Removing root would certainly make it secure. usermod -d / root userdel -r root
will make it absolutely secure. Not terribly useful but very secure. That also brings up the #1 dumbest idea in computer security. #1) Default Permit Read more at: http://www.ranum.com/security/computer_security/editorials/dumb/ On Friday, May 30, 2014 10:30:00 AM UTC-5, William Hermans wrote: > > *Before you can "hardening a Debian server" you have to make a "normal"* >> * Debian Server out of it...* >> >> * Login as root in the terminal (e.g. with putty from a win machine):* >> * root@arm:~# adduser prz # add a new regular user with password* >> * root@arm:~# deluser debian # remove the "Testuser"* >> * root@arm:~# rm -rf /home/debian* >> * root@arm:~# passwd # give root a real passwd* >> > > If a person can not figure this out on their own, they probably deserve to > get rooted, or whatever else happens to them. Some would also argue > removing root. > > Personally I would avoid apache2 unless absolutely necessary, as it is > fairly large. But then again my own rootfs is only 137MB ( bare-fs ) > > > On Fri, May 30, 2014 at 7:15 AM, Robert Nelson <[email protected] > <javascript:>> wrote: > >> On Fri, May 30, 2014 at 3:13 AM, Dieter Wirz <[email protected] >> <javascript:>> wrote: >> > Before you can "hardening a Debian server" you have to make a "normal" >> > Debian Server out of it... >> > >> > Login as root in the terminal (e.g. with putty from a win machine): >> > root@arm:~# adduser prz # add a new regular user with password >> > root@arm:~# deluser debian # remove the "Testuser" >> > root@arm:~# rm -rf /home/debian >> > root@arm:~# passwd # give root a real passwd >> > >> > At this point I propose to install a "real" like apache: >> > root@arm:~# apt-get install apache2 >> > >> > Now you can check with a portsniffer e.g. nmap what ports are open on >> > your BBB but now your system should be fairly secure >> >> btw, in the official Debian image on beagleboard.org/latest-images , >> there is an "un-tweak" script that'll undo some of the ssh things we >> did to make "easier" out of the box, but less secure then a default >> install. >> >> cd /opt/scripts/un-tweak-image/ >> ./debian-re-secure-root-ssh.sh >> >> >> https://github.com/RobertCNelson/boot-scripts/blob/master/un-tweak-image/debian-re-secure-root-ssh.sh >> >> Regards, >> >> -- >> Robert Nelson >> http://www.rcn-ee.com/ >> >> -- >> For more options, visit http://beagleboard.org/discuss >> --- >> You received this message because you are subscribed to the Google Groups >> "BeagleBoard" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
