On Sat 26 Aug 2017 at 07:40:09 -0400, Gene Heskett wrote: > On Saturday 26 August 2017 04:13:38 Dejan Jocic wrote: > > > On 26-08-17, R Calleja wrote: > > > Buenos dias, soy usuario de debian 8.9 desde hace 2 años. > > > Tengo problemas de seguridad que me obligan a reinstalar el sistema > > > a menudo, una vez al año. > > > He leido documentos y ayuda para mejorar la seguridad. > > > Pero no soy un usuario con conocimientos avanzados de sistemas. > > > Mi objetivo es conseguir una estacion de trabajo segura . > > > He conocido herramientas como: > > > Lynis, openval, nessus, grsecurity,apparmor, selinux, etc > > > Si puede alguien con conocimientos de seguridad ayudarme. O hay > > > alguna empresa que de soporte. > > > > > > Muchas gracias, Roberto > > > > > > > > > Good afternoon, I have been debian 8.9 user for 2 years. > > > I have security issues that force me to reinstall the system often, > > > once a year. > > > > What security issues? > > > > > I have read documents and help to improve security. > > > > What documents? > > > > > But I am not a user with advanced systems knowledge. > > > > That is not problem, you can find lots of tutorials and documents > > around. > > > > > My goal is to get a safe work station. > > > I have known tools like: > > > Lynis, openval, nessus, grsecurity, apparmor, selinux, etc. > > > > Apparmor and selinux do not go together, use just apparmor because it > > is easier to set up and easier not to mess up. Selinux in theory can > > provide you with more protection, but in practical use you will not > > see it. Lynis is probably too much for you. Openval I do not know, > > nessus I did not use. Grsecurity is, according to Linus Torvald: > > > > " > > > > Don't bother with grsecurity. > > > > Their approach has always been "we don't care if we break > > anything, we'll just claim it's because we're extra secure". > > > > The thing is a joke, and they are clowns. When they started > > talking about people taking advantage of them, I stopped > > trying to be polite about their bullshit. > > > > Their patches are pure garbage. > > > > Linus > > " > > > > > If anyone with safety knowledge can help me. Or is there any support > > > company. > > > > > > Thank you very much, Roberto > > > > For someone who knows little, you are sure installing too much things. > > Here are some general advices, but do not take this for granted, it is > > based on personal opinion after all, and I'm not security expert, > > though I did read for few of those have to say about security in > > linux. > > > > 1. Firewall. If you are connected to net and use some services you > > really want it. Choose simple one, like gufw. That is front end for > > ufw ( uncomplicated firewall ) and will serve your needs well. If you > > want something more secure, but really more complicated, you will have > > to learn iptables. > > If the security being worried about is external, coming in and attacking > you from the internet, then I would recommend getting an aftermarket > router with enough flashable memory to support reprogramming it with > dd-wrt. I don't worry about local security here as we're an older couple > and the wife is not computer litterate, so I am the only user. I don't
That's what you think! But while you are slumbering, she is emailing friends and talking with Donald on Twitter. Never underestimate a woman's ability to manipulate a communication medium. > install any of the firewall type stuff, dd-wrt in the router is the best > guard dog. I've been running some form of it for 15 or more years, and > have not been breached. Isn't dd-wrt only suitable for particular routers? > OTOH, if other family members are able to access your machine, then it > may be that apparmor needs to be installed & setup. Not really. But, if it is to your taste, go ahead, -- Brian.
