To run several daemons under normal users.
Good day. I want to run the following list of daemons under normal user - for security reasons: saslauthd, couriertcpd, courierpop3login, authdaemond, spamd, logger could You please share Your opinion on how I can do that - as it is not clear from its running scripts where to specify it? Thank You for Your time. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: OT: how do You protect an email relay service?
Good day, Tomasz. Thank You for Your reply: >All others get greylisted: http://en.wikipedia.org/wiki/Greylisting Well. I guess it was not easy to prove before a boss such a practise? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: How secure is vserver?
Good day, Izak. Thank You for Your reply: >Linux vserver shares the kernel between the various virtual hosts, a >little like BSD jails. There are restrictions on what one can do: not >even root can modify network interfaces or even create a node (using >mknod) or mount a filesystem, so breaking out of the virtualhost is >pretty hard. No guarantees, but to answer your question, yes, it does >protect the host OS. Ok, what is Your opinion on qemu guest - does it offer more protection/guarantee? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
How secure is vserver?
Good day. How secure is vserver? From http://linux-vserver.org/Welcome_to_Linux-VServer.org it is not clear to me: "guarantee the required security" as what are the requirements. Can You explain its isolation level? Say, If I place there a server, and one day it will be hacked so that the criminal gets full control of the guest OS, - will it protect the host OS? Thank You for Your time. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
OT: how do You protect an email relay service?
Good day. If You use an email relay service, how do You protect it: VMs, iptables connections rate limit, ... ? Personally, I have a problem with email sending authorization - how I can separate the users that have not their boxes on our service and therefore I can ban their trials to pick up a password - I can not reduce it even to the local net IPs bt iptables - as port 25 is used for not only for sending our own users but for receiving it for the local users - as I understand. Thank You for Your time. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
OT: Server protection strategy from evil doers - how to stop them.
Good day. My question is about the strategy practice of stopping the evil doers at my server - as it is a server I can not turn it off, yet I would not that the things that some guys try to do will be repeated. Therefore, may, You would share Your experience/knowledge how to stop them. The situation: I see evil doing in logs. I know the addresses they did use for that. What is the best way (1. Effective; 2. Easy to commit) to stop them? My own considerations for now: to use iptables to ban those IPs, but here I have the following problem: if I exclude by IP - it is a lot of IPs. If I exclude by its ranges - I risk to exclude goo users from our public services (web, email) others - the same is for the ISP nets - as their users can change their IPs easily. So... please, any suggestions. Thank You for Your time and effort. Best regards, Sthu Deus. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: How safely to stop using backports repo?
Good day, Konstantin. Thank You for Your reply: >It will print the list of installed packages which have "~bpo" in their >names -- a common substring usually found in packages from >backports.org. You say "usually"... Then, I can miss a package and that one will remain a breach in my system... No other tracking ideas? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: How safely to stop using backports repo?
Good day, MARGUERIE. Thank You for Your reply: >Otherwise, you can `apt-get remove` them (plus --purge if you want to >reset your configuration files) and re-install them : that way you'll >use the main-repo version and you won't want have security problems >anymore. That decision I feared... Is there a automatic way that can give me a list of the packages came from backports repo? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
How safely to stop using backports repo?
Good day. I have packages installed from backports repo. Now I want to remove the repo from my source list and therefore use not any more packages from there. My question is on security stuff, as AFAIK I can get into a troublesome situation - in case of simply stopping using updates from the repo - that in those packages bugs can be found but I will not get updates for them - because: backports repo is no more available, and the updates/security repos have updates but not for so high version as the ones I have. So, what is the secure and the easiest way of turning from using the repo? Thank You for Your time. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
