Re: security advice wanted for home server
andy baxter schrieb: andy baxter wrote: [... I'm planning to ...] - use aide to check the system files regularly. The way I'm thinking of doing this is to put a bootable debian image (with aide installed) on a flash disk, then every week or so boot my laptop from this with the slug's usb hard drive plugged into the laptop as well, and check the system using aide that way. Then install any updates, then calculate the checksums again and store them on the flash disk (which I would never use for any other purpose). This is putting me off somewhat, as I was doing something similar with another server I had a while back, and it was a fair bit of hassle to keep it up every week. So it would be good to know if this is overkill, or a sensible thing to do? Thanks to those who replied about ssh config. Would be good to know more about whether it's worth setting up aide for a small home server like this, and if the way I'm thinking of doing it is OK. My main worry isn't someone reading my files, which aren't desperately secret, it's that I don't want to hassle of having to reinstall after being cracked, and I don't want to become part of someone else's botnet. It depends on you. I'd think that it's enough if you watch the processes running on your server from time to time, check it with rkhunter or something similar and keep an eye on your logs (via logcheck for example). You also can chroot your webserver. For me, using something like aide would be a bit too much for a small personal server. martin andy -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Lenny Security Improvements
Hi List, while reading the release information for the new Debian Lenny I noticed some informations about security improvements in Lenny: "Further improvements in system security include the installation of available security updates before the first reboot by the Debian Installer, the reduction of setuid root binaries and open ports in the standard installation, and the use of GCC hardening features in the builds of several security-critical packages. Various applications have specific improvements, too." http://www.us.debian.org/News/2009/20090214.en.html I wonder where to find more information about these improvements? Which setuid root binaries where reduced, which standard ports closed, etc. Any idea? Greetings from the rainy Vienna/Austria, martin -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Find installed contrib and non-free packages
Thanks a lot guys, I like all of your suggestions (the "virtual RMS" made me laugh, never heard of this before). Seems like TIMTOWTDI, reminds me of PERL ;-) I will play around with all of them and find out which one I'll use in future. Greetings, martin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Find installed contrib and non-free packages
Hi, just a few days ago I've read at http://www.debian.org/security/faq.en.html#contrib that contrib and non-free packages are not supported by the Debian security team. Now I want to find out which contrib and non-free packages are installed on my servers. Is there any special command or script for this or do I have to write one? Looking forward to your ideas and Greetings from Vienna, Martin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]