Sent: Saturday, November 16, 2024 at 9:18 PM
From: debianmailinglists.hz...@simplelogin.com
To: "debian-secur...@lists.debian.org"
Subject: Securing Debian Manual, Out of Date?
To whom it may concern:
I'm not sure if this is appropriate for the "security&quo
e it (at least to the extent that you seem to
want to do). How do you plan to stop someone taking the top off and
attaching a logic analyser to it? How do you plan to stop someone simply
creating a DoS by forcibly inserting a foreign object (e.g. hitting the
computer with an axe)?
I'm not sayin
Read up on iptables.
On Thu, Mar 8, 2012 at 9:24 AM, Stayvoid wrote:
> Hello.
>
> "Implement IP traffic filtering validating the MAC address."
> How to do this?
>
> http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
>
> Cheers
>
>
> --
deb http://security.debian.org/ [CODENAME]/updates main contrib
> non-free"
> Is this a good idea? I've thought that "automatically" is not a best choice.
>
> http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
>
> Cheers
>
>
> --
>
On Thu, Mar 8, 2012 at 15:39, Andrei POPESCU wrote:
> On Jo, 08 mar 12, 17:07:21, Stayvoid wrote:
>> Hello.
>>
>> "This sounds great, but it: only applies to ext2 or ext3 file systems…" [1]
>> What about ext4 (and others)?
>
> You may safely assume ext4 includes any features that ext2 and ext3
> i
On 03/08/2012 04:37 PM, Stayvoid wrote:
The one which suits your needs :p
Could you point me to the guide that actually explains this?
Every guide I read says something like: "do foo because foo is the right way."
It doesn't make any sense.
You're the only one who knows what you need. When you
On Jo, 08 mar 12, 17:25:53, Stayvoid wrote:
> Hello.
>
> "... Give users a restricted shell such as scponly or rssh. These
> shells restrict the commands available to the users so that they are
> not provided any remote execution privileges."
> Is it really necessary?
Do you (plan to) have users
On Jo, 08 mar 12, 17:21:02, Stayvoid wrote:
> Hello.
>
> "There are other role accounts and aliases on your system. On a small
> system, it's probably simplest to make sure that all such aliases
> point to the root account, and that mail to root is forwarded to the
> system administrator's persona
On Jo, 08 mar 12, 17:18:07, Stayvoid wrote:
> Hello.
>
> "Finally, you should consider changing root's default 022 umask (as
> defined in /root/.bashrc) to a more strict umask."
> Which one?
If you understand umask(s) you will know.
Kind regards,
Andrei
--
Offtopic discussions among Debian user
On Jo, 08 mar 12, 17:13:06, Stayvoid wrote:
> Hello.
>
> "Add root and the other users that should be able to su to the root
> user to this group."
> I'll be the only user of the server. Should I create a guest user for
> me? Will it be enough to have a root access?
It is considered good practice
On Jo, 08 mar 12, 17:07:21, Stayvoid wrote:
> Hello.
>
> "This sounds great, but it: only applies to ext2 or ext3 file systems…" [1]
> What about ext4 (and others)?
You may safely assume ext4 includes any features that ext2 and ext3
include.
Kind regards,
Andrei
--
Offtopic discussions among D
On Jo, 08 mar 12, 17:05:40, Stayvoid wrote:
> What can I do to disable keyboard access at all? (I'll use a remote
> connection (SSH).)
Does your VPS have a "keyboard"?
Kind regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/
On Jo, 08 mar 12, 16:55:51, Stayvoid wrote:
> Hello.
>
> "To manually update the system, put the following line in your
> sources.list and you will get security updates automatically, whenever
> you update your system. Replace [CODENAME] with the release codename,
> e.g. squeeze.
>deb http
On Jo, 08 mar 12, 16:54:09, Stayvoid wrote:
> Hello.
>
> "The presence, for example, of development utilities (a C compiler) or
> interpreted languages (such as perl - but see below -, python, tcl...)
> may help an attacker compromise the system…"
> "So, without Perl and, unless you remake these u
On Thu, 08 Mar 2012 23:21:12 +0100, Martin Steigerwald wrote:
> Hi Stayvoid!
> I am overwhelmed by your posting flood.
I'm not. He is already in the bozo bin.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.de
On Thu, 8 Mar 2012 17:31:14 +0300, Stayvoid wrote in message
:
> Hello.
>
> "FIXME: Talk on how to do a debsums on a stable system with the
> MD5sums on CD and with the recovered file system restored on a
> separate partition."
> How to do it?
>
> http://w
lso
> using chattr) for .profile too if you do it this way."
> How to make this?
>
>
> http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Well its explained there in quite a good detail.
The command for changing attributes is mentioned some sentences above an
Hi Stayvoid!
Thanks for what I perceive to be an attempt to help to improve the
securing Debian manual.
Am Donnerstag, 8. März 2012 schrieb Stayvoid:
> Hello.
>
> "Note, however, that there are rootkits which might work even in this
> case, there are some that tamper with
a journaling file system." [1]
> This manual covers only ext-related features. Should I use ext4
> instead of ext3 for all partitions?
>
> [1] http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html
>
> Cheers
>
> P.S. Sorry for those who already seen this
On Thu, Mar 8, 2012 at 06:13, Stayvoid wrote:
> Hello.
>
> "Violations, such as incorrect passwords or trying to run a program
> you don't have permission for, are logged and mailed to root."
> Where can I check this?
Log in/switch to root and run a mail reader, e.g. Mutt
If you diverted root's
On Thu, Mar 8, 2012 at 07:12, Camaleón wrote:
> On Thu, 08 Mar 2012 16:46:24 +0300, Stayvoid wrote:
>
>> Hello.
>
> (...)
>
> Hi.
>
> Before going any further, would you care to explain what's going on here?
> Were you bitten by a dancing bug or something like that?
>
Agree on that.
Stayvoid, I
On Jo, 08 mar 12, 17:35:38, Stayvoid wrote:
> > You really, really should read
> > http://catb.org/esr/faqs/smart-questions.html first (this applies to all
> > your other questions as well).
> I read it some time ago.
Well, maybe you should read it again. I'm not kidding, I've read it
myself seve
On Thu, 08 Mar 2012 16:46:24 +0300, Stayvoid wrote:
> Hello.
(...)
Hi.
Before going any further, would you care to explain what's going on here?
Were you bitten by a dancing bug or something like that?
Greetings,
--
Camaleón
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.or
> In ten years I've never seen so much of a flood sent to this list.
I'm really sorry for this, but it's not that easy to find.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.d
Are you trying to beat some number-of-posts-record?!
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/CAOdo=Sx3vvxCKE+8Wn_Zrc-_nXP0bOrAOkqNw7zQCxq=qhb...@mail.gmail.co
> The one which suits your needs :p
Could you point me to the guide that actually explains this?
Every guide I read says something like: "do foo because foo is the right way."
It doesn't make any sense.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscr
In ten years I've never seen so much of a flood sent to this list.
Please see the following URL and place each one of your emails in the
magic box.
http://lmgtfy.com
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@
> You really, really should read
> http://catb.org/esr/faqs/smart-questions.html first (this applies to all
> your other questions as well).
I read it some time ago.
Sorry for zillions of questions, but I really want to hear some
thoughts on these topics. The guide is outdated and I hope it'll hel
Hello.
"FIXME: Talk on how to do a debsums on a stable system with the
MD5sums on CD and with the recovered file system restored on a
separate partition."
How to do it?
http://www.debian.org/doc/manuals/securing-debian-howto/ch-after-compromise.en.html
Cheers
--
To UNSUBSCRIBE
Hello.
"From this shell, backup the information to another host if possible
(maybe a network file server through NFS/FTP)."
What about SSH?
"Make sure to startup in single user mode, so no other Trojan
processes run after the kernel."
How to be sure?
http://www.debian.org/
On Jo, 08 mar 12, 16:49:15, Stayvoid wrote:
>
> What partition scheme is the best for a VPS (MTA + web server)?
The one which suits your needs :p
(SCNR)
You really, really should read
http://catb.org/esr/faqs/smart-questions.html first (this applies to all
your other questions as well).
Kind
Hello.
"Note, however, that there are rootkits which might work even in this
case, there are some that tamper with /dev/kmem (kernel memory)
directly to make themselves undetectable."
How to avoid those?
http://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html
Cheer
Hello.
"... Give users a restricted shell such as scponly or rssh. These
shells restrict the commands available to the users so that they are
not provided any remote execution privileges."
Is it really necessary?
http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-servic
Hello.
"Implement IP traffic filtering validating the MAC address."
How to do this?
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheers
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trou
Hello.
"This option is a double-edged sword. On the one hand it protects your
system against syn packet flooding; on the other hand it violates
defined standards (RFCs)."
Is there a way to protect the server against syn flooding without
RFCs' violation?
http://www.debian.org/doc/m
The only way to change a protected file
would be to boot the system in single-user mode or using another
bootdisk, two operations that require physical access to the machine
!"
What about the remote connections?
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheers
--
T
mailbox thing? Is it secure?
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheers
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/c
Hello.
"Beware: The above printed example is open to a DoS attack by making
many connections in a short period of time. Many emails mean a lot of
file I/O by sending only a few packets."
How to avoid this?
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheer
Hello.
"Describe the consequences of changing packages permissions when
upgrading (an admin this paranoid should chroot his users BTW) if not
using dpkg-statoverride."
Could you provide more information on this?
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheer
Hello.
"Finally, you should consider changing root's default 022 umask (as
defined in /root/.bashrc) to a more strict umask."
Which one?
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheers
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
bian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheers
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/cak5fs_eagcqb--usebusg-uoh+ws-hordtnemmnlnom2xn7...@mail.gmail.com
Hello.
"If you are really paranoid you might want to add a system-wide
configuration to audit what the users are doing in your system. This
sections presents some tips using diverse utilities you can use."
Is it safe? Someone can read the logs.
http://www.debian.org/doc/manuals/secur
Hello.
"Violations, such as incorrect passwords or trying to run a program
you don't have permission for, are logged and mailed to root."
Where can I check this?
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
--
To UNSUBSCRIBE, email to d
login from the local terminals)?
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheers
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://list
Hello.
"You can set this variable in /etc/apt/apt.conf to another directory
with exec privileges other than /tmp." [1]
Which directory should be selected?
[1] http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheers
--
To UNSUBSCRIBE, email to debian
Hello.
"This sounds great, but it: only applies to ext2 or ext3 file systems…" [1]
What about ext4 (and others)?
[1] http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheers
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of &q
ck if any of the users listed in the file
are logged in. If none of them is, shutdown will not reboot the
system." [1]
What can I do to disable keyboard access at all? (I'll use a remote
connection (SSH).)
[1] http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
server to keep them running?
http://www.debian-administration.org/?article=70
Will it work with GRUB?
"* When the new system comes up the second time, disable the 'support'
account."
How to disable it?
[1] http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Ch
"Exercise caution when dealing with security upgrades if you are doing
them over a remote connection like ssh. A suggested procedure for a
security upgrade that involves a service restart is to restart the SSH
daemon and then, inmediately, attempt a new ssh connection without
breaking the previous
vered."
I'll upgrade from a remote connection (SSH). What should I do instead
of this procedure?
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheers
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe".
ntrib non-free"
Is this a good idea? I've thought that "automatically" is not a best choice.
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
Cheers
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscr
bly not be able to manage any packages (so you
will not be able to upgrade the system, which is not a Good Thing)."
I'm confused. Should I remove it?
http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.deb
instead of ext3 for all partitions?
[1] http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html
Cheers
P.S. Sorry for those who already seen this post.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas
Hello.
What partition scheme is the best for a VPS (MTA + web server)?
According to the guide [1] I should use something like this:
/home
/tmp
/var/tmp/
/var
/opt
/var/mail
[1] http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html
Cheers
P.S. Sorry for those who already seen
VPS, but someone told me that it's possible for some of them.) I've
been told that it's not necessary because if someone reboot the
machine I'll have no chance to enter the password.
[1] http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html
Cheers
P.S. Sorry f
On Jo, 26 ian 12, 19:35:46, Stayvoid wrote:
> I knew about it. But I need more information.
You could start by saying what specific points you are missing from it.
Kind regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-co
I knew about it. But I need more information.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/cak5fs_emuze7_t28gvzy12cbci5euywaw4kjxmbd2wkcet1...@mail.gmail.com
ke it work
(SSH etc.)?
I'd like to use this server as a proxy too. (I don't want to give
anyone a chance to look through my traffic.) Is it a good idea? Is it
even possible? Are there any better solutions for this purpose?
The first thing you should look at is
http://www.debian.org/
Hello there!
I'm going to run my own server (website + MTA).
Here is the chosen solution:
https://www.gandi.net/hosting/vps/dedicated (Debian 6 64 bits without
Gandi AI).
Is it OK?
This is my first attempt to administer a server and I want to be as
secure as possible.
Could you give any advice on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alexander Wasmuth wrote:
> I've also added "Protocol 2" to omit ssh 1 and I set UsePam to no
> because I wasn't able to prohibit password authentication with PAM
> enabled.
I'm currently not planning on using PAM, but I'll disable it anyway -
that way
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alexander Wasmuth wrote:
> * Jim Hyslop wrote:
>
>> PermitRootLogin no
>> RSAAuthentication no
>> PubkeyAuthentication yes
>> IgnoreRhosts yes
>> RhostsRSAAuthentication no
>> HostbasedAuthentication no
>> PermitEmptyPasswords no
>> ChallengeResponseA
* Jim Hyslop wrote:
> PermitRootLogin no
> RSAAuthentication no
> PubkeyAuthentication yes
> IgnoreRhosts yes
> RhostsRSAAuthentication no
> HostbasedAuthentication no
> PermitEmptyPasswords no
> ChallengeResponseAuthentication no
> PasswordAuthentication no
> UsePAM yes
> Subsystem sftp /usr/lib/
On Fri, Feb 23, 2007 at 05:05:24PM -0500, Jim Hyslop wrote:
>
> I've set the following options in my sshd_config (these aren't all the
> options, just the ones that appear to me to be relevant to my question):
>
> PermitRootLogin no
> RSAAuthentication no
On my system I have 'RSAAuthentication y
On Friday 23 February 2007 22:05, Jim Hyslop wrote:
> Oh, and when this is all OK, I'll set up port forwarding on my firewall
> to send port 22 to the machine in question.
> C/C++ * OOD * SW Development & Practices * Version Management
Changing the default port number for ssh connections also
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I have a Debian box on my home network (currently running Sarge, and
when I have two seconds to rub together I'll upgrade to Etch). I want to
be able to ssh into the machine from outside the home network, e.g. if
I'm at a coffee shop with a WAP. U
Hi,
I've been hardening a box (woody installation upgraded to sarge) by
following along the Securing Debian howto.
I added the following two lines (which aren't exact copies of those in the
hwoto) to /etc/pam.d/common-password:
password required pam_cracklib.so retry=3 minlength=
Hello
nddias (<[EMAIL PROTECTED]>) wrote:
> I am setting up a Debian (sarge) webserver to run over my home DSL
> connection. I've been using my best common sense and a whole lot of
> googling to follow along with the "Securing Debian Howto, but I still
> have some q
On 2 Feb 2006 15:26:15 -0800
"nddias" <[EMAIL PROTECTED]> wrote:
> 4.2.2 Security update of the Kernel
>
> I recompiled and installed a 2.6.8 kernel w/ local APIC support
> disabled because I was getting "spurious interrupt" messages. I also
> enabled Athlon support.
There are kernel packages f
On Thu, Feb 02, 2006 at 03:26:15PM -0800, nddias wrote:
> These sections refer to modifying apt.conf, but this file doesn't
> exist...instead there is an /etc/apt/apt.conf.d directory and in it a
> 70debconf file. I can't find any docs on how this directory structure
> works or the proper way to mo
Hi,
I am setting up a Debian (sarge) webserver to run over my home DSL
connection. I've been using my best common sense and a whole lot of
googling to follow along with the "Securing Debian Howto, but I still
have some questions/need clarifications on some points. The numbers in
parenth
Thanks for the help!
-Rick
**
Rick Weinbender wrote:
> I have an email server (qmail running on debian),
> that I need to make as secure as possible.
> Can anyone point me to some good links that
> relate to security?
>
> Has anyone used bastille? What do you think
> of it?
>
> Thanks,
> -Ri
On Thursday 13 November 2003 6:58 am, Johann Spies wrote:
> On Wed, Nov 12, 2003 at 05:31:44PM +, Geoff Thurman wrote:
> > There are a lot of links here:
> >
> > http://www.linuxquestions.org/questions/showthread.php?s=&threadid=
> >45261
> >
> > There was a good piece about security on the sam
On Wed, Nov 12, 2003 at 05:31:44PM +, Geoff Thurman wrote:
> There are a lot of links here:
>
> http://www.linuxquestions.org/questions/showthread.php?s=&threadid=45261
>
> There was a good piece about security on the same site roughly a
> fortnight ago, but I can't find it now. I might post
bastille? What do you think
> > of it?
> >
> > Thanks,
> > -Rick
>
> I used bastille in the past and found it to do
> it's job quite well.
> You may als look at:
> http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html
>
> Persona
e past and found it to do
it's job quite well.
You may als look at:
http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html
Personally i do this to harden a server:
- remove all unnecessary software
- add firewall script
- run bastille (hardening)
- install file integrity checker
Hello
Rick Weinbender (<[EMAIL PROTECTED]>) wrote:
> I have an email server (qmail running on debian),
> that I need to make as secure as possible.
> Can anyone point me to some good links that
> relate to security?
You might want to take a look at the securing debian howto t
On Wednesday 12 November 2003 16:19, Rick Weinbender wrote:
> I have an email server (qmail running on debian),
> that I need to make as secure as possible.
> Can anyone point me to some good links that
> relate to security?
Have you read
http://www.debian.org/doc/manuals/securing-
I have an email server (qmail running on debian),
that I need to make as secure as possible.
Can anyone point me to some good links that
relate to security?
Has anyone used bastille? What do you think
of it?
Thanks,
-Rick
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsub
On Sun, 10 Nov 2002 18:06:22 -0700
[EMAIL PROTECTED] (Bob Proulx) wrote:
> Joyce, Matthew <[EMAIL PROTECTED]> [2002-11-11 10:03:10 +1100]:
> > To be able to send and receive emails. SMTP
>
> Port 25
Also for ssl.
> > To access email via IMAP and POP3, including ssl.
>
IMAP: 143, IMAP over SSL
Joyce, Matthew <[EMAIL PROTECTED]> [2002-11-11 10:03:10 +1100]:
> At the moment I have to ask for ports to be opened on our networks router,
> and they are not really happy with me going back to them again and again,
> asking for new ports to be opened.
>
> Should I ask for all access control to b
Joyce, Matthew wrote:
Should I ask for all access control to be removed from the ip address
of the
box, and then secure the box within debian, or is it well worth having
that
extra level of security on the router ?
It is worth the security of the router.
Unless you are very very very sure t
On Mon, Nov 11, 2002 at 10:03:10AM +1100, Joyce, Matthew wrote:
>
> Hi,
>
> I work with a network, which is part of a much bigger network. The big
> network is managed by someone else.
>
> I am setting up a debian box, it will eventually do mail and web stuff for
> us.
>
> At the moment I hav
Hi,
I work with a network, which is part of a much bigger network. The big
network is managed by someone else.
I am setting up a debian box, it will eventually do mail and web stuff for
us.
At the moment I have to ask for ports to be opened on our networks router,
and they are not really happ
On Tue, May 02, 2000 at 04:23:21AM -0700, Graham Lillico wrote:
> Thanks anyway but I eventually got it to work, seems that the howto is not
> correct and some other packages need to be install for the `new options to
> work correctly.
ah yeah, i have not read it since it was first written but i s
03:22:36AM -0700, Graham Lillico wrote:
> > Hi,
> >
> > I have followed the howto on securing debian but I can not change
> > my password i keep getting the message
> >
> > passwd: Module is unknown
> >
> > Does anyone know w
On Tue, May 02, 2000 at 03:22:36AM -0700, Graham Lillico wrote:
> Hi,
>
> I have followed the howto on securing debian but I can not change
> my password i keep getting the message
>
> passwd: Module is unknown
>
> Does anyone know what the problem is,
Hi,
I have followed the howto on securing debian but I can not change
my password i keep getting the message
passwd: Module is unknown
Does anyone know what the problem is, I think it may be a pam problem but
I'm not sure, any ideas?
Regards
G
On Sun, 26 Apr 1998, Chris wrote:
> Just a point of note:
>
> If your brother has physical access to the machine there is no way you can
> stop him from getting root access.
>
> You can increase the difficulty by setting the bios to only boot from HDD
> and then locking the bios - but if he's
On Sat, 25 Apr 1998, Carl Mummert wrote:
> Chris wrote:
> > > > You might consider installing the `sudo' package and using that for
> > > > all your root access. If you do that, then you can change the
> > > > encrypted root password to * in /etc/shadow (you *are* using shadow
> > > > passwords,
> Since a 4GB hard drive can be had for under $1000.00,
You must not have shopped for drives lately. I bought a 7 gig
drive in January for $320, including sales tax, or about $46 a GB.
This week's paper was advertising drives at around $40 a gig.
Bob
--
_
|_) _ |_ Robert D. Hi
[EMAIL PROTECTED] wrote:
> If you think about it, an 8 character password encodes to 4096 * 13 character
> strings. So a dictionary of say 400,000 common words, names, passwords, and
> simple variations would easily fit on a
> 4GB hard drive. The attacker need only sort them, and then check for mat
I would like to make my Debian box use shadow passwords since it is
allways on the 'Net. Firstly, how do I turn on shadow passwords in debian?
Secondly, will this affect my pppd, proftpd, telnetd, apache or other daemons?
Thanks,
Timothy Hospedales
BTW, I was reading the Shadow-HOWTO and i
> > > You might consider installing the `sudo' package and using that for
> > > all your root access. If you do that, then you can change the
> > > encrypted root password to * in /etc/shadow (you *are* using shadow
> > > passwords, I hope) and thus it becomes impossible to log in as r
Chris wrote:
> > > You might consider installing the `sudo' package and using that for
> > > all your root access. If you do that, then you can change the
> > > encrypted root password to * in /etc/shadow (you *are* using shadow
> > > passwords, I hope) and thus it becomes impossible to log in as
> You can increase the difficulty by setting the bios to only boot from HDD
> and then locking the bios
already done.
>- but if he's smart enough that you have to
> worry about the root password, he's going to know how to reset the bios.
i dont think he'll be able to do that because he dont kno
On Sat, 25 Apr 1998, Alain Toussaint wrote:
> > You might consider installing the `sudo' package and using that for
> > all your root access. If you do that, then you can change the
> > encrypted root password to * in /etc/shadow (you *are* using shadow
> > passwords, I hope) and thus it become
> But you don't have to give root access to your brother. Sudo lets you
> set up access by username, in the /etc/sudoers file. i.e., on my
> system:
>
> # User privilege specification
> root ALL=(ALL) ALL
> blp ALL=(ALL) ALL
>
> So no one but root, blp can take advantage of
this is a no go,i dont want to install this package because i dont want to
give root access to my brother:
Sudo is a program designed to allow a sysadmin to give limited root
privileges to users and log root activity. The basic philosophy is to
give
as few privileges as possible
> You might consider installing the `sudo' package and using that for
> all your root access. If you do that, then you can change the
> encrypted root password to * in /etc/shadow (you *are* using shadow
> passwords, I hope) and thus it becomes impossible to log in as root.
>
> Ben
this is a no
does there is a a reference for this package (say a web
page,manual,etc...)it's because i'm a bit nervous to try an unknown (by
me) package and removing any root access (which i can do anyway using the
/etc/login.access,take a look at man 5 login.access for information on
that topic)
1 - 100 of 103 matches
Mail list logo