Michael Lazin <microla...@gmail.com> writes: > SInce Ossec HIDS is GNU Public licensed I think this is not a bad idea to > include this in the documentation. The referenced article does describe > securing Debian with open source tools and I honestly have seen this > documentation for the first time tonight and I think it is very high > quality. The thing that caught my eye is disabling execution for /tmp. I
I don't know about the current state, but I did disable execution for /tmp at some point, only to discover that installing some packages failed because of this. Although I don't remember, if it was the package or apt-get/dpkg needing an executable /tmp. > managed thousands of Debian servers at one time and I often found hacker > scripts in ./tmp because of a Wordpress exploit. This is because /tmp is > world writable and presumably people who don't know better are unlikely to > look for bad scripts there.