To run several daemons under normal users.
Good day. I want to run the following list of daemons under normal user - for security reasons: saslauthd, couriertcpd, courierpop3login, authdaemond, spamd, logger could You please share Your opinion on how I can do that - as it is not clear from its running scripts where to specify it? Thank You for Your time. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: How secure is vserver?
Good day, Izak. Thank You for Your reply: Linux vserver shares the kernel between the various virtual hosts, a little like BSD jails. There are restrictions on what one can do: not even root can modify network interfaces or even create a node (using mknod) or mount a filesystem, so breaking out of the virtualhost is pretty hard. No guarantees, but to answer your question, yes, it does protect the host OS. Ok, what is Your opinion on qemu guest - does it offer more protection/guarantee? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: OT: how do You protect an email relay service?
Good day, Tomasz. Thank You for Your reply: All others get greylisted: http://en.wikipedia.org/wiki/Greylisting Well. I guess it was not easy to prove before a boss such a practise? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
How secure is vserver?
Good day. How secure is vserver? From http://linux-vserver.org/Welcome_to_Linux-VServer.org it is not clear to me: guarantee the required security as what are the requirements. Can You explain its isolation level? Say, If I place there a server, and one day it will be hacked so that the criminal gets full control of the guest OS, - will it protect the host OS? Thank You for Your time. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
OT: how do You protect an email relay service?
Good day. If You use an email relay service, how do You protect it: VMs, iptables connections rate limit, ... ? Personally, I have a problem with email sending authorization - how I can separate the users that have not their boxes on our service and therefore I can ban their trials to pick up a password - I can not reduce it even to the local net IPs bt iptables - as port 25 is used for not only for sending our own users but for receiving it for the local users - as I understand. Thank You for Your time. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: How safely to stop using backports repo?
Good day, Konstantin. Thank You for Your reply: It will print the list of installed packages which have ~bpo in their names -- a common substring usually found in packages from backports.org. You say usually... Then, I can miss a package and that one will remain a breach in my system... No other tracking ideas? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: How safely to stop using backports repo?
Good day, MARGUERIE. Thank You for Your reply: Otherwise, you can `apt-get remove` them (plus --purge if you want to reset your configuration files) and re-install them : that way you'll use the main-repo version and you won't want have security problems anymore. That decision I feared... Is there a automatic way that can give me a list of the packages came from backports repo? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
How safely to stop using backports repo?
Good day. I have packages installed from backports repo. Now I want to remove the repo from my source list and therefore use not any more packages from there. My question is on security stuff, as AFAIK I can get into a troublesome situation - in case of simply stopping using updates from the repo - that in those packages bugs can be found but I will not get updates for them - because: backports repo is no more available, and the updates/security repos have updates but not for so high version as the ones I have. So, what is the secure and the easiest way of turning from using the repo? Thank You for Your time. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org