Thank You for Your time and answer, Eric: > This works in the simple case, the only thing to be aware of is that > if someone has the ability to change you /usr/bin/sudo, then they can > probably update the debsum as well (unless debsums are signed... are > they?)
Is there key point on investigation from whence the danger came (through which service they got in) - as it was a secure machine - IMHO? Are there a port list the packages my debian distro work with (to send and to get the info) - so that I can be able to close all others (I did so for the INPUT chain, but not for OUTPUT). How complicated is setting up of a SELinux for isolating a service like postfix, clamav, amavis, apache, etc? - All I want is just to specify - if the security issue in the services - let it breakout not - that is to prevent access to the system (root environment/privileges). Or is it much easier to use a VM like qemu and put each service in every VM? Thank You for Your precious to me advices. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
