Hi,
On Thu, Nov 27, 2014 at 08:42:44PM -0500, Libertas wrote:
> True, and thanks for the examples. I think the daemons are probably a
> better move for those who aren't firewall veterans, as everyone else
> would probably be copy-and-pasting firewall configs like the ones you
> gave and praying th
Stop
Sent from my iPhone
> On Nov 27, 2014, at 8:42 PM, Libertas wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>> On 11/27/2014 07:50 PM, t...@zengers.de wrote:
>> And I agree about SSHGuard. I've had a better experience with it,
>> and it generally seems like a more carefully
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/27/2014 07:50 PM, t...@zengers.de wrote:
> And I agree about SSHGuard. I've had a better experience with it,
> and it generally seems like a more carefully developed and more
> thoroughly documented project. Strangely, though, most experienced
Hi,
On Tue, Nov 25, 2014 at 10:58:57AM -0500, Libertas wrote:
> And I agree about SSHGuard. I've had a better experience with it, and
> it generally seems like a more carefully developed and more thoroughly
> documented project. Strangely, though, most experienced sysadmins
> still use and suggest
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/24/2014 4:09 PM, Libertas wrote:
> I thought I'd share an initial draft of doc/HARDENING. Please
> share any opinions or contributions you have. This was written in a
> little more than an hour, so it's still a work in progress.
> However, in the
Hi,
On Tue, Nov 25, 2014 at 08:58:04PM +0100, tor-ad...@torland.me wrote:
> Don't store identity keys on the hard disk. Keep them offliner. Use a ramdisk
> for /var/lib/tor/keys/ and copy keys to it via scp before starting your tor
> instance. Remove it from the ramdisk after startup. So the key
On Monday 24 November 2014 18:09:34 Libertas wrote:
> Here's the relevant ticket:
>
> https://trac.torproject.org/projects/tor/ticket/13703
>
> A specific topic of conversation is how much of the advice should be
> in the document itself as opposed to linked sources.
>
> It could also use more O
On Mon, Nov 24, 2014 at 11:29 PM, Tor Operator wrote:
> On Mon, Nov 24, 2014 at 06:09:34PM -0500, Libertas wrote:
>> Be sure to stay up-to-date using apt-get, and consider using cron-apt to
>> automatically update:
>> https://www.debian.org/doc/manuals/debian-faq/ch-uptodate.en.html
>
> Maybe it a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Thanks for the heads-up about unattended-upgrades, I hadn't heard of that.
And I agree about SSHGuard. I've had a better experience with it, and
it generally seems like a more carefully developed and more thoroughly
documented project. Strangely, th
cron-apt is also a viable option for debians.
https://wiki.archlinux.org/ is afaik the best standard repository of all
knowledge and wisdom about current linux, always solved my debian-*codename*
problems.
On 25 November 2014 at 05:29, Tor Operator wrote:
> On Mon, Nov 24, 2014 at 06:09:34PM -
On Mon, Nov 24, 2014 at 06:09:34PM -0500, Libertas wrote:
> Be sure to stay up-to-date using apt-get, and consider using cron-apt to
> automatically update:
> https://www.debian.org/doc/manuals/debian-faq/ch-uptodate.en.html
Maybe it also worth covering unattended-upgrades package to keep Debian u
11 matches
Mail list logo
