|
Home > Archive > Linux Debian support > December 2004 > How to Secure the debian system?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
How to Secure the debian system?
|
|
| Srikanth NS 2004-12-19, 2:45 am |
| Hi All
I have only a dial up connection, but still would like to secure the system
in whatever minimal way possible.
My /etc/apt/sources.list contains the following:
----------------------
#deb file:///cdrom/ sarge main
deb cdrom:[Debian GNU/Linux testing _Sarge_ - Official Snapshot i386
Binary-1 (20041022)]/ unstable contrib main
deb http://security.debian.org/ testing/updates main contrib
-------------------------------
The cdrom was a single DVD of debian Sarge from which I installed.
I think I issued apt-get upgrade which downloaded only headers of the files
(some 6450 bytes worth)
How to really upgrade and secure the system?
Cheeka
| |
| Alan Connor 2004-12-19, 2:45 am |
| On Sun, 19 Dec 2004 09:37:38 -0800, Srikanth NS
<nssrikanth@hotmail.com> wrote:
> Hi All
>
> I have only a dial up connection, but still would like to
> secure the system in whatever minimal way possible.
>
> My /etc/apt/sources.list contains the following:
> ---------------------------------------------------------------
> #deb file:///cdrom/ sarge main
>
> deb cdrom:[Debian GNU/Linux testing _Sarge_ - Official Snapshot
> i386 Binary-1 (20041022)]/ unstable contrib main
>
> deb http://security.debian.org/ testing/updates main contrib
> ---------------------------------------------------------------
>
> The cdrom was a single DVD of debian Sarge from which I
> installed.
>
> I think I issued apt-get upgrade which downloaded only headers
> of the files (some 6450 bytes worth)
>
> How to really upgrade and secure the system?
>
> Cheeka
>
>
You're posting from an M$ box and worrying about Debian being
secure???!!!
If you don't know anything about Linux, why did you install it?
AC
| |
| Robert Tweed 2004-12-19, 2:45 am |
| "Alan Connor" <zzzzzz@xxx.yyy> wrote in message
news:Bv8xd.3133$9j5.643@newsread3.news.pas.earthlink.net...
>
> You're posting from an M$ box and worrying about Debian being
> secure???!!!
So, you wouldn't need to do anything at all to make a Linux box secure; it's
just secure however you configure it?
> If you don't know anything about Linux, why did you install it?
Presumably, to learn about it. I would think that if he already knew
everything about administering Linux, he wouldn't have to ask.
- Robert
| |
| N S Srikanth 2004-12-19, 2:45 am |
| On Sun, 19 Dec 2004 05:40:49 +0000, Alan Connor wrote:
> You're posting from an M$ box and worrying about Debian being
> secure???!!!
>
> If you don't know anything about Linux, why did you install it?
>
>
> AC
Okay
Now I have come home and posting from DEbian box itself.
Would you care to answer now atleast?
Many of us do not have a choice of OS to post from our workspot.
Hope you appreciate such difficulties.
Cheeka
| |
| Matthias Käppler 2004-12-19, 7:45 am |
| Srikanth NS wrote:
> Hi All
>
> I have only a dial up connection, but still would like to secure the
> system in whatever minimal way possible.
>
> My /etc/apt/sources.list contains the following:
> ----------------------
> #deb file:///cdrom/ sarge main
>
> deb cdrom:[Debian GNU/Linux testing _Sarge_ - Official Snapshot i386
> Binary-1 (20041022)]/ unstable contrib main
>
> deb http://security.debian.org/ testing/updates main contrib
> -------------------------------
>
> The cdrom was a single DVD of debian Sarge from which I installed.
>
> I think I issued apt-get upgrade which downloaded only headers of the
> files (some 6450 bytes worth)
>
> How to really upgrade and secure the system?
>
> Cheeka
What do you mean by "secure" your debian system? Are you talking about
security updates for your packages? Or maybe about firewalls?
In the first case, just run 'apt-get update && apt-get upgrade' and dpkg
will get the security updates from the server you added in sources.list
automatically.
In the second case you will have to set up netfilter, but this is not a
debian specific thing. See 'man iptables'.
| |
|
|
| Alan Connor 2004-12-19, 7:45 am |
| On Sun, 19 Dec 2004 09:37:38 -0800, Srikanth NS
<nssrikanth@hotmail.com> wrote:
> Hi All
>
> I have only a dial up connection, but still would like to
> secure the system in whatever minimal way possible.
>
> My /etc/apt/sources.list contains the following:
> ---------------------------------------------------------------
> #deb file:///cdrom/ sarge main
>
> deb cdrom:[Debian GNU/Linux testing _Sarge_ - Official Snapshot
> i386 Binary-1 (20041022)]/ unstable contrib main
>
> deb http://security.debian.org/ testing/updates main contrib
> ---------------------------------------------------------------
>
> The cdrom was a single DVD of debian Sarge from which I
> installed.
>
> I think I issued apt-get upgrade which downloaded only headers
> of the files (some 6450 bytes worth)
>
> How to really upgrade and secure the system?
>
> Cheeka
>
>
As I suspected: Troll.
Thread killfiled, as are several of the aliases here.
AC
| |
| Andreas Janssen 2004-12-19, 7:45 am |
| Hello
Srikanth NS (<nssrikanth@hotmail.com> ) wrote:
> I have only a dial up connection, but still would like to secure the
> system in whatever minimal way possible.
>
> My /etc/apt/sources.list contains the following:
> ----------------------
> #deb file:///cdrom/ sarge main
>
> deb cdrom:[Debian GNU/Linux testing _Sarge_ - Official Snapshot i386
> Binary-1 (20041022)]/ unstable contrib main
>
> deb http://security.debian.org/ testing/updates main contrib
> -------------------------------
>
> The cdrom was a single DVD of debian Sarge from which I installed.
>
> I think I issued apt-get upgrade which downloaded only headers of the
> files (some 6450 bytes worth)
>
> How to really upgrade and secure the system?
You were already told to add an official mirror server for Sarge to your
sources.list. You should keep in mind that right now there is no
official support from the Debian security team for Sarge (until it
becomes "stable"). Updates mostly go through unstable first, with some
days delay to make sure the new packages don't have any grave bugs
before they go to Sarge (testing). In fact, if you want security,
testing is probably the worst choice among the Debian branches, because
you get neither updates from security.debian.org like stable, nor quick
updates from the upstream authors like unstable.
best regards
Andreas Janssen
--
Andreas Janssen <andreas.janssen@bigfoot.com>
PGP-Key-ID: 0xDC801674 ICQ #17079270
Registered Linux User #267976
http://www.andreas-janssen.de/debian-tipps-sarge.html
| |
| Christopher Browne 2004-12-19, 5:45 pm |
| "Srikanth NS" <nssrikanth@hotmail.com> wrote:
> How to really upgrade and secure the system?
We have no idea what your threat model is.
In order to consider a system "secure," you must first establish what
are the expected threats, as it is only in the context of such threats
that it is possible to evaluate whether the system can respond
successfully against them.
--
"cbbrowne","@","ntlug.org"
http://www3.sympatico.ca/cbbrowne/lsf.html
"Feel free to contribute build files. Or work on your motivational
skills, and maybe someone somewhere will write them for you..."
-- "Fredrik Lundh" <effbot@telia.com>
| |
| Florian Ernst 2004-12-19, 5:45 pm |
| Hello!
On Sun, 19 Dec 2004 12:16:06 +0100, Andreas Janssen wrote:
> You were already told to add an official mirror server for Sarge to your
> sources.list. You should keep in mind that right now there is no
> official support from the Debian security team for Sarge (until it
> becomes "stable"). [...]
It is planned to have official security support for sarge once the
infrastructure has been set up, which will hopefully happen a
considerably long time before release. See
<http://lists.debian.org/debian-deve...1/msg00003.html>
and
<http://lists.debian.org/debian-deve...1/msg00015.html>.
Cheers,
Flo
| |
|
|
"Christopher Browne" <cbbrowne@acm.org> wrote in message
news:32lkaoF3nk5ciU1@individual.net...
> "Srikanth NS" <nssrikanth@hotmail.com> wrote:
>
> We have no idea what your threat model is.
>
> In order to consider a system "secure," you must first establish what
> are the expected threats, as it is only in the context of such threats
> that it is possible to evaluate whether the system can respond
> successfully against them.
> --
> "cbbrowne","@","ntlug.org"
> http://www3.sympatico.ca/cbbrowne/lsf.html
> "Feel free to contribute build files. Or work on your motivational
> skills, and maybe someone somewhere will write them for you..."
> -- "Fredrik Lundh" <effbot@telia.com>
I would suggest using iptables to make it as secure as you can, you do need
to decide what you want and what you dont and then base the rules upon that
criteria.
Drop me a line in the forums if you need.
--
Kind Regards
CK
www.ckconsultants.co.uk
| |
| Christopher Browne 2004-12-23, 2:45 am |
| Centuries ago, Nostradamus foresaw when "CK" <puevf@pxfernyz.pbz> would write:
> "Christopher Browne" <cbbrowne@acm.org> wrote in message
> news:32lkaoF3nk5ciU1@individual.net...
>
> I would suggest using iptables to make it as secure as you can, you
> do need to decide what you want and what you dont and then base the
> rules upon that criteria.
That doesn't point to a threat model that you are attempting to
respond to...
--
(format nil "~S@~S" "cbbrowne" "gmail.com")
http://www3.sympatico.ca/cbbrowne/postgresql.html
"The only completely consistent people are the dead."
-- Aldous Huxley
|
|
|
|
|