\begin{Lester Cheung} > Just want to know how secure/insecure is a minimal debian install. coz > the more I read, the more paranoid I am. I have read the debian security > howto serveral times. Are the suggestions in there enough for a normal > home machine/regular office gateway?
just be minimal and don't do anything stupid ;) go through the *entire* list of installed packages (especially anything with network connotations) and ask yourself if you actually need that at this particular moment. if not, remove it. dselect likes to install everything marked "standard", which is good for a unix desktop / login server but not good for a firewall. then make sure you keep up to date with debian security updates (by adding the appropriate apt/sources.list lines). i have been running my home network off a debian (stable) installation for many years. i have /etc/hosts.{allow,deny} setup to ban any outsiders. i don't add silly wildcard entries to /etc/exports and the like. i use the default ipmasq package firewalling rules (with one exception for 0.0.0.0 dhcp packets on the local network). i don't have a separate firewall - my "main machine" also runs pppd. so far its been a successful experiment in application-level security. (i've doomed it now though, haven't i ;) -- - Gus -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug