Re: Hardening Debian
At 24-11-2010 00:48, Daniel Hood wrote: Does anyone have a good checklist or script to harden a vanilla debian box after installation? Dan Some quick notes for basic checks, not a full security guide: http://klaver.it/linux/debian-security.txt -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4cecd557.3070...@klaver.it
Re: Hardening Debian
On Wed, Nov 24, 2010 at 10:05 AM, Michiel Klaver mich...@klaver.it wrote: At 24-11-2010 00:48, Daniel Hood wrote: Does anyone have a good checklist or script to harden a vanilla debian box after installation? What about CIS Benchmarks for example? http://cisecurity.org/en-us/?route=downloads.browse.category.benchmarks.os.linux.debian They provide hardening guides in pdf format or XCCDF contents (for members only). My 2 cents Greetings --- Pierluca Milillo -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlkti=zjmlttlddvpxzuu7qzirjvgz=w10xf5krr...@mail.gmail.com
Re: Hardening Debian
You could also check out the packages 'harden' and 'bastille'. But I always deselect everything in the package selection menu during the Debian setup ( http://www.linuxjournal.com/ufiles/debian_netinstall.png ). And then I install some basic things like: 'module-assistant apt-listbugs preload update-inetd ntp deborphan ntpdate reportbug' And after that I install what I want to use, that way you don't have to harden. Because you've installed only the things you need. You can always disable services with 'update-inetd' in case you installed some services you didn't want. Check out the man page here: http://man.he.net/man8/update-inetd Grtz. Kees On Wed, Nov 24, 2010 at 10:05, Michiel Klaver mich...@klaver.it wrote: At 24-11-2010 00:48, Daniel Hood wrote: Does anyone have a good checklist or script to harden a vanilla debian box after installation? Dan Some quick notes for basic checks, not a full security guide: http://klaver.it/linux/debian-security.txt -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4cecd557.3070...@klaver.it -- Met vriendelijke groet, Kees de Jong * * *De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde(n). Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. -- The information contained in this message may be confidential and is intended to be exclusively for the addressee(s). Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail.*
Re: Hardening Debian
Does anyone have a good checklist or script to harden a vanilla debian box after installation? Dan http://wiki.debian.org/Hardening also very good, though for ubuntu, but definitely worth reading https://wiki.ubuntu.com/Security/Features -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201011241212.oaoccwct013...@robo.generali.ch
Re: Hardening Debian
It's also worth looking at Cfengine to ensure that your hardening changes stay in place after you initially set them. -- Neil Watson Linux/UNIX Consultant http://watson-wilson.ca -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101124125044.gb5...@watson-wilon.ca
Re: Hardening Debian
On 24 November 2010 00:52, CHACO diego.cha...@gmail.com wrote: On Tue, Nov 23, 2010 at 5:48 PM, Daniel Hood dsmh...@gmail.com wrote: Does anyone have a good checklist or script to harden a vanilla debian box after installation? http://www.debian.org/doc/manuals/securing-debian-howto/ More specifically, the checklist written in the Appendix A - The hardening process step by ste http://www.debian.org/doc/manuals/securing-debian-howto/ap-harden-step.en.html It is missing some additional steps related to security software that can be installed in the system (HIDS), however. Also please note that some content of the manual is not fully up to date. Feel free to send any patches to the Debian Securing Manual content if you find any sources which provide information (either improved information or updated) that could be in the manual. As the manual maintainer I really appreciate patches in the BTS. Regards Javier -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktimdeg5k8r-9zd+i_ek1reybzto_mrcwdpwrd...@mail.gmail.com
Re: Hardening Debian
Thanks guys. I've received quite a massive response it seems. All the information I was looking for. Thanks again, Dan On Wed, Nov 24, 2010 at 10:48 AM, Daniel Hood dsmh...@gmail.com wrote: Does anyone have a good checklist or script to harden a vanilla debian box after installation? Dan -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktinhempfknt2xd_qc_qqnvlf6tsxxnuhxl5gq...@mail.gmail.com
Used construction equipment
Used construction equipment for sale: http://www.bau-center.com/index.php?id=36L=1 -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/00e32907-40507-18270504024...@user-jvx3f7q4xu