: > Not really my point. AFAIK billi...@negate.org said he's unsubbing from > the list as reaction to the appa

Re: securing this workstation.

On Tue, 2025-04-29 at 22:36 +0930, Tim via users wrote: > On Tue, 2025-04-29 at 11:07 +0100, Patrick O'Callaghan wrote: > > You seem to be blaming the list for the user's alleged mistakes. I > > don't see the logic. > > I do suppose that more than one of us should have noticed it and told > the or

Re: securing this workstation.

On Tue, Apr 29, 2025, at 6:06 AM, Tim via users wrote: > On Tue, 2025-04-29 at 11:07 +0100, Patrick O'Callaghan wrote: >> You seem to be blaming the list for the user's alleged mistakes. I >> don't see the logic. > > I do suppose that more than one of us should have noticed it and told > the origin

Re: securing this workstation.

On Tue, 2025-04-29 at 11:07 +0100, Patrick O'Callaghan wrote: > You seem to be blaming the list for the user's alleged mistakes. I > don't see the logic. I do suppose that more than one of us should have noticed it and told the original poster about it. I skimmed over it and didn't really notice

Re: securing this workstation.

On Mon, 2025-04-28 at 20:26 -0400, Jonathan Billings wrote: > You’ve posted both your user’s and root’s hashed passwords to a public list, > AND mentioned that you’ve got ssh open to the world. I imagine your email > headers probably also have your IP. > Well… > > Good luck. I can’t take it any

Re: securing this workstation.

On 4/28/25 5:26 PM, Jonathan Billings wrote: On Apr 27, 2025, at 23:44, home user via users wrote: # firewall-cmd --list-all FedoraWorkstation (default, active) target: default ingress-priority: 0 egress-priority: 0 icmp-block-inversion: no interfaces: eno1 sources: services: dhc

Re: securing this workstation.

On 4/28/25 3:59 AM, Barry Scott wrote: On 28 Apr 2025, at 04:44, home user wrote: What I get: # firewall-cmd --list-all FedoraWorkstation (default, active)  target: default  ingress-priority: 0  egress-priority: 0  icmp-block-inversion: no  interfaces: eno1  sources:  services: dhcpv6-clien

Re: securing this workstation.

home user via users wrote: > > # firewall-cmd --list-all > > FedoraWorkstation (default, active) > > target: default > > ingress-priority: 0 > > egress-priority: 0 > > icmp-block-inversion: no > > interfaces: eno1 > > sources: > > services: dhcpv6-client samba-client ssh > > ports: 1025-65

Re: securing this workstation.

> On Apr 28, 2025, at 7:26 PM, Jonathan Billings wrote: > > On Apr 27, 2025, at 23:44, home user via users > wrote: > Let me get this straight…. > > You’ve posted both your user’s and root’s hashed passwords to a public list, > AND mentioned that you’ve

Re: securing this workstation.

On Apr 27, 2025, at 23:44, home user via users wrote: > # firewall-cmd --list-all > FedoraWorkstation (default, active) > target: default > ingress-priority: 0 > egress-priority: 0 > icmp-block-inversion: no > interfaces: eno1 > sources: > services: dhcpv6-client samba-client ssh > ports:

Re: securing this workstation.

Am 27.04.2025 um 20:53:15 Uhr schrieb Barry: > > On 27 Apr 2025, at 18:37, Marco Moock wrote: > > > > I do run additional SPI firewalls > > Is this a commercial or open source SPI firewall? On the Linux systemd I use firewalld, which is free software, the hardware is a cisco router with its

Re: securing this workstation.

On 4/28/25 05:51, Tim via users wrote: Samuel Sieb wrote: I am so curious how you installed it to get that. I've never seen root have a name other than "root". Barry Scott: It's the default on a new Fedora install. $ head -n 2 /etc/passwd root:x:0:0:Super User:/root:/bin/bash bin:x:1:1:bin

Re: securing this workstation.

Samuel Sieb wrote: > > I am so curious how you installed it to get that. I've never seen > > root have a name other than "root". Barry Scott: > It's the default on a new Fedora install. > > $ head -n 2 /etc/passwd > root:x:0:0:Super User:/root:/bin/bash > bin:x:1:1:bin:/bin:/usr/sbin/nologin

Re: securing this workstation.

> On 28 Apr 2025, at 04:44, home user wrote: > > What I get: > > # firewall-cmd --list-all > FedoraWorkstation (default, active) > target: default > ingress-priority: 0 > egress-priority: 0 > icmp-block-inversion: no > interfaces: eno1 > sources: > services: dhcpv6-client samba-client s

Re: securing this workstation.

> On 28 Apr 2025, at 06:53, Samuel Sieb wrote: > > I am so curious how you installed it to get that. I've never seen root have > a name other than "root". It's the default on a new Fedora install. $ head -n 2 /etc/passwd root:x:0:0:Super User:/root:/bin/bash bin:x:1:1:bin:/bin:/usr/sbin/nol

Re: securing this workstation.

On 4/27/25 8:12 PM, home user via users wrote: On 4/27/25 2:12 AM, Michael Schwendt wrote: On Fri, 25 Apr 2025 21:45:04 -0600, home user via users wrote: The login GUI that shows up after booting is completed shows "Super User" as one of the 2 user names that I can choose to log in as. Pleas

Re: securing this workstation.

On 4/27/25 4:12 AM, Barry Scott wrote: On 26 Apr 2025, at 01:38, home user via users wrote: I gather from the Fedora docs that I should use firewalld or firewalld-config.  I have both.  But Fedora docs does not give me enough detail.  I am not an IT professional.  What specifically should

Re: securing this workstation.

Michael Schwendt wrote: > Fedora Workstation installation process offers creating a user account, > but you need to fill in a real name yourself. home user via users wrote: > "offers"? I did not get any sense of having a choice; it seemed to be > required. Well, yes, any choice is ephemeral.

Re: securing this workstation.

On 4/27/25 2:12 AM, Michael Schwendt wrote: On Fri, 25 Apr 2025 21:45:04 -0600, home user via users wrote: The login GUI that shows up after booting is completed shows "Super User" as one of the 2 user names that I can choose to log in as. Please don't turn this into a guessing game. Give som

Re: securing this workstation.

> On 27 Apr 2025, at 18:37, Marco Moock wrote: > > I do run additional SPI firewalls Is this a commercial or open source SPI firewall? Barry -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lis

Re: securing this workstation.

Am 27.04.2025 um 10:52:53 Uhr schrieb David King: > I would disagree.  Operating systems have flaws that hackers can > exploit.  If a computer is connected directly to the internet then > hackers can exploit those flaws, regardless of what you may or may > not having running on the machine.  Def

Re: securing this workstation.

On Sun, Apr 27, 2025 at 11:53 AM David King wrote: > On 4/27/25 1:05 AM, Marco Moock wrote: > > On Sat, 26 Apr 2025 16:37:38 -0600 home user via users > > wrote: > > > >> I have no services running, as far as I know. I did not install any. > > Then there is not need for a router, NAT or anythin

Re: securing this workstation.

On 4/27/25 1:05 AM, Marco Moock wrote: On Sat, 26 Apr 2025 16:37:38 -0600 home user via users wrote: I have no services running, as far as I know. I did not install any. Then there is not need for a router, NAT or anything else. I would disagree.  Operating systems have flaws that hackers

Re: securing this workstation.

> On 26 Apr 2025, at 01:38, home user via users > wrote: > > I gather from the Fedora docs that I should use firewalld or > firewalld-config. I have both. But Fedora docs does not give me enough > detail. I am not an IT professional. What specifically should I do to keep > unwanted peop

Re: securing this workstation.

home user via users wrote: > > I gather from the Fedora docs that I should use firewalld or > > firewalld-config. I have both. But Fedora docs does not give me > > enough detail. I am not an IT professional. What specifically > > should I do to keep unwanted people and things out? Barry Scott

Re: securing this workstation.

On Sat, 2025-04-26 at 16:45 -0600, home user via users wrote: > # netstat -ltuvpe > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address > State User Inode PID/Program name > tcp0 0 _localdnsproxy:domain 0.0.0.0:*

Re: securing this workstation.

On Fri, 25 Apr 2025 21:45:04 -0600, home user via users wrote: > The login GUI that shows up after booting is completed shows "Super > User" as one of the 2 user names that I can choose to log in as. Please don't turn this into a guessing game. Give some details about that user account based on

Re: securing this workstation.

On Sat, 26 Apr 2025 16:37:38 -0600 home user via users wrote: > I have no services running, as far as I know. I did not install any. Then there is not need for a router, NAT or anything else. -- ___ users mailing list -- users@lists.fedoraproject.org

Re: securing this workstation.

On 4/25/25 11:22 PM, Tim wrote: On Fri, 2025-04-25 at 18:38 -0600, home user via users wrote: I do need for Firefox, Thunderbird, and dnf to be able to interact with the "outside world" appropriately. I do occasionally need to be able to download or upload things. Beyond those (and maybe other

Re: securing this workstation.

On 4/26/25 5:46 AM, Jonathan Billings wrote: On Apr 26, 2025, at 00:24, David King wrote: As to firewalls: Plugging the workstation directly into the Comcast cable modem puts your computer directly on the internet, where everyone can hack away at it trying to break in. I always put some sor

Re: securing this workstation.

On 4/25/25 10:23 PM, David King wrote: To find out what your ip address is do:    sudo ip addr # ip addr 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft foreve

Re: securing this workstation.

On 4/26/25 12:21 AM, Samuel Sieb wrote: On 4/25/25 8:45 PM, home user via users wrote: On 4/25/2025 8:48 PM, Samuel Sieb wrote: On 4/25/25 6:27 PM, home user via users wrote: securing this workstation: part 2. The login screen has 2 named users: 1. a user that Anaconda had me create. 2. "Sup

Re: securing this workstation.

On 4/25/25 11:00 PM, Marco Moock wrote: On Sat, 26 Apr 2025 00:23:50 -0400 David King wrote: Plugging the workstation directly into the Comcast cable modem puts your computer directly on the internet, where everyone can hack away at it trying to break in. This only applies if there is any se

Re: securing this workstation.

On 4/25/25 9:37 PM, Fred wrote: curl ifconfig.me # curl ifconfig.me 2001:558:6040:48:e03d:21b7:9d94:6649 # -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of C

Re: securing this workstation.

On 4/26/25 1:08 PM, Samuel Sieb wrote: On 4/26/25 8:49 AM, home user via users wrote: On 4/25/25 9:33 PM, Samuel Sieb wrote: On 4/25/25 8:28 PM, home user via users wrote: I moved the ethernet cable to my windows box.  windows reports the following; IPv6 address:    2001:558:6040:48:787f:89

Re: securing this workstation.

On 4/25/25 7:02 PM, George N. White III wrote: On Fri, Apr 25, 2025 at 9:38 PM home user via users mailto:users@lists.fedoraproject.org>> wrote: (Fedora-42; stand-alone workstation) This is a totally new Fedora install on a stand-alone workstation, done today.  It is not a part of

Re: securing this workstation.

On 4/26/25 8:49 AM, home user via users wrote: On 4/25/25 9:33 PM, Samuel Sieb wrote: On 4/25/25 8:28 PM, home user via users wrote: I moved the ethernet cable to my windows box.  windows reports the following; IPv6 address:    2001:558:6040:48:787f:8998:f490:f5d3 Link-local IPv6 address:   

[suspended] Re: securing this workstation.

As I mentioned in a new thread ("suppose I remove nvidia card"), the workstation is practically unusable.  Once that's solved, I'll return to this thread. I thank all who have tried to help so far. On 4/25/2025 6:38 PM, home user via users wrote: (Fedora-42; stand-alone workstation) This is

Re: securing this workstation.

On 4/25/25 9:33 PM, Samuel Sieb wrote: On 4/25/25 8:28 PM, home user via users wrote: I moved the ethernet cable to my windows box.  windows reports the following; IPv6 address:    2001:558:6040:48:787f:8998:f490:f5d3 Link-local IPv6 address:    fe80::805:cbe5:bc94:2edd%2 IPv4 address:    73.

Re: securing this workstation.

On Sat, 2025-04-26 at 16:08 +0200, Marco Moock wrote: > Most of those devices have an IPv6 SPI firewall that provides the same > security as NAT. I shall be pedantic here. NAT does not provide security, it is not a firewall. A "didn't know what to do with an incoming connection" (now) is not the

Re: securing this workstation.

Am 26.04.2025 um 07:46:00 Uhr schrieb Jonathan Billings: > As a Comcast customer, it’s actually a pain to get a modem that is > just that. Most consumers get a modem/gateway/wifi AP by default, > which should put the user behind an ipv4 NAT. However, it usually > also gives you a public ipv6 addr

Re: securing this workstation.

On Fri, Apr 25, 2025 at 10:38 PM home user via users < users@lists.fedoraproject.org> wrote: > > I lost ***all*** my notes. How do I determine this workstation's IP > address (presumably set by comcast, my internet service provider)? > For online forums it is best to use a terminal so you get tex

Re: securing this workstation.

On Apr 26, 2025, at 00:24, David King wrote: > As to firewalls: > > Plugging the workstation directly into the Comcast cable modem puts your > computer directly on the internet, where everyone can hack away at it trying > to break in. I always put some sort of router in between the cable modem

Re: securing this workstation.

Am 25.04.2025 um 23:09:55 Uhr schrieb Dave Close: > Marco Moock wrote: > > >If you want server daemons, you have to install them > >manually. Unless you do it, they won't be reachable from the > >outside. > > Unfortunately, that is a bit over-simplified. Every time Firefox > (or other programs

Re: securing this workstation.

On 4/25/25 8:45 PM, home user via users wrote: On 4/25/2025 8:48 PM, Samuel Sieb wrote: On 4/25/25 6:27 PM, home user via users wrote: securing this workstation: part 2. The login screen has 2 named users: 1. a user that Anaconda had me create. 2. "Super User", which I did ***not*** create. T

Re: securing this workstation.

Marco Moock wrote: >If you want server daemons, you have to install them >manually. Unless you do it, they won't be reachable from the outside. Unfortunately, that is a bit over-simplified. Every time Firefox (or other programs) makes a request through the Internet to some other system somewhere,

Re: securing this workstation.

On Fri, 2025-04-25 at 18:38 -0600, home user via users wrote: > I do need for Firefox, Thunderbird, and dnf to be able to interact with > the "outside world" appropriately. I do occasionally need to be able to > download or upload things. > Beyond those (and maybe other appropriate things that d

Re: securing this workstation.

On Sat, 26 Apr 2025 00:23:50 -0400 David King wrote: > Plugging the workstation directly into the Comcast cable modem puts > your computer directly on the internet, where everyone can hack away > at it trying to break in. This only applies if there is any service reachable, which isn't by defaul

Re: securing this workstation.

To find out what your ip address is do:    sudo ip addr This will list all the network adapters on your system and show their addresses, if they've been given one. As to firewalls: Plugging the workstation directly into the Comcast cable modem puts your computer directly on the internet, wh

Re: securing this workstation.

On 4/25/2025 8:48 PM, Samuel Sieb wrote: On 4/25/25 6:27 PM, home user via users wrote: securing this workstation: part 2. The login screen has 2 named users: 1. a user that Anaconda had me create. 2. "Super User", which I did ***not*** create. Then there's something else below those that I ca

Re: securing this workstation.

On 4/25/2025 7:47 PM, Fred wrote: On Fri, 25 Apr 2025 19:38:24 -0600 home user via users wrote: The workstation is connected to a modem via an ethernet cable. The modem connects to the internet service provider (comcast) via common co-ax(?) cable. I lost ***all*** my notes.  How do I determ

Re: securing this workstation.

On Fri, 25 Apr 2025 21:28:50 -0600 home user via users wrote: > On 4/25/2025 7:47 PM, Fred wrote: > > On Fri, 25 Apr 2025 19:38:24 -0600 > > home user via users wrote: > > > >> The workstation is connected to a modem via an ethernet cable. The > >> modem connects to the internet service provid

Re: securing this workstation.

On 4/25/25 8:28 PM, home user via users wrote: On 4/25/2025 7:47 PM, Fred wrote: On Fri, 25 Apr 2025 19:38:24 -0600 home user via users wrote: The workstation is connected to a modem via an ethernet cable. The modem connects to the internet service provider (comcast) via common co-ax(?) cab

Re: securing this workstation.

On 4/25/25 6:27 PM, home user via users wrote: securing this workstation: part 2. The login screen has 2 named users: 1. a user that Anaconda had me create. 2. "Super User", which I did ***not*** create. Then there's something else below those that I can use to log in as root. What is "Super Use

Re: securing this workstation.

On 4/25/25 7:02 PM, George N. White III wrote: On Fri, Apr 25, 2025 at 9:38 PM home user via users wrote: (Fedora-42; stand-alone workstation) This is a totally new Fedora install on a stand-alone workstation, done today.  It is not a part of a LAN or WAN or any other home or

Re: securing this workstation.

On Fri, 25 Apr 2025 19:38:24 -0600 home user via users wrote: > The workstation is connected to a modem via an ethernet cable. The > modem connects to the internet service provider (comcast) via common > co-ax(?) cable. > > I lost ***all*** my notes.  How do I determine this workstation's IP >

Re: securing this workstation.

On 4/25/25 7:00 PM, Samuel Sieb wrote: On 4/25/25 5:38 PM, home user via users wrote: (Fedora-42; stand-alone workstation) This is a totally new Fedora install on a stand-alone workstation, done today.  It is not a part of a LAN or WAN or any other home or office network. It is not dual-boot

Re: securing this workstation.

On Fri, Apr 25, 2025 at 9:38 PM home user via users < users@lists.fedoraproject.org> wrote: > (Fedora-42; stand-alone workstation) > > This is a totally new Fedora install on a stand-alone workstation, done > today. It is not a part of a LAN or WAN or any other home or office > network. > Please

Re: securing this workstation.

On 4/25/25 5:38 PM, home user via users wrote: (Fedora-42; stand-alone workstation) This is a totally new Fedora install on a stand-alone workstation, done today.  It is not a part of a LAN or WAN or any other home or office network. It is not dual-boot. I do need for Firefox, Thunderbird, an