On 070816 at 20:37, Jan Hetges wrote:
> On Thu, Aug 16, 2007 at 07:45:06PM +0200, Michel Messerschmidt wrote:
> > But if a user installs a debian package that lowers his systems security
> > there should be a big warning in the installer.
>
> agree, something like debconf:
>
> Are you shure you
Rick Moen <[EMAIL PROTECTED]> writes:
> My perspective is influenced by the fact that all attempts to help debug
> Linux networking failures have to start with "What does /sbin/iptables
> L, run as root, say?" and "What's in /etc/hosts.allow and
> /etc/hosts.deny?" -- because people shooting at th
Quoting R. W. Rodolico ([EMAIL PROTECTED]):
> Firewalls are for a stupidity shield. I had a situation where I was
> cracked on one of my servers a few years ago. It was totally my fault; I
> had a user I had mistakingly set up as an authorized ssh user who
> shouldn't have been. Their account was
"R. W. Rodolico" <[EMAIL PROTECTED]> writes:
> Firewalls are for a stupidity shield. I had a situation where I was
> cracked on one of my servers a few years ago. It was totally my fault; I
> had a user I had mistakingly set up as an authorized ssh user who
> shouldn't have been. Their account was
On Thu, August 16, 2007 17:42, Russ Allbery wrote:
> "R. W. Rodolico" <[EMAIL PROTECTED]> writes:
>
>
>> At this point, I disagree. Unfortunately, I have to point to some of
>> the user oriented firewalls you get for windoze (which, to my knowledge,
>> Linux does not have). When they are installe
"R. W. Rodolico" <[EMAIL PROTECTED]> writes:
> At this point, I disagree. Unfortunately, I have to point to some of the
> user oriented firewalls you get for windoze (which, to my knowledge,
> Linux does not have). When they are installed, the shut down basically
> everything incoming, and all but
On Thu, August 16, 2007 16:56, Russ Allbery wrote:
> "R. W. Rodolico" <[EMAIL PROTECTED]> writes:
>
>
>> For workstations, I tend to use Kubuntu. On that, yes, I want a
>> firewall, and since I recommend it to anyone who asks (and even have my
>> sales staff using it), a default firewall is a Good
On 8/16/07, Jack T Mudge III <[EMAIL PROTECTED]> wrote:
> My personal view is that there are plenty of simpler distributions out there,
> knoppix for first-time users, Ubuntu/Suse for novices, and RedHat for people
> who need hand-holding. Debian is primarily for advanced users, and for users
> who
"R. W. Rodolico" <[EMAIL PROTECTED]> writes:
> For workstations, I tend to use Kubuntu. On that, yes, I want a
> firewall, and since I recommend it to anyone who asks (and even have my
> sales staff using it), a default firewall is a Good Thing.
The part that concerns me about installing a firewa
I've been watching this thread for a while and decided to post my two cents.
For my use, Debian is two things; a kick butt server and the basis for
other distro's that make pretty good workstations. I have tried Debian as
a workstation before and just never gotten a warm fuzzy (though it has
been
I apologize if I have offended anyone with my responses. My initial
post was one mentioning
what I saw to be a problem in an attempt to help the community at
large but some persons took offense.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMA
On Thursday 16 August 2007 05:09, Robert Van Nostrand wrote:
> The correct answer for the better of all now/future Debian users is to not
> put a gun in the hands of a child.
> For those mental midgets that are willing to put their CC info on a box
> that they have no clue about then they deserve t
Why not add 3 deb packages (deb-user, deb-workstation, deb-server) and
prompt the user during install for which "style" box they are setting
up. Then the selected package could have (or not have) necessary
dependencies for the system "style". For instance, deb-user could
depend on lokkit as well
On Wed, 15 Aug 2007 14:23:06 -0500
Pat <[EMAIL PROTECTED]> wrote:
[snip]
> 3) Do we really need portmap, inetd, or nfs running by default on our
> workstations?
http://taosecurity.blogspot.com/2006/01/default-services-in-debian-this.html
See section 12.1.14.1 - 3 here:
http://www.debian.org/d
On Thu, Aug 16, 2007 at 07:45:06PM +0200, Michel Messerschmidt wrote:
> up your computer quite a bit. For example just the additional selection
> of KDE gets you a running avahi daemon.
but that's the responsibility of the respective mainainer(s)
> Inexperienced users may not even notice that th
So, if we all adopt your attitiude toward everything, then people
would go for a walk in the park and get sprayed with deadly
insecticide by pest control people, or drive down the road and run off
a bridge that was collassped which no one bothered to barricade.
> But who is the ultimate responsib
Well, considering there are those of us who want to see linux become
an operating system for the average person, and I do believe this is
the ultimate goal of many linux communities.
Whose responsibility is it, in the US if you manufacture a defective
product legally it is your responsibility if
On Thu, Aug 16, 2007 at 10:08:18AM +0100, Dominic Hargreaves wrote:
> On Thu, Aug 16, 2007 at 09:34:58AM +0100, Dominic Hargreaves wrote:
>
> > And even then, a dist-upgrade would be needed.
>
> Sorry to be replying to myself.
>
> Of course, this will also need module-assistant style (and any ot
On Thu, Aug 16, 2007 at 09:34:58AM +0100, Dominic Hargreaves wrote:
> On Thu, Aug 16, 2007 at 09:44:12AM +0200, Bj?rn Mork wrote:
> > dann frazier <[EMAIL PROTECTED]> writes:
> >
> > > If you are using the apt-get package manager, use the line for
> > > sources.list as given below:
> > >
> > > apt
On Wed, Aug 15, 2007 at 09:34:19PM -0700, Russ Allbery wrote:
> A default install should simply not listen to the network, at which point
> a firewall is pointless complexity. I believe portmap is already
> listening only to localhost and inetd doesn't run if there are no services
> enabled.
Even
[EMAIL PROTECTED] un jour écrivit:
All I'm saying is, would it be possible to have a single simple
option that users could *elect* to take, that wasn't the default,
that wasn't bending anyones life out of shape, marked "Novice User"
or something :-)
A question during the Debian installation
Ok
i already tested it - i booted into my raid with the new precompiled
kernel image without any problems!
Regards
Dimitar
Dimitar Dobrev wrote:
Hi All,
i have build my kernel from source 2.6.18 + debian patches. But after
every step when configuring the RAID i have rebuild it -
|mkinit
On Thu, Aug 16, 2007 at 09:44:12AM +0200, Bj?rn Mork wrote:
> dann frazier <[EMAIL PROTECTED]> writes:
>
> > If you are using the apt-get package manager, use the line for
> > sources.list as given below:
> >
> > apt-get update
> > will update the internal database
> > apt-get upgrade
> >
On Thu, Aug 16, 2007 at 02:54:16PM +0200, Izak Burger wrote:
> > does it not cover the case of packets arriving at eth0 spoofed as
> > from 127.0.0.1 ?
>
> Right you are, that slipped my mind.
I asked because I don't remember and I really can't be bothered to
check. These things are tricky and li
> does it not cover the case of packets arriving at eth0 spoofed as
> from 127.0.0.1 ?
Right you are, that slipped my mind.
I seem to recall that earlier versions of debian had rp_filter default
to 1 (I see sarge still has this, you set spoofprotect=yes in
/etc/network/options, and afaik it defau
Hi All,
i have build my kernel from source 2.6.18 + debian patches. But after
every step when configuring the RAID i have rebuild it -
|mkinitrd -o /boot/initrd.img-2.6.18-temp /lib/modules/2.6.18/
cp ||/boot/initrd.img-2.6.18-temp ||boot/initrd.img-2.6.18|
|
My question is: What will happen t
The correct answer for the better of all now/future Debian users is to not
put a gun in the hands of a child.
For those mental midgets that are willing to put their CC info on a box that
they have no clue about then they deserve to have their identity stolen.
Debian does NOT need any improvements t
On Thu, Aug 16, 2007 at 01:59:03PM +0200, Izak Burger wrote:
> On 8/16/07, Ondrej Zajicek <[EMAIL PROTECTED]> wrote:
> > And if there is no firewall (or other
> > hand-crafted protective measures), then there is no need for
> > rp_filter. So on common workstation there is no need for
> > rp_filter
On 8/16/07, Ondrej Zajicek <[EMAIL PROTECTED]> wrote:
> And if there is no firewall (or other
> hand-crafted protective measures), then there is no need for
> rp_filter. So on common workstation there is no need for
> rp_filter too.
I also don't see why you need rp_filter on a workstation. A
work
On Thu, Aug 16, 2007 at 06:38:32AM -0400, John Keimel wrote:
>
> Let's not dumb down Debian for the rest of the world ...
agreed that defaults are important and should be appropriately set.
what can be done to improve the chances of users ending up with
appropriate settings ?
would it help to
On Wed, Aug 15, 2007 at 10:47:12PM -0500, Pat wrote:
> 1) What if someone (and I am sure it happens more often than you may
> realize) who is clueless about computers decides to download Debian,
> installs it, get hacked, trojaned horsed, their credit cards numbers
> stolen, etc.
On common worksta
On 8/15/07, Pat <[EMAIL PROTECTED]> wrote:
> 1) What if someone (and I am sure it happens more often than you may
> realize) who is clueless about computers decides to download Debian,
> installs it, get hacked, trojaned horsed, their credit cards numbers
> stolen, etc.
> It is called responsibili
On Thu, Aug 16, 2007 at 09:34:58AM +0100, Dominic Hargreaves wrote:
> And even then, a dist-upgrade would be needed.
Sorry to be replying to myself.
Of course, this will also need module-assistant style (and any other)
out-of-tree modules to be rebuilt; I can't remember whether there's ever
been
On Thu, Aug 16, 2007 at 09:44:12AM +0200, Bj?rn Mork wrote:
> dann frazier <[EMAIL PROTECTED]> writes:
>
> > If you are using the apt-get package manager, use the line for
> > sources.list as given below:
> >
> > apt-get update
> > will update the internal database
> > apt-get upgrade
> >
dann frazier <[EMAIL PROTECTED]> writes:
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
> will update the internal database
> apt-get upgrade
> will install corrected packages
This won't work unless there are upd
35 matches
Mail list logo
