Before you can "hardening a Debian server" you have to make a "normal" Debian Server out of it...
Login as root in the terminal (e.g. with putty from a win machine): root@arm:~# adduser prz # add a new regular user with password root@arm:~# deluser debian # remove the "Testuser" root@arm:~# rm -rf /home/debian root@arm:~# passwd # give root a real passwd At this point I propose to install a "real" like apache: root@arm:~# apt-get install apache2 Now you can check with a portsniffer e.g. nmap what ports are open on your BBB but now your system should be fairly secure On Wed, May 28, 2014 at 10:10 AM, David Farning <[email protected]> wrote: > A good term to google for is "hardening a Debian server." > > There are many articles and several good books for people with various > backgrounds. > > On Tue, May 27, 2014 at 8:13 PM, Przemek Klosowski > <[email protected]> wrote: >> On Tue, May 27, 2014 at 7:29 PM, <[email protected]> wrote: >>> >>> I'm connecting a BB to the internet and want to make sure it is relatively >>> secure. Things like Cloud9, BoneScript, and root default password are all >>> things that might leave open security holes. >>> >>> I'm no Unix expert so I'll pose the question here. Can anyone point me to a >>> guide for what I should do to make the BB secure for long term autonomous >>> connection to the Internet? >> >> Well, that's a difficult question. You connect it to the Internet so >> that it's capable of performing certain functions that you want, but >> you want to secure it so that it will not do anything that you don't >> want. The best approach, then, is to rigorously specify what's >> allowed and what's not, and implement controls that match this spec. >> You have several tools in your disposal: >> >> - you can set up an independent firewall in front of your device: if >> your device is on a home/ISP network you probably have a router that >> already implements that. >> >> - the BBB can run the Linux firewall (iptables) that control the >> network traffic into and out of your device >> >> - if your requirements can be met by your BBB always originating >> traffic, things are easier: both iptables and ISP router firewalls >> support outgoing connections out of the box, and your BBB is in >> control of the traffic. You have to pay attention to DNS---DNS >> spoofing is the principal vulnerability for this kind of setup >> >> - if you need to connect to the BBB from the outside, you want to >> limit the open ports and implement it in a cryptographically secure >> way, by using SSH/SSL/TLS or IPsec. This is tricky to get right, >> because there's always a possibility of vulnerabilities like >> Heartbleed >> >> -- >> For more options, visit http://beagleboard.org/discuss >> --- >> You received this message because you are subscribed to the Google Groups >> "BeagleBoard" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > -- > For more options, visit http://beagleboard.org/discuss > --- > You received this message because you are subscribed to the Google Groups > "BeagleBoard" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
