The Perfect Desktop - Fedora 10 (GNOME) - Page 2

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Wed, 2008-12-03 20:17. ::

3 Update The System

Now it's time to check for updates. Go to System > Administration > Update System:

The Update System wizard comes up and checks for the latest updates:

If it finds any, click on the Update System button to start the update:

Type in the root password:

Afterwards the updates are being downloaded and installed:

Click on Close to finish the update:

Your system is now up to date.

 

4 Disable SELinux

SELinux is a security extension of Fedora that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I choose disable it, although you might prefer to go with it. I haven't tested this setup with SELinux enabled - it might well be that it works without problems, but if it does not, you can try to turn SELinux off and see if the problem is gone.

To disable SELinux, go to System > Administration > SELinux Management:

Select Disabled for System Default Enforcing Mode and close the window.

To make the change effective, we must reboot the system (System > Shut down...):

 

5 Inventory Of What We Have So Far

Now let's browse all menus under Applications to see which of our needed applications are already installed:

You should find the following situation ([x] marks an application that is already installed, where [ ] is an application that is missing). NTFS read/write support is enabled by default on Fedora 10.

Graphics:
[x] Gimp
[ ] F-Spot
[ ] Picasa

Internet:
[x] Firefox
[ ] Opera
[ ] Flash Player
[ ] FileZilla
[ ] Thunderbird
[x] Evolution
[ ] aMule
[ ] Azureus/Vuze
[x] Transmission BitTorrent Client
[x] Pidgin
[ ] Skype
[ ] Google Earth
[ ] Xchat IRC

Office:
[ ] OpenOffice Writer
[ ] OpenOffice Calc
[ ] Adobe Reader
[ ] GnuCash
[ ] Scribus

Sound & Video:
[ ] Amarok
[ ] Audacity
[ ] Banshee
[ ] MPlayer
[x] Rhythmbox Music Player
[ ] gtkPod
[ ] XMMS
[ ] dvd::rip
[ ] Kino
[x] Sound Juicer CD Extractor
[ ] VLC Media Player
[ ] Real Player
[x] Totem
[ ] Xine
[ ] Brasero
[ ] K3B
[ ] Multimedia-Codecs

Programming:
[ ] Kompozer
[ ] Bluefish
[ ] Quanta Plus

Other:
[ ] VMware Server
[ ] TrueType Fonts
[ ] Java
[x] Read/Write Support for NTFS Partitions

So some applications are already on the system...


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by marXtevens (registered user) on Sat, 2009-08-29 14:40.

I finally found a copy at: http://ftp.freshrpms.net/pub/freshrpms/fedora/linux/10/libdvdcss/libdvdcss-1.2.10-1.fc9.i386.rpm

I think this is strange considering the discussion in the livna repository suggested it would remain there.

Submitted by Anonymous (not registered) on Fri, 2008-12-05 12:38.

Personally, I think it's a little naughty on your part to suggest disabling SE-Linux by default. As was very recently demonstrated, the very source of updates (which are, of course, necessary for a secure system - a static, un-updated system is by definition not a secure system) may be taken off-line by a malicious attack. When that happens, there is little beyond SE-Linux to guarantee a safe and secure system until such time as upstream updates are restored. This can, as has been recently demonstrated, take a not insignificant amount of time.

 Instead, you should be suggesting that the user retain SE-Linux (as is the default for Fedora, and should require no explicit action on part of the user) and use the SE-Linux Trouble-shoot tool to interact via bugzilla with the Fedora team to adequately handle any edge-cases that may be omitted for very specific scenarios that the user may experience.

 As many "newbies" read and follow your instructions, you have a moral obligation to keep the uninitiated user as secure as possible.

Submitted by Russell Coker (not registered) on Tue, 2008-12-23 11:17.
A lot of work has been done to make SE Linux easy to use. For most users it will simply work and they won't notice that it is there.

If a user had a problem and suspected that SE Linux might be related, in addition to using the trouble-shooting tools (as has already been suggested) they also have the option of using "setenforce".

The command "setenforce 0" will stop SE Linux from enforcing access controls, after completing the test the command "setenforce 1" will make it start enforcing access controls again. So instead of having the security reduced all the time, you have it reduced for the 5 minute window of the test run.

Submitted by Anonymous (not registered) on Thu, 2008-12-04 08:27.
Disabling SELinux ... you should at least set the enforcing mode to Permissive.