Re: Securing Debian Manual, Out of Date?

2024-11-16 Thread Scott Andrews
      Sent: Saturday, November 16, 2024 at 9:18 PM From: debianmailinglists.hz...@simplelogin.com To: "debian-secur...@lists.debian.org" Subject: Securing Debian Manual, Out of Date? To whom it may concern:   I'm not sure if this is appropriate for the "security&quo

Re: Securing Debian Manual: 3.1 Choose a BIOS password

2012-03-13 Thread Darac Marjal
e it (at least to the extent that you seem to want to do). How do you plan to stop someone taking the top off and attaching a logic analyser to it? How do you plan to stop someone simply creating a DoS by forcibly inserting a foreign object (e.g. hitting the computer with an axe)? I'm not sayin

Re: Securing Debian Manual: 4.17.6 Protecting against ARP attacks

2012-03-09 Thread Brad Alexander
Read up on iptables. On Thu, Mar 8, 2012 at 9:24 AM, Stayvoid wrote: > Hello. > > "Implement IP traffic filtering validating the MAC address." > How to do this? > > http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html > > Cheers > > > --

Re: Securing Debian Manual: 4.2 Execute a security update

2012-03-09 Thread Brad Alexander
deb http://security.debian.org/ [CODENAME]/updates main contrib > non-free" > Is this a good idea? I've thought that "automatically" is not a best choice. > > http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html > > Cheers > > > -- >

Re: Securing Debian Manual: 4.9 Mounting partitions the right way

2012-03-09 Thread Kelly Clowers
On Thu, Mar 8, 2012 at 15:39, Andrei POPESCU wrote: > On Jo, 08 mar 12, 17:07:21, Stayvoid wrote: >> Hello. >> >> "This sounds great, but it: only applies to ext2 or ext3 file systems…" [1] >> What about ext4 (and others)? > > You may safely assume ext4 includes any features that ext2 and ext3 > i

Re: Securing Debian Manual: 3.2.1 Choose an intelligent partition scheme

2012-03-09 Thread Rares Aioanei
On 03/08/2012 04:37 PM, Stayvoid wrote: The one which suits your needs :p Could you point me to the guide that actually explains this? Every guide I read says something like: "do foo because foo is the right way." It doesn't make any sense. You're the only one who knows what you need. When you

Re: Securing Debian Manual: 5.1.4 Restricing access to file transfer only

2012-03-08 Thread Andrei POPESCU
On Jo, 08 mar 12, 17:25:53, Stayvoid wrote: > Hello. > > "... Give users a restricted shell such as scponly or rssh. These > shells restrict the commands available to the users so that they are > not provided any remote execution privileges." > Is it really necessary? Do you (plan to) have users

Re: Securing Debian Manual: 4.12.2 Configuring where alerts are sent

2012-03-08 Thread Andrei POPESCU
On Jo, 08 mar 12, 17:21:02, Stayvoid wrote: > Hello. > > "There are other role accounts and aliases on your system. On a small > system, it's probably simplest to make sure that all such aliases > point to the root account, and that mail to root is forwarded to the > system administrator's persona

Re: Securing Debian Manual: 4.10.11 Setting users umasks

2012-03-08 Thread Andrei POPESCU
On Jo, 08 mar 12, 17:18:07, Stayvoid wrote: > Hello. > > "Finally, you should consider changing root's default 022 umask (as > defined in /root/.bashrc) to a more strict umask." > Which one? If you understand umask(s) you will know. Kind regards, Andrei -- Offtopic discussions among Debian user

Re: Securing Debian Manual: 4.10.1 User authentication: PAM

2012-03-08 Thread Andrei POPESCU
On Jo, 08 mar 12, 17:13:06, Stayvoid wrote: > Hello. > > "Add root and the other users that should be able to su to the root > user to this group." > I'll be the only user of the server. Should I create a guest user for > me? Will it be enough to have a root access? It is considered good practice

Re: Securing Debian Manual: 4.9 Mounting partitions the right way

2012-03-08 Thread Andrei POPESCU
On Jo, 08 mar 12, 17:07:21, Stayvoid wrote: > Hello. > > "This sounds great, but it: only applies to ext2 or ext3 file systems…" [1] > What about ext4 (and others)? You may safely assume ext4 includes any features that ext2 and ext3 include. Kind regards, Andrei -- Offtopic discussions among D

Re: Securing Debian Manual: 4.8 Restricting system reboots through the console

2012-03-08 Thread Andrei POPESCU
On Jo, 08 mar 12, 17:05:40, Stayvoid wrote: > What can I do to disable keyboard access at all? (I'll use a remote > connection (SSH).) Does your VPS have a "keyboard"? Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/

Re: Securing Debian Manual: 4.2 Execute a security update

2012-03-08 Thread Andrei POPESCU
On Jo, 08 mar 12, 16:55:51, Stayvoid wrote: > Hello. > > "To manually update the system, put the following line in your > sources.list and you will get security updates automatically, whenever > you update your system. Replace [CODENAME] with the release codename, > e.g. squeeze. >deb http

Re: Securing Debian Manual: 3.7 Install the minimum amount of software required

2012-03-08 Thread Andrei POPESCU
On Jo, 08 mar 12, 16:54:09, Stayvoid wrote: > Hello. > > "The presence, for example, of development utilities (a C compiler) or > interpreted languages (such as perl - but see below -, python, tcl...) > may help an attacker compromise the system…" > "So, without Perl and, unless you remake these u

Re: Securing Debian Manual: 10.4.2.1 Proactive defense

2012-03-08 Thread Walter Hurry
On Thu, 08 Mar 2012 23:21:12 +0100, Martin Steigerwald wrote: > Hi Stayvoid! > I am overwhelmed by your posting flood. I'm not. He is already in the bozo bin. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.de

Re: Securing Debian Manual: 11.4 Forensic analysis

2012-03-08 Thread Arnt Karlsen
On Thu, 8 Mar 2012 17:31:14 +0300, Stayvoid wrote in message : > Hello. > > "FIXME: Talk on how to do a debsums on a stable system with the > MD5sums on CD and with the recovered file system restored on a > separate partition." > How to do it? > > http://w

Re: Securing Debian Manual: 4.10.9.2 Using the shell history file

2012-03-08 Thread Martin Steigerwald
lso > using chattr) for .profile too if you do it this way." > How to make this? > > > http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html Well its explained there in quite a good detail. The command for changing attributes is mentioned some sentences above an

Re: Securing Debian Manual: 10.4.2.1 Proactive defense

2012-03-08 Thread Martin Steigerwald
Hi Stayvoid! Thanks for what I perceive to be an attempt to help to improve the securing Debian manual. Am Donnerstag, 8. März 2012 schrieb Stayvoid: > Hello. > > "Note, however, that there are rootkits which might work even in this > case, there are some that tamper with

Re: Securing Debian Manual: 3.2.1.1 Selecting the appropriate file systems

2012-03-08 Thread Brad Alexander
a journaling file system." [1] > This manual covers only ext-related features. Should I use ext4 > instead of ext3 for all partitions? > > [1] http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html > > Cheers > > P.S. Sorry for those who already seen this

Re: Securing Debian Manual: 4.10.6 Using sudo

2012-03-08 Thread Kelly Clowers
On Thu, Mar 8, 2012 at 06:13, Stayvoid wrote: > Hello. > > "Violations, such as incorrect passwords or trying to run a program > you don't have permission for, are logged and mailed to root." > Where can I check this? Log in/switch to root and run a mail reader, e.g. Mutt If you diverted root's

Re: Securing Debian Manual: 3.1 Choose a BIOS password

2012-03-08 Thread Kelly Clowers
On Thu, Mar 8, 2012 at 07:12, Camaleón wrote: > On Thu, 08 Mar 2012 16:46:24 +0300, Stayvoid wrote: > >> Hello. > > (...) > > Hi. > > Before going any further, would you care to explain what's going on here? > Were you bitten by a dancing bug or something like that? > Agree on that. Stayvoid, I

Re: Securing Debian Manual: 3.2.1 Choose an intelligent partition scheme

2012-03-08 Thread Andrei POPESCU
On Jo, 08 mar 12, 17:35:38, Stayvoid wrote: > > You really, really should read > > http://catb.org/esr/faqs/smart-questions.html first (this applies to all > > your other questions as well). > I read it some time ago. Well, maybe you should read it again. I'm not kidding, I've read it myself seve

Re: Securing Debian Manual: 3.1 Choose a BIOS password

2012-03-08 Thread Camaleón
On Thu, 08 Mar 2012 16:46:24 +0300, Stayvoid wrote: > Hello. (...) Hi. Before going any further, would you care to explain what's going on here? Were you bitten by a dancing bug or something like that? Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.or

Re: Securing Debian Manual: 10.4.2.1 Proactive defense

2012-03-08 Thread Stayvoid
> In ten years I've never seen so much of a flood sent to this list. I'm really sorry for this, but it's not that easy to find. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.d

Re: Securing Debian Manual: 3.1 Choose a BIOS password

2012-03-08 Thread Tom H
Are you trying to beat some number-of-posts-record?! -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAOdo=Sx3vvxCKE+8Wn_Zrc-_nXP0bOrAOkqNw7zQCxq=qhb...@mail.gmail.co

Re: Securing Debian Manual: 3.2.1 Choose an intelligent partition scheme

2012-03-08 Thread Stayvoid
> The one which suits your needs :p Could you point me to the guide that actually explains this? Every guide I read says something like: "do foo because foo is the right way." It doesn't make any sense. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscr

Re: Securing Debian Manual: 10.4.2.1 Proactive defense

2012-03-08 Thread Mr_Queue
In ten years I've never seen so much of a flood sent to this list. Please see the following URL and place each one of your emails in the magic box. http://lmgtfy.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@

Re: Securing Debian Manual: 3.2.1 Choose an intelligent partition scheme

2012-03-08 Thread Stayvoid
> You really, really should read > http://catb.org/esr/faqs/smart-questions.html first (this applies to all > your other questions as well). I read it some time ago. Sorry for zillions of questions, but I really want to hear some thoughts on these topics. The guide is outdated and I hope it'll hel

Securing Debian Manual: 11.4 Forensic analysis

2012-03-08 Thread Stayvoid
Hello. "FIXME: Talk on how to do a debsums on a stable system with the MD5sums on CD and with the recovered file system restored on a separate partition." How to do it? http://www.debian.org/doc/manuals/securing-debian-howto/ch-after-compromise.en.html Cheers -- To UNSUBSCRIBE

Securing Debian Manual: 11.2 Backing up the system

2012-03-08 Thread Stayvoid
Hello. "From this shell, backup the information to another host if possible (maybe a network file server through NFS/FTP)." What about SSH? "Make sure to startup in single user mode, so no other Trojan processes run after the kernel." How to be sure? http://www.debian.org/

Re: Securing Debian Manual: 3.2.1 Choose an intelligent partition scheme

2012-03-08 Thread Andrei POPESCU
On Jo, 08 mar 12, 16:49:15, Stayvoid wrote: > > What partition scheme is the best for a VPS (MTA + web server)? The one which suits your needs :p (SCNR) You really, really should read http://catb.org/esr/faqs/smart-questions.html first (this applies to all your other questions as well). Kind

Securing Debian Manual: 10.4.2.1 Proactive defense

2012-03-08 Thread Stayvoid
Hello. "Note, however, that there are rootkits which might work even in this case, there are some that tamper with /dev/kmem (kernel memory) directly to make themselves undetectable." How to avoid those? http://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html Cheer

Securing Debian Manual: 5.1.4 Restricing access to file transfer only

2012-03-08 Thread Stayvoid
Hello. "... Give users a restricted shell such as scponly or rssh. These shells restrict the commands available to the users so that they are not provided any remote execution privileges." Is it really necessary? http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-servic

Securing Debian Manual: 4.17.6 Protecting against ARP attacks

2012-03-08 Thread Stayvoid
Hello. "Implement IP traffic filtering validating the MAC address." How to do this? http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html Cheers -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trou

Securing Debian Manual: 4.17.2 Configuring syncookies

2012-03-08 Thread Stayvoid
Hello. "This option is a double-edged sword. On the one hand it protects your system against syn packet flooding; on the other hand it violates defined standards (RFCs)." Is there a way to protect the server against syn flooding without RFCs' violation? http://www.debian.org/doc/m

Securing Debian Manual: 4.16.2 The ext2 filesystem specific attributes (chattr/lsattr)

2012-03-08 Thread Stayvoid
The only way to change a protected file would be to boot the system in single-user mode or using another bootdisk, two operations that require physical access to the machine !" What about the remote connections? http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html Cheers -- T

Securing Debian Manual: 4.12.2 Configuring where alerts are sent

2012-03-08 Thread Stayvoid
mailbox thing? Is it secure? http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html Cheers -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/c

Securing Debian Manual: 4.11 Using tcpwrappers

2012-03-08 Thread Stayvoid
Hello. "Beware: The above printed example is open to a DoS attack by making many connections in a short period of time. Many emails mean a lot of file I/O by sending only a few packets." How to avoid this? http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html Cheer

Securing Debian Manual: 4.10.12 Limiting what users can see/access

2012-03-08 Thread Stayvoid
Hello. "Describe the consequences of changing packages permissions when upgrading (an admin this paranoid should chroot his users BTW) if not using dpkg-statoverride." Could you provide more information on this? http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html Cheer

Securing Debian Manual: 4.10.11 Setting users umasks

2012-03-08 Thread Stayvoid
Hello. "Finally, you should consider changing root's default 022 umask (as defined in /root/.bashrc) to a more strict umask." Which one? http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html Cheers -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org

Securing Debian Manual: 4.10.9.2 Using the shell history file

2012-03-08 Thread Stayvoid
bian.org/doc/manuals/securing-debian-howto/ch4.en.html Cheers -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cak5fs_eagcqb--usebusg-uoh+ws-hordtnemmnlnom2xn7...@mail.gmail.com

Securing Debian Manual: 4.10.9 User auditing

2012-03-08 Thread Stayvoid
Hello. "If you are really paranoid you might want to add a system-wide configuration to audit what the users are doing in your system. This sections presents some tips using diverse utilities you can use." Is it safe? Someone can read the logs. http://www.debian.org/doc/manuals/secur

Securing Debian Manual: 4.10.6 Using sudo

2012-03-08 Thread Stayvoid
Hello. "Violations, such as incorrect passwords or trying to run a program you don't have permission for, are logged and mailed to root." Where can I check this? http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html -- To UNSUBSCRIBE, email to d

Securing Debian Manual: 4.10.1 User authentication: PAM

2012-03-08 Thread Stayvoid
login from the local terminals)? http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html Cheers -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://list

Securing Debian Manual: 4.9.1 Setting /tmp noexec

2012-03-08 Thread Stayvoid
Hello. "You can set this variable in /etc/apt/apt.conf to another directory with exec privileges other than /tmp." [1] Which directory should be selected? [1] http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html Cheers -- To UNSUBSCRIBE, email to debian

Securing Debian Manual: 4.9 Mounting partitions the right way

2012-03-08 Thread Stayvoid
Hello. "This sounds great, but it: only applies to ext2 or ext3 file systems…" [1] What about ext4 (and others)? [1] http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html Cheers -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of &q

Securing Debian Manual: 4.8 Restricting system reboots through the console

2012-03-08 Thread Stayvoid
ck if any of the users listed in the file are logged in. If none of them is, shutdown will not reboot the system." [1] What can I do to disable keyboard access at all? (I'll use a remote connection (SSH).) [1] http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html

Securing Debian Manual: 4.2.2 Security update of the kernel

2012-03-08 Thread Stayvoid
server to keep them running? http://www.debian-administration.org/?article=70 Will it work with GRUB? "* When the new system comes up the second time, disable the 'support' account." How to disable it? [1] http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html Ch

Re: Securing Debian Manual: 4.2.1 Security update of libraries

2012-03-08 Thread Stayvoid
"Exercise caution when dealing with security upgrades if you are doing them over a remote connection like ssh. A suggested procedure for a security upgrade that involves a service restart is to restart the SSH daemon and then, inmediately, attempt a new ssh connection without breaking the previous

Securing Debian Manual: 4.2.1 Security update of libraries

2012-03-08 Thread Stayvoid
vered." I'll upgrade from a remote connection (SSH). What should I do instead of this procedure? http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html Cheers -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe".

Securing Debian Manual: 4.2 Execute a security update

2012-03-08 Thread Stayvoid
ntrib non-free" Is this a good idea? I've thought that "automatically" is not a best choice. http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html Cheers -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscr

Securing Debian Manual: 3.7 Install the minimum amount of software required

2012-03-08 Thread Stayvoid
bly not be able to manage any packages (so you will not be able to upgrade the system, which is not a Good Thing)." I'm confused. Should I remove it? http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.deb

Securing Debian Manual: 3.2.1.1 Selecting the appropriate file systems

2012-03-08 Thread Stayvoid
instead of ext3 for all partitions? [1] http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html Cheers P.S. Sorry for those who already seen this post. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas

Securing Debian Manual: 3.2.1 Choose an intelligent partition scheme

2012-03-08 Thread Stayvoid
Hello. What partition scheme is the best for a VPS (MTA + web server)? According to the guide [1] I should use something like this: /home /tmp /var/tmp/ /var /opt /var/mail [1] http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html Cheers P.S. Sorry for those who already seen

Securing Debian Manual: 3.1 Choose a BIOS password

2012-03-08 Thread Stayvoid
VPS, but someone told me that it's possible for some of them.) I've been told that it's not necessary because if someone reboot the machine I'll have no chance to enter the password. [1] http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html Cheers P.S. Sorry f

Re: Securing Debian

2012-01-26 Thread Andrei Popescu
On Jo, 26 ian 12, 19:35:46, Stayvoid wrote: > I knew about it. But I need more information. You could start by saying what specific points you are missing from it. Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-co

Re: Securing Debian

2012-01-26 Thread Stayvoid
I knew about it. But I need more information. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cak5fs_emuze7_t28gvzy12cbci5euywaw4kjxmbd2wkcet1...@mail.gmail.com

Re: Securing Debian

2012-01-26 Thread Dom
ke it work (SSH etc.)? I'd like to use this server as a proxy too. (I don't want to give anyone a chance to look through my traffic.) Is it a good idea? Is it even possible? Are there any better solutions for this purpose? The first thing you should look at is http://www.debian.org/

Securing Debian

2012-01-26 Thread Stayvoid
Hello there! I'm going to run my own server (website + MTA). Here is the chosen solution: https://www.gandi.net/hosting/vps/dedicated (Debian 6 64 bits without Gandi AI). Is it OK? This is my first attempt to administer a server and I want to be as secure as possible. Could you give any advice on

Re: Securing debian box

2007-02-24 Thread Jim Hyslop
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Wasmuth wrote: > I've also added "Protocol 2" to omit ssh 1 and I set UsePam to no > because I wasn't able to prohibit password authentication with PAM > enabled. I'm currently not planning on using PAM, but I'll disable it anyway - that way

Re: Securing debian box

2007-02-24 Thread Franck Joncourt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Wasmuth wrote: > * Jim Hyslop wrote: > >> PermitRootLogin no >> RSAAuthentication no >> PubkeyAuthentication yes >> IgnoreRhosts yes >> RhostsRSAAuthentication no >> HostbasedAuthentication no >> PermitEmptyPasswords no >> ChallengeResponseA

Re: Securing debian box

2007-02-24 Thread Alexander Wasmuth
* Jim Hyslop wrote: > PermitRootLogin no > RSAAuthentication no > PubkeyAuthentication yes > IgnoreRhosts yes > RhostsRSAAuthentication no > HostbasedAuthentication no > PermitEmptyPasswords no > ChallengeResponseAuthentication no > PasswordAuthentication no > UsePAM yes > Subsystem sftp /usr/lib/

Re: Securing debian box

2007-02-23 Thread Roberto C. Sanchez
On Fri, Feb 23, 2007 at 05:05:24PM -0500, Jim Hyslop wrote: > > I've set the following options in my sshd_config (these aren't all the > options, just the ones that appear to me to be relevant to my question): > > PermitRootLogin no > RSAAuthentication no On my system I have 'RSAAuthentication y

Re: Securing debian box

2007-02-23 Thread David Watson
On Friday 23 February 2007 22:05, Jim Hyslop wrote: > Oh, and when this is all OK, I'll set up port forwarding on my firewall > to send port 22 to the machine in question. > C/C++ * OOD * SW Development & Practices * Version Management Changing the default port number for ssh connections also

Securing debian box

2007-02-23 Thread Jim Hyslop
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I have a Debian box on my home network (currently running Sarge, and when I have two seconds to rub together I'll upgrade to Etch). I want to be able to ssh into the machine from outside the home network, e.g. if I'm at a coffee shop with a WAP. U

securing debian, pam

2006-02-06 Thread gcrimp
Hi, I've been hardening a box (woody installation upgraded to sarge) by following along the Securing Debian howto. I added the following two lines (which aren't exact copies of those in the hwoto) to /etc/pam.d/common-password: password required pam_cracklib.so retry=3 minlength=

Re: Questions on Securing Debian Howto

2006-02-03 Thread Andreas Janssen
Hello nddias (<[EMAIL PROTECTED]>) wrote: > I am setting up a Debian (sarge) webserver to run over my home DSL > connection. I've been using my best common sense and a whole lot of > googling to follow along with the "Securing Debian Howto, but I still > have some q

Re: Questions on Securing Debian Howto

2006-02-02 Thread Andrei Popescu
On 2 Feb 2006 15:26:15 -0800 "nddias" <[EMAIL PROTECTED]> wrote: > 4.2.2 Security update of the Kernel > > I recompiled and installed a 2.6.8 kernel w/ local APIC support > disabled because I was getting "spurious interrupt" messages. I also > enabled Athlon support. There are kernel packages f

Re: Questions on Securing Debian Howto

2006-02-02 Thread Kumar Appaiah
On Thu, Feb 02, 2006 at 03:26:15PM -0800, nddias wrote: > These sections refer to modifying apt.conf, but this file doesn't > exist...instead there is an /etc/apt/apt.conf.d directory and in it a > 70debconf file. I can't find any docs on how this directory structure > works or the proper way to mo

Questions on Securing Debian Howto

2006-02-02 Thread nddias
Hi, I am setting up a Debian (sarge) webserver to run over my home DSL connection. I've been using my best common sense and a whole lot of googling to follow along with the "Securing Debian Howto, but I still have some questions/need clarifications on some points. The numbers in parenth

Re: Securing Debian

2003-11-13 Thread Rick Weinbender
Thanks for the help! -Rick ** Rick Weinbender wrote: > I have an email server (qmail running on debian), > that I need to make as secure as possible. > Can anyone point me to some good links that > relate to security? > > Has anyone used bastille? What do you think > of it? > > Thanks, > -Ri

Re: Securing Debian

2003-11-13 Thread Geoff Thurman
On Thursday 13 November 2003 6:58 am, Johann Spies wrote: > On Wed, Nov 12, 2003 at 05:31:44PM +, Geoff Thurman wrote: > > There are a lot of links here: > > > > http://www.linuxquestions.org/questions/showthread.php?s=&threadid= > >45261 > > > > There was a good piece about security on the sam

Re: Securing Debian

2003-11-13 Thread Johann Spies
On Wed, Nov 12, 2003 at 05:31:44PM +, Geoff Thurman wrote: > There are a lot of links here: > > http://www.linuxquestions.org/questions/showthread.php?s=&threadid=45261 > > There was a good piece about security on the same site roughly a > fortnight ago, but I can't find it now. I might post

Re: Securing Debian

2003-11-12 Thread Geoff Thurman
bastille? What do you think > > of it? > > > > Thanks, > > -Rick > > I used bastille in the past and found it to do > it's job quite well. > You may als look at: > http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html > > Persona

Re: Securing Debian

2003-11-12 Thread Benedict Verheyen
e past and found it to do it's job quite well. You may als look at: http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html Personally i do this to harden a server: - remove all unnecessary software - add firewall script - run bastille (hardening) - install file integrity checker

Re: Securing Debian

2003-11-12 Thread Andreas Janssen
Hello Rick Weinbender (<[EMAIL PROTECTED]>) wrote: > I have an email server (qmail running on debian), > that I need to make as secure as possible. > Can anyone point me to some good links that > relate to security? You might want to take a look at the securing debian howto t

Re: Securing Debian

2003-11-12 Thread Kjetil Kjernsmo
On Wednesday 12 November 2003 16:19, Rick Weinbender wrote: > I have an email server (qmail running on debian), > that I need to make as secure as possible. > Can anyone point me to some good links that > relate to security? Have you read http://www.debian.org/doc/manuals/securing-

Securing Debian

2003-11-12 Thread Rick Weinbender
I have an email server (qmail running on debian), that I need to make as secure as possible. Can anyone point me to some good links that relate to security? Has anyone used bastille? What do you think of it? Thanks, -Rick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsub

Re: Securing debian

2002-11-11 Thread Tim Dijkstra
On Sun, 10 Nov 2002 18:06:22 -0700 [EMAIL PROTECTED] (Bob Proulx) wrote: > Joyce, Matthew <[EMAIL PROTECTED]> [2002-11-11 10:03:10 +1100]: > > To be able to send and receive emails. SMTP > > Port 25 Also for ssl. > > To access email via IMAP and POP3, including ssl. > IMAP: 143, IMAP over SSL

Re: Securing debian

2002-11-10 Thread Bob Proulx
Joyce, Matthew <[EMAIL PROTECTED]> [2002-11-11 10:03:10 +1100]: > At the moment I have to ask for ports to be opened on our networks router, > and they are not really happy with me going back to them again and again, > asking for new ports to be opened. > > Should I ask for all access control to b

Re: Securing debian

2002-11-10 Thread Chris Cioffi
Joyce, Matthew wrote: Should I ask for all access control to be removed from the ip address of the box, and then secure the box within debian, or is it well worth having that extra level of security on the router ? It is worth the security of the router. Unless you are very very very sure t

Re: Securing debian

2002-11-10 Thread Geoff Crompton
On Mon, Nov 11, 2002 at 10:03:10AM +1100, Joyce, Matthew wrote: > > Hi, > > I work with a network, which is part of a much bigger network. The big > network is managed by someone else. > > I am setting up a debian box, it will eventually do mail and web stuff for > us. > > At the moment I hav

Securing debian

2002-11-10 Thread Joyce, Matthew
Hi, I work with a network, which is part of a much bigger network. The big network is managed by someone else. I am setting up a debian box, it will eventually do mail and web stuff for us. At the moment I have to ask for ports to be opened on our networks router, and they are not really happ

Re: Securing Debian GNU/Linux HOWTO

2000-05-02 Thread Ethan Benson
On Tue, May 02, 2000 at 04:23:21AM -0700, Graham Lillico wrote: > Thanks anyway but I eventually got it to work, seems that the howto is not > correct and some other packages need to be install for the `new options to > work correctly. ah yeah, i have not read it since it was first written but i s

Re: Securing Debian GNU/Linux HOWTO

2000-05-02 Thread Graham Lillico
03:22:36AM -0700, Graham Lillico wrote: > > Hi, > > > > I have followed the howto on securing debian but I can not change > > my password i keep getting the message > > > > passwd: Module is unknown > > > > Does anyone know w

Re: Securing Debian GNU/Linux HOWTO

2000-05-02 Thread Ethan Benson
On Tue, May 02, 2000 at 03:22:36AM -0700, Graham Lillico wrote: > Hi, > > I have followed the howto on securing debian but I can not change > my password i keep getting the message > > passwd: Module is unknown > > Does anyone know what the problem is,

Securing Debian GNU/Linux HOWTO

2000-05-02 Thread Graham Lillico
Hi, I have followed the howto on securing debian but I can not change my password i keep getting the message passwd: Module is unknown Does anyone know what the problem is, I think it may be a pam problem but I'm not sure, any ideas? Regards G

Re: securing debian

1998-05-04 Thread Remco Blaakmeer
On Sun, 26 Apr 1998, Chris wrote: > Just a point of note: > > If your brother has physical access to the machine there is no way you can > stop him from getting root access. > > You can increase the difficulty by setting the bios to only boot from HDD > and then locking the bios - but if he's

Re: securing debian

1998-04-26 Thread Paul Miller
On Sat, 25 Apr 1998, Carl Mummert wrote: > Chris wrote: > > > > You might consider installing the `sudo' package and using that for > > > > all your root access. If you do that, then you can change the > > > > encrypted root password to * in /etc/shadow (you *are* using shadow > > > > passwords,

Re: securing debian

1998-04-26 Thread Bob Hilliard
> Since a 4GB hard drive can be had for under $1000.00, You must not have shopped for drives lately. I bought a 7 gig drive in January for $320, including sales tax, or about $46 a GB. This week's paper was advertising drives at around $40 a gig. Bob -- _ |_) _ |_ Robert D. Hi

Re: securing debian

1998-04-26 Thread Carl Mummert
[EMAIL PROTECTED] wrote: > If you think about it, an 8 character password encodes to 4096 * 13 character > strings. So a dictionary of say 400,000 common words, names, passwords, and > simple variations would easily fit on a > 4GB hard drive. The attacker need only sort them, and then check for mat

Re: securing debian

1998-04-26 Thread hospedales
I would like to make my Debian box use shadow passwords since it is allways on the 'Net. Firstly, how do I turn on shadow passwords in debian? Secondly, will this affect my pppd, proftpd, telnetd, apache or other daemons? Thanks, Timothy Hospedales BTW, I was reading the Shadow-HOWTO and i

Re: securing debian

1998-04-26 Thread Ben Pfaff
> > > You might consider installing the `sudo' package and using that for > > > all your root access. If you do that, then you can change the > > > encrypted root password to * in /etc/shadow (you *are* using shadow > > > passwords, I hope) and thus it becomes impossible to log in as r

Re: securing debian

1998-04-26 Thread Carl Mummert
Chris wrote: > > > You might consider installing the `sudo' package and using that for > > > all your root access. If you do that, then you can change the > > > encrypted root password to * in /etc/shadow (you *are* using shadow > > > passwords, I hope) and thus it becomes impossible to log in as

Re: securing debian

1998-04-26 Thread Alain Toussaint
> You can increase the difficulty by setting the bios to only boot from HDD > and then locking the bios already done. >- but if he's smart enough that you have to > worry about the root password, he's going to know how to reset the bios. i dont think he'll be able to do that because he dont kno

Re: securing debian

1998-04-26 Thread Chris
On Sat, 25 Apr 1998, Alain Toussaint wrote: > > You might consider installing the `sudo' package and using that for > > all your root access. If you do that, then you can change the > > encrypted root password to * in /etc/shadow (you *are* using shadow > > passwords, I hope) and thus it become

Re: securing debian

1998-04-26 Thread Alain Toussaint
> But you don't have to give root access to your brother. Sudo lets you > set up access by username, in the /etc/sudoers file. i.e., on my > system: > > # User privilege specification > root ALL=(ALL) ALL > blp ALL=(ALL) ALL > > So no one but root, blp can take advantage of

Re: securing debian

1998-04-26 Thread Ben Pfaff
this is a no go,i dont want to install this package because i dont want to give root access to my brother: Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible

Re: securing debian

1998-04-26 Thread Alain Toussaint
> You might consider installing the `sudo' package and using that for > all your root access. If you do that, then you can change the > encrypted root password to * in /etc/shadow (you *are* using shadow > passwords, I hope) and thus it becomes impossible to log in as root. > > Ben this is a no

Re: securing debian

1998-04-26 Thread Ben Pfaff
does there is a a reference for this package (say a web page,manual,etc...)it's because i'm a bit nervous to try an unknown (by me) package and removing any root access (which i can do anyway using the /etc/login.access,take a look at man 5 login.access for information on that topic)

  1   2   >