Hello nddias (<[EMAIL PROTECTED]>) wrote:
> I am setting up a Debian (sarge) webserver to run over my home DSL > connection. I've been using my best common sense and a whole lot of > googling to follow along with the "Securing Debian Howto, but I still > have some questions/need clarifications on some points. The numbers in > parentheses refer to the sections of this guide: > > http://www.debian.org/doc/manuals/securing-debian-howto/ > > 4.2 Executing a security update > > Is the NAT/firewall in my wireless router (WEP enabled) sufficient > protection when doing the security update during installation? NAT is sufficient, as long as you don't forward new connections from the outside into your local network. By the way, NAT may be sufficient, WEP is not. Switch to WPA if you can, and use a good and long passphrase. > 4.2.2 Security update of the Kernel > > I recompiled and installed a 2.6.8 kernel w/ local APIC support > disabled because I was getting "spurious interrupt" messages. I also > enabled Athlon support. Will apt/dpkg still be able to detect when > kernel updates are necessary according to this section? Or am I on my > own to maintain my custom kernel? If you install your own kernel, you are on your own. apt can however detect when a new version of the kernel-source package is available. I also recommend that you use kernel-package/make-kpkg to build your kernel, or (as someone already mentioned) use a Debian kernel and switch off APIC using the noapic boot option. > 4.9.1, 4.9.2 > > These sections refer to modifying apt.conf, but this file doesn't > exist...instead there is an /etc/apt/apt.conf.d directory and in it a > 70debconf file. I can't find any docs on how this directory structure > works or the proper way to modify it. The apt man page says that apt > first reads the file in APT_CONFIG but this env var is not set. I have > found plenty of docs on using apt, but none on configuring it. Simply create apt.conf, or create your own file in /etc/apt/conf.d. best regards Andreas Janssen -- Andreas Janssen <[EMAIL PROTECTED]> PGP-Key-ID: 0xDC801674 ICQ #17079270 Registered Linux User #267976 http://www.andreas-janssen.de/debian-tipps-sarge.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
