On Wed, Dec 13, 2000 at 04:35:53PM +0800, Wari Wahab wrote:
> Nah, I think what he wants is messages that can be viewed via Windows
> Outbloat or Outbloat Express, which will never get PGP/MIME messages
> right. The problem with the clearsign option is that outlook will think
> that the whole messa
On Wed, Dec 13, 2000 at 04:35:53PM +0800, Wari Wahab wrote:
> Nah, I think what he wants is messages that can be viewed via Windows
> Outbloat or Outbloat Express, which will never get PGP/MIME messages
> right. The problem with the clearsign option is that outlook will think
> that the whole mess
On Sun, Dec 03, 2000 at 04:57:48AM +, Steve wrote:
> Is there a package in debian equivalent to RedHat's LogWatch? This
> analyses the system logs nightly and delivers a report of sudo events,
> logins, ssh sessions, etc. What is the preferred method of doing this
> under debian?
I l
I think I must contribute with theses that (i think) didn't saw mailed
to the list:
- configure /etc/lilo.conf with password and restricted
- partition and configure /etc/fstab with nodev,nosuid,noexec
- protect spoofing in:
- /etc/hosts.conf adding 'nospoof on'
- addind '1' to /pr
On Wed, Dec 13, 2000 at 10:36:44AM -0800, Michael Smith wrote:
> What I do:
I do something similar:
> 1-Custom package selection, try to weed out talkd, telnetd, and some others
> that
> are installed by default.
If rebuilding a box, I make sure that I have a dpkg --get-selections in a
file tha
On Wed, Dec 13, 2000 at 10:23:12AM -0800, Alex Swavely wrote:
>
> I think the point here is that the user WILL NOT read such documentation 90%
> of the time, regardless (which is why the RTFM Coffee Mug over at thinkgeek
> is so popular).
>
this is exactly why i think something like this would b
What I do:
1-Custom package selection, try to weed out talkd, telnetd, and some others that
are installed by default.
2-netstat -a | grep LIST or netstat -l to find out who is listening for
connections.
3-kill all the packages that are running that I don't want and that slipped past
me earlier.
4-
I think the point here is that the user WILL NOT read such documentation 90%
of the time, regardless (which is why the RTFM Coffee Mug over at thinkgeek
is so popular).
-Original Message-
From: Rainer Weikusat [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 13, 2000 1:13 AM
To: Javier
On Sun, Dec 03, 2000 at 04:57:48AM +, Steve wrote:
> Is there a package in debian equivalent to RedHat's LogWatch? This
> analyses the system logs nightly and delivers a report of sudo events,
> logins, ssh sessions, etc. What is the preferred method of doing this
> under debian?
I
I think I must contribute with theses that (i think) didn't saw mailed
to the list:
- configure /etc/lilo.conf with password and restricted
- partition and configure /etc/fstab with nodev,nosuid,noexec
- protect spoofing in:
- /etc/hosts.conf adding 'nospoof on'
- addind '1' to /p
On Wed, Dec 13, 2000 at 10:36:44AM -0800, Michael Smith wrote:
> What I do:
I do something similar:
> 1-Custom package selection, try to weed out talkd, telnetd, and some others that
> are installed by default.
If rebuilding a box, I make sure that I have a dpkg --get-selections in a
file that
On Wed, Dec 13, 2000 at 10:23:12AM -0800, Alex Swavely wrote:
>
> I think the point here is that the user WILL NOT read such documentation 90%
> of the time, regardless (which is why the RTFM Coffee Mug over at thinkgeek
> is so popular).
>
this is exactly why i think something like this would
On Wed, Dec 13, 2000 at 11:11:52AM +0100, Javier Fernandez-Sanguino Pe?a wrote:
> *Please* post it. It could be really useful for documents like the
> Securing-Debian-HOWTO, I have my own checklist and will update the HOWTO with
> it
> soon.
>
> So, for all of you.. new thread? : che
On Wed, Dec 13, 2000 at 11:35:03AM +0100, Javier Fernandez-Sanguino Peña wrote:
> I've thought on the Debian metapackage... how about this:
>
> task-security
> Depends: documentation (securing-howto, lasg)
Depends: should be reversed for actual dependencies IMHO, you should never
need to d
What I do:
1-Custom package selection, try to weed out talkd, telnetd, and some others that
are installed by default.
2-netstat -a | grep LIST or netstat -l to find out who is listening for
connections.
3-kill all the packages that are running that I don't want and that slipped past
me earlier.
4
* Javier Fernandez-Sanguino Peña
| Any thoughts?
There is a discussion on -devel about _limiting_ the number of task
packages, not increasing it. So until that one is finished, adding
four task- packages isn't a good idea, imho.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just s
* Jeremy Gaddis
| I was looking at it more from the lines of a default installation.
What is a default installation of Debian? Base system? All standard
packages?
I usually only install the base system, and then apt-get whatever I
need. tasksel only installs the packages you ask for, not th
I think the point here is that the user WILL NOT read such documentation 90%
of the time, regardless (which is why the RTFM Coffee Mug over at thinkgeek
is so popular).
-Original Message-
From: Rainer Weikusat [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 13, 2000 1:13 AM
To: Javie
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On 13 Dec 2000, Wari Wahab <[EMAIL PROTECTED]> wrote:
>
> Anyway, the previous post about the keyboard mapping is the only
> solution to this but is you type the wrong passphrase, your whole
> message will be WIPED!... lalala...
I get an
On Wed, Dec 13, 2000 at 11:11:52AM +0100, Javier Fernandez-Sanguino Pe?a wrote:
> *Please* post it. It could be really useful for documents like the
> Securing-Debian-HOWTO, I have my own checklist and will update the HOWTO with it
> soon.
>
> So, for all of you.. new thread? : check
On Wed, Dec 13, 2000 at 11:35:03AM +0100, Javier Fernandez-Sanguino Peña wrote:
> I've thought on the Debian metapackage... how about this:
>
> task-security
> Depends: documentation (securing-howto, lasg)
Depends: should be reversed for actual dependencies IMHO, you should never
need to
On 00/12/13 03:35 -0500, Jeremy Gaddis wrote:
> Do a stock installation and see if a new user wouldn't need a "hardening
> script". At a guess, telnet, ftp, portmapper, nfsd, and the like are probably
> running. I can see where a "hardening script" could come into play here,
I have just done sev
* Javier Fernandez-Sanguino Peña
| Any thoughts?
There is a discussion on -devel about _limiting_ the number of task
packages, not increasing it. So until that one is finished, adding
four task- packages isn't a good idea, imho.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just
* Jeremy Gaddis
| I was looking at it more from the lines of a default installation.
What is a default installation of Debian? Base system? All standard
packages?
I usually only install the base system, and then apt-get whatever I
need. tasksel only installs the packages you ask for, not t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On 13 Dec 2000, Wari Wahab <[EMAIL PROTECTED]> wrote:
>
> Anyway, the previous post about the keyboard mapping is the only
> solution to this but is you type the wrong passphrase, your whole
> message will be WIPED!... lalala...
I get a
On 00/12/13 03:35 -0500, Jeremy Gaddis wrote:
> Do a stock installation and see if a new user wouldn't need a "hardening
> script". At a guess, telnet, ftp, portmapper, nfsd, and the like are probably
> running. I can see where a "hardening script" could come into play here,
I have just done se
My checklist is:
1.- custom install (do not select tasks) w/ shadow passwords
2.- go through deselect and remove packages before doing a install, leave
bare-minimum
3.- (the things in the debian-hardening-howto: quotas, login definitions, lilo)
4.- check init.d scripts, remove unwanted wi
As promised, I have included the Securing-Debian HOWTO in DDP's CVS and
updated
the DDP web pages (check Administrator's Manuals in www.debian.org/doc/ddp)
As it says now the development version will be available from:
http://www.debian.org/doc/manuals/securing-debian-howto/index.html
a
I've thought on the Debian metapackage... how about this:
task-security
Depends: documentation (securing-howto, lasg)
Suggests: task-security-audit, task-firewall-tools, task-security-tools
Recomends: task-network-tools
task-security-audit
Depends: nessusd, snort, logcheck, ippl, tcpdum
Javier Fernandez-Sanguino Peña <[EMAIL PROTECTED]> writes:
> Users should *not* have to read through a document thoroughly
> to have a secure installation.
User should have to read said document thouroughly before installing
anything.
--
SIGSTOP
Jeremy Gaddis escribió:
>
(..)
>
> Do a stock installation and see if a new user wouldn't need a "hardening
> script". At a guess, telnet, ftp, portmapper, nfsd, and the like are probably
> running. I can see where a "hardening script" could come into play here,
> asking the user if he needs se
"S.Salman Ahmed" escribió:
>
> [No need to CC: me guys, I read each and every list mail I
> receive. Thanks.]
>
> > "BMA" == Bradley M Alexander <[EMAIL PROTECTED]> writes:
> BMA> The problem with this is that, generally speaking, there are
> BMA> as many configurations as there are
> Oh, I totally agree; this would have to be on a per-package basis,
> however. Hence, it would rely on each maintainers willingness
> to do so. For example, a chrooted bind (running as user nobody
> or something) would be nice, but the bind maintainer has refused
> (at least until bind 9.1 is re
I was looking at it more from the lines of a default installation. Most
experienced UNIX/Linux users know what needs to be running and
what doesn't, and how to turn services on and off. I'm not completely
sure what services are running under Debian in a default installation as
I use dselect to se
Nah, I think what he wants is messages that can be viewed via Windows
Outbloat or Outbloat Express, which will never get PGP/MIME messages
right. The problem with the clearsign option is that outlook will think
that the whole message is an attachment which outlook can't grok because
of the .dat ext
My checklist is:
1.- custom install (do not select tasks) w/ shadow passwords
2.- go through deselect and remove packages before doing a install, leave
bare-minimum
3.- (the things in the debian-hardening-howto: quotas, login definitions, lilo)
4.- check init.d scripts, remove unwanted w
As promised, I have included the Securing-Debian HOWTO in DDP's CVS and updated
the DDP web pages (check Administrator's Manuals in www.debian.org/doc/ddp)
As it says now the development version will be available from:
http://www.debian.org/doc/manuals/securing-debian-howto/index.html
a
I've thought on the Debian metapackage... how about this:
task-security
Depends: documentation (securing-howto, lasg)
Suggests: task-security-audit, task-firewall-tools, task-security-tools
Recomends: task-network-tools
task-security-audit
Depends: nessusd, snort, logcheck, ippl, tcpdu
Javier Fernandez-Sanguino Peña <[EMAIL PROTECTED]> writes:
> Users should *not* have to read through a document thoroughly
> to have a secure installation.
User should have to read said document thouroughly before installing
anything.
--
SIGSTOP
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
Jeremy Gaddis escribió:
>
(..)
>
> Do a stock installation and see if a new user wouldn't need a "hardening
> script". At a guess, telnet, ftp, portmapper, nfsd, and the like are probably
> running. I can see where a "hardening script" could come into play here,
> asking the user if he needs s
"S.Salman Ahmed" escribió:
>
> [No need to CC: me guys, I read each and every list mail I
> receive. Thanks.]
>
> > "BMA" == Bradley M Alexander <[EMAIL PROTECTED]> writes:
> BMA> The problem with this is that, generally speaking, there are
> BMA> as many configurations as there are
> Oh, I totally agree; this would have to be on a per-package basis,
> however. Hence, it would rely on each maintainers willingness
> to do so. For example, a chrooted bind (running as user nobody
> or something) would be nice, but the bind maintainer has refused
> (at least until bind 9.1 is r
I was looking at it more from the lines of a default installation. Most
experienced UNIX/Linux users know what needs to be running and
what doesn't, and how to turn services on and off. I'm not completely
sure what services are running under Debian in a default installation as
I use dselect to s
Nah, I think what he wants is messages that can be viewed via Windows
Outbloat or Outbloat Express, which will never get PGP/MIME messages
right. The problem with the clearsign option is that outlook will think
that the whole message is an attachment which outlook can't grok because
of the .dat ex
44 matches
Mail list logo
