Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 15
Hey everyone, new here and new to Linux Mint. So far I see why some people rave about it over Windows, but as a long time user, it's taking sometime ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2013
    Posts
    8

    Dedicated PC with LM 14 and openVPN question...


    Hey everyone, new here and new to Linux Mint. So far I see why some people rave about it over Windows, but as a long time user, it's taking sometime to get used to it.

    Currently I have a dedicated laptop with LM 14 on it. It's being used as a secure router with openVPN on it, with all internet devices going through it. My ASUS router is now a switch \ DHCP server.

    Now I had a friend set this up for me, and even let him remote in on his own because he's new to Linux as well and learned as he went. As you may have one in your life, he's a ball buster if there was ever one, and knows my buttons.

    So tell me, how could I tell if he was forwarding my internet traffic? Either to himself or somewhere else? Just now he "joked" he left an S S H port unsecured and was able to view my personal files. So again, is there anyway I could check on LM, on my own obviously, to see if he has anything like that setup... Thanks in advance!

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,639
    1. Disallow root logins.
    2. Change your password.
    3. Restrict SSH logins to require an RSA key (.pem file) and then configure users you have authorized to login to require that ssh key as well as their password.
    4. Edit the /etc/sudoers file to be sure he doesn't have sudo privileges, and that he hasn't set up sudo privileges for anyone who logs in.

    You will have to do some serious man-page reading and experimentation to get the system locked down to where it is useful for you, accessible to authorized users, and a PITA for knuckleheads like your friend to break into... However, it will be worth the learning experience, and you will understand your system immeasurably better.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  3. #3
    Just Joined!
    Join Date
    May 2013
    Posts
    8
    Rubberman thanks for the help... Obviously I haven't started it yet but like you said, I've got a lot of reading to do and I'll definitely know more either way by the end.

    Tell me this though, what about spying on my other computers on the network? I take it it would be harder but not impossible.

  4. #4
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,639
    Set them up to allow remote ssh logins for your id, and give yourself sudo privileges. That way, you can log into the systems and have full admin authority.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  5. #5
    Just Joined!
    Join Date
    May 2013
    Posts
    8
    Hmm, I won't lie, that's a bit above my head... I'm still very new to Linux... However tell me this, I'm downloading LM 15 right now and am going to attempt to install it myself.

    Now I'm going by the token that to get the VPN to work all I'll need are the VPN files that I could just back up on a jump drive... So getting the VPN up won't be an issue.

    Now aside from that, since I'm formatting and installing the updated OS, if he did do anything nefarious, will that pretty much wipe him out? (Dumb ? I know but paranoia does funny things like that!

    Thanks again!

  6. #6
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,639
    Usually you would use openssl to create a self-signed certificate (public and private keys) to use with ssh or openvpn.
    As for a reinstallation of the operating sysem, yes that will wipe out what you have - make sure you backup all critical files first. If you are doing an OS update (mint 14 to 15 for example), then it may not remove existing files, but still remember the sysadmin mantra - backup, backup, backup...
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  7. #7
    Just Joined!
    Join Date
    May 2013
    Posts
    8
    Oh absolutely, I've learned the hard way and through common sense to always backup. However I realized that it's not just the Linux laptop I should worry about but the other computers on the network as well.

    So I scanned my main computer and port 1723 and 22 are open. The same goes for my other computer, as well as the Linux laptop (router.) So knowing that, should I worry or is this common? Is there anyway I could find out if files, information, whatever, has been forwarded or if someone has logged in?

    No one besides me had access to the two computers on the network if that helps... Thanks again!

  8. #8
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,639
    Port 22 is used for SSH (secure shell) connections. Port 1723 is used for PPTP (point-to-point tunneling protocol) which is used by serial (including USB) devices such as traditional modems, broadband wireless (cell) modems, etc. to get connected to a remote network and the Internet. Both of these should be safe to have open, and if you use any such devices, or ssh to connect from laptop to server, then you need them.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  9. #9
    Just Joined!
    Join Date
    May 2013
    Posts
    8
    Hmm, yeah, I thought as much... Sometimes there's too much info out there. Anyway I took the VPN down and went through the normal setup with my Comcast IP and all... I did a scan and indeed everything is closed, even port 22.

    So yes, for the setup that I have with the Linux VPN I suppose they need to be open. See, the bad part is I don't know Linux from a hole in the ground, so I'm not sure where to look. Hell, I wouldn't be sure with Windows either!

  10. #10
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,639
    Look into iptables and the sshd configuration options - man pages are useful!
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •