Hi On Fri, Nov 16, 2018 at 04:31:39PM +0100, Jérôme Bardot wrote: > Hello i try to harden my debian server. You are welcome to do so.
> I want do understand all of this «warning». > If they are false positive maybe this part should be update because > it’s debian related ? On Debian by default the files and directories have 644 or 755 perms unless special cases (i.e. shadow has 640, /root has 740). See the relevant section of the Debian Policy at https://www.debian.org/doc/debian-policy/ch-files.html#permissions-and-owners. By default the Debian OS is not hardened. However, your mileage may vary, so you are welcome to harden your Debian OS if you are concerned about security or you simply would like to apply a more stringent security policy. In addition to making sure you apply the latest security updates from security.debian.org in your APT settings (i.e. /etc/apt/sources.list), you can harden the your OS by using one or the combination of the following methods: 1- Set up HIDS (OSSEC) 2- Install file/directory integrity checker (i.e. Tripwire) 3- Run remote vulnerability scans (i.e. Openvas, Nessus) See https://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html#s-intrusion-detect . Regards, -- qmi | Debian GNU/Linux enthusiast WWW: www.miklos.info GPG: 3C4B 1364 A379 7366 7FED 260A 2208 F2CE 3FCE A0D3