removables

Fedora 15 Xfce review

Package Management: Managing applications on Fedora is accomplished by using yum, a command line utility, and the gpk-application, a graphical package manager. Many package management tasks are possible only via yum, that is, from the command line. I find the graphical package manager to be, compared to other graphical package managers, slow, especially when using the search feature. Gpk-application does not require authentication to start, so every attempt to install an application requires authentication. It does, however, allows you to queue applications for installation.
packagemanager

Out of the box, the system is configured to check for updates once per day, and to install security updates automatically. Most distributions are also configured to check for updates daily, but only notify you of updates, and not install them, even security-related updates.
packagemanager1

Be default, only official Fedora 15 repositories are enabled. That limits the number and types of applications available for installation.
packagemanager2

By installing RPM Fusion’s repositories, you can make many more applications available. Also, enabling Adobe’s Flash repository makes applications other than the Flash Player Plugin available. For example, Adobe AIR, a developer-component of the Adobe Flash Platform, is also made available for installation.
rpmfusion1

Graphical Administrative Tools: The desktop-specific graphical administrative tools are available from Applications Menu > Settings, and the system-wide tools are accessible from Applications Menu > Administration, and Applications Menu > System.

Security: Like other Fedora 15 editions, this comes with the firewall enabled. There is a graphical firewall installed and configured. Out of the box, the firewall is configured to allow ssh traffic (port 22) in – from all hosts and networks. Thankfully, the Secure Shell server is installed, but not active by default.
firewall

Aside from the ports and services listed on the main window, additional ports from a list of more than 60,000+ tcp and udp ports may be added from the Other Ports window. Like the ssh service, any port you add and enable from here will be accessible to all hosts and networks.
firewall2

You can add custom rules from the Custom Rules window. However, adding custom rules requires loading the rule(s) from a file, which in turn requires that you know how to write IPTables rules.
firewall1

New to Fedora 15 is FirewallD, a firewall daemon with a D-Bus interface, which is being designed to provide a dynamic frontend to the firewall application, so that reloading is not required when a change is made to the firewall rules. It is not installed by default, but if you do, you also need to install its applet. With the applet installed, you can make changes to the firewall from the panel, without needing to launch another application. And if it lives up to its billing, you will not need to reload or apply changes when a new rule or service is added.

If you look closely at the image below, you will see a “Panic Mode” checkbox. I could not determine exactly what enabling that mode is supposed to accomplish, but the applet crashed every time I clicked on the checkbox. I could not find any reference to a “Panic Mode” in FirewallD’s official page.

FirewallD has a very user-friendly command line utility called by firewall-cmd. For example, to enable access to the Secure Shell server, all you need to type is, firewall-cmd –enable –service=ssh. And to enable the same service for, say, 30 seconds, you would type firewall-cmd –enable –service=ssh –timeout=30.

FirewallD is expected to be the default on Fedora 16 onwards. You may read more about it here.
firewalld

Another new security feature in Fedora 15 is the removal of setuid applications. These are applications that run with the permissions or privileges of the applications owner or group. Potentially, they can be a security nightmare. More about this feature here.

Please share:

8 Responses

Leave a Reply to Adam Williamson Cancel reply

Your email address will not be published. Required fields are marked *