Hi All

I have only a dial up connection, but still would like to secure the system
in whatever minimal way possible.

My /etc/apt/sources.list contains the following:
----------------------
#deb file:///cdrom/ sarge main

deb cdrom:[Debian GNU/Linux testing _Sarge_ - Official Snapshot i386
Binary-1 (20041022)]/ unstable contrib main

deb http://security.debian.org/ testing/updates main contrib
-------------------------------

The cdrom was a single DVD of debian Sarge from which I installed.

I think I issued apt-get upgrade which downloaded only headers of the files
(some 6450 bytes worth)

How to really upgrade and secure the system?

Cheeka

[ Post a follow-up to this message ]

On Sun, 19 Dec 2004 09:37:38 -0800, Srikanth NS
<nssrikanth@hotmail.com> wrote:

> Hi All
>
> I have only a dial up connection, but still would like to
> secure the system in whatever minimal way possible.
>
> My /etc/apt/sources.list contains the following:
> ---------------------------------------------------------------
> #deb file:///cdrom/ sarge main
>
> deb cdrom:[Debian GNU/Linux testing _Sarge_ - Official Snapshot
> i386 Binary-1 (20041022)]/ unstable contrib main
>
>  deb http://security.debian.org/ testing/updates main contrib
> ---------------------------------------------------------------
>
> The cdrom was a single DVD of debian Sarge from which I
> installed.
>
> I think I issued apt-get upgrade which downloaded only headers
> of the files (some 6450 bytes worth)
>
> How to really upgrade and secure the system?
>
> Cheeka
>
>

You're posting from an M$ box and worrying about Debian being
secure???!!!

If you don't know anything about Linux, why did you install it?


AC

[ Post a follow-up to this message ]

"Alan Connor" <zzzzzz@xxx.yyy> wrote in message
news:Bv8xd.3133$9j5.643@newsread3.news.pas.earthlink.net... 
>
> You're posting from an M$ box and worrying about Debian being
> secure???!!!

So, you wouldn't need to do anything at all to make a Linux box secure; it's
just secure however you configure it?

> If you don't know anything about Linux, why did you install it?

Presumably, to learn about it. I would think that if he already knew
everything about administering Linux, he wouldn't have to ask.

- Robert

[ Post a follow-up to this message ]

On Sun, 19 Dec 2004 05:40:49 +0000, Alan Connor wrote:

> You're posting from an M$ box and worrying about Debian being
> secure???!!!
>
> If you don't know anything about Linux, why did you install it?
>
>
> AC

Okay
Now I have come home and posting from DEbian box itself.
Would you care to answer now atleast?
Many of us do not have a choice of OS to post from our workspot.
Hope you appreciate such difficulties.

Cheeka

[ Post a follow-up to this message ]

Srikanth NS wrote:

> Hi All
>
> I have only a dial up connection, but still would like to secure the
> system in whatever minimal way possible.
>
> My /etc/apt/sources.list contains the following:
> ----------------------
> #deb file:///cdrom/ sarge main
>
> deb cdrom:[Debian GNU/Linux testing _Sarge_ - Official Snapshot i386
> Binary-1 (20041022)]/ unstable contrib main
>
>  deb http://security.debian.org/ testing/updates main contrib
> -------------------------------
>
> The cdrom was a single DVD of debian Sarge from which I installed.
>
> I think I issued apt-get upgrade which downloaded only headers of the
> files (some 6450 bytes worth)
>
> How to really upgrade and secure the system?
>
> Cheeka

What do you mean by "secure" your debian system? Are you talking about
security updates for your packages? Or maybe about firewalls?

In the first case, just run 'apt-get update && apt-get upgrade' and dpkg
will get the security updates from the server you added in sources.list
automatically.

In the second case you will have to set up netfilter, but this is not a
debian specific thing. See 'man iptables'.

[ Post a follow-up to this message ]

Srikanth NS schrob:
> How to really upgrade and secure the system?

For updating, make your sources.list something like the following:

deb cdrom:[Debian GNU/Linux testing...
deb http://ftp.SOMEWHERE.debian.org/debian/ testing main contrib
deb http://security.debian.org/ testing/updates main contrib

and then "apt-get update && apt-get upgrade" regularly.


apt-get install harden-doc && cd /usr/share/doc/harden-doc/
a.k.a.
http://www.debian.org/doc/manuals/s...g-debian-howto/
would be a good start for securing.

HTH, f'up2 .debian
Jan

[ Post a follow-up to this message ]

On Sun, 19 Dec 2004 09:37:38 -0800, Srikanth NS
<nssrikanth@hotmail.com> wrote:

> Hi All
>
> I have only a dial up connection, but still would like to
> secure the system in whatever minimal way possible.
>
> My /etc/apt/sources.list contains the following:
> ---------------------------------------------------------------
> #deb file:///cdrom/ sarge main
>
> deb cdrom:[Debian GNU/Linux testing _Sarge_ - Official Snapshot
> i386 Binary-1 (20041022)]/ unstable contrib main
>
>  deb http://security.debian.org/ testing/updates main contrib
> ---------------------------------------------------------------
>
> The cdrom was a single DVD of debian Sarge from which I
> installed.
>
> I think I issued apt-get upgrade which downloaded only headers
> of the files (some 6450 bytes worth)
>
> How to really upgrade and secure the system?
>
> Cheeka
>
>

As I suspected: Troll.

Thread killfiled, as are several of the aliases here.

AC

[ Post a follow-up to this message ]

Hello

Srikanth NS (<nssrikanth@hotmail.com> ) wrote:

> I have only a dial up connection, but still would like to secure the
> system in whatever minimal way possible.
>
> My /etc/apt/sources.list contains the following:
> ----------------------
> #deb file:///cdrom/ sarge main
>
> deb cdrom:[Debian GNU/Linux testing _Sarge_ - Official Snapshot i386
> Binary-1 (20041022)]/ unstable contrib main
>
>  deb http://security.debian.org/ testing/updates main contrib
> -------------------------------
>
> The cdrom was a single DVD of debian Sarge from which I installed.
>
> I think I issued apt-get upgrade which downloaded only headers of the
> files (some 6450 bytes worth)
>
> How to really upgrade and secure the system?

You were already told to add an official mirror server for Sarge to your
sources.list. You should keep in mind that right now there is no
official support from the Debian security team for Sarge (until it
becomes "stable"). Updates mostly go through unstable first, with some
days delay to make sure the new packages don't have any grave bugs
before they go to Sarge (testing). In fact, if you want security,
testing is probably the worst choice among the Debian branches, because
you get neither updates from security.debian.org like stable, nor quick
updates from the upstream authors like unstable.

best regards
Andreas Janssen

--
Andreas Janssen <andreas.janssen@bigfoot.com>
PGP-Key-ID: 0xDC801674 ICQ #17079270
Registered Linux User #267976
http://www.andreas-janssen.de/debian-tipps-sarge.html

[ Post a follow-up to this message ]

"Srikanth NS" <nssrikanth@hotmail.com> wrote:
> How to really upgrade and secure the system?

We have no idea what your threat model is.

In order to consider a system "secure," you must first establish what
are the expected threats, as it is only in the context of such threats
that it is possible to evaluate whether the system can respond
successfully against them.
--
"cbbrowne","@","ntlug.org"
http://www3.sympatico.ca/cbbrowne/lsf.html
"Feel free  to contribute build  files.  Or work on  your motivational
skills, and maybe someone somewhere will write them for you..."
-- "Fredrik Lundh" <effbot@telia.com>

[ Post a follow-up to this message ]

Hello!

On Sun, 19 Dec 2004 12:16:06 +0100, Andreas Janssen wrote:
> You were already told to add an official mirror server for Sarge to your
> sources.list. You should keep in mind that right now there is no
> official support from the Debian security team for Sarge (until it
> becomes "stable"). [...]

It is planned to have official security support for sarge once the
infrastructure has been set up, which will hopefully happen a
considerably long time before release. See
<http://lists.debian.org/debian-deve...1/msg00003.html>
and
<http://lists.debian.org/debian-deve...1/msg00015.html>.

Cheers,
Flo

[ Post a follow-up to this message ]