\begin{Lester Cheung}
> Just want to know how secure/insecure is a minimal debian install. coz
> the more I read, the more paranoid I am. I have read the debian security
> howto serveral times. Are the suggestions in there enough for a normal
> home machine/regular office gateway?
just be minimal and don't do anything stupid ;)
go through the *entire* list of installed packages (especially
anything with network connotations) and ask yourself if you actually
need that at this particular moment. if not, remove it.
dselect likes to install everything marked "standard", which is good
for a unix desktop / login server but not good for a firewall.
then make sure you keep up to date with debian security updates (by
adding the appropriate apt/sources.list lines).
i have been running my home network off a debian (stable) installation
for many years. i have /etc/hosts.{allow,deny} setup to ban any
outsiders. i don't add silly wildcard entries to /etc/exports and the
like. i use the default ipmasq package firewalling rules (with one
exception for 0.0.0.0 dhcp packets on the local network).
i don't have a separate firewall - my "main machine" also runs
pppd. so far its been a successful experiment in application-level
security. (i've doomed it now though, haven't i ;)
--
- Gus
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
