Hi,
On Thu, Nov 27, 2014 at 08:42:44PM -0500, Libertas wrote:
True, and thanks for the examples. I think the daemons are probably a
better move for those who aren't firewall veterans, as everyone else
would probably be copy-and-pasting firewall configs like the ones you
gave and praying that
Hi,
On Tue, Nov 25, 2014 at 10:58:57AM -0500, Libertas wrote:
And I agree about SSHGuard. I've had a better experience with it, and
it generally seems like a more carefully developed and more thoroughly
documented project. Strangely, though, most experienced sysadmins
still use and suggest
Stop
Sent from my iPhone
On Nov 27, 2014, at 8:42 PM, Libertas liber...@mykolab.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/27/2014 07:50 PM, t...@zengers.de wrote:
And I agree about SSHGuard. I've had a better experience with it,
and it generally seems like a more
Hi,
On Tue, Nov 25, 2014 at 08:58:04PM +0100, tor-ad...@torland.me wrote:
Don't store identity keys on the hard disk. Keep them offliner. Use a ramdisk
for /var/lib/tor/keys/ and copy keys to it via scp before starting your tor
instance. Remove it from the ramdisk after startup. So the keys
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/24/2014 4:09 PM, Libertas wrote:
I thought I'd share an initial draft of doc/HARDENING. Please
share any opinions or contributions you have. This was written in a
little more than an hour, so it's still a work in progress.
However, in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I thought I'd share an initial draft of doc/HARDENING. Please share
any opinions or contributions you have. This was written in a little
more than an hour, so it's still a work in progress. However, in the
spirit of prototyping before polishing, I
On Mon, Nov 24, 2014 at 06:09:34PM -0500, Libertas wrote:
Be sure to stay up-to-date using apt-get, and consider using cron-apt to
automatically update:
https://www.debian.org/doc/manuals/debian-faq/ch-uptodate.en.html
Maybe it also worth covering unattended-upgrades package to keep Debian up