On 05/30/2014 08:29 AM, William Hermans wrote: > > /Before you can "hardening a Debian server" you have to make a > "normal"/ > /Debian Server out of it.../ > // > /Login as root in the terminal (e.g. with putty from a win machine):/ > /root@arm:~# adduser prz # add a new regular user with password/ > /root@arm:~# deluser debian # remove the "Testuser"/ > /root@arm:~# rm -rf /home/debian/ > /root@arm:~# passwd # give root a real passwd/ > > > If a person can not figure this out on their own, they probably > deserve to get rooted, or whatever else happens to them. Some would > also argue removing root. > > Personally I would avoid apache2 unless absolutely necessary, as it is > fairly large. But then again my own rootfs is only 137MB ( bare-fs ) > > > On Fri, May 30, 2014 at 7:15 AM, Robert Nelson > <[email protected] <mailto:[email protected]>> wrote: > > On Fri, May 30, 2014 at 3:13 AM, Dieter Wirz <[email protected] > <mailto:[email protected]>> wrote: > > Before you can "hardening a Debian server" you have to make a > "normal" > > Debian Server out of it... > > > > Login as root in the terminal (e.g. with putty from a win machine): > > root@arm:~# adduser prz # add a new regular user with password > > root@arm:~# deluser debian # remove the "Testuser" > > root@arm:~# rm -rf /home/debian > > root@arm:~# passwd # give root a real passwd > > > > At this point I propose to install a "real" like apache: > > root@arm:~# apt-get install apache2 > > > > Now you can check with a portsniffer e.g. nmap what ports are > open on > > your BBB but now your system should be fairly secure > > btw, in the official Debian image on beagleboard.org/latest-images > <http://beagleboard.org/latest-images> , > there is an "un-tweak" script that'll undo some of the ssh things we > did to make "easier" out of the box, but less secure then a default > install. > > cd /opt/scripts/un-tweak-image/ > ./debian-re-secure-root-ssh.sh > > > https://github.com/RobertCNelson/boot-scripts/blob/master/un-tweak-image/debian-re-secure-root-ssh.sh > > Regards, > > -- > Robert Nelson > http://www.rcn-ee.com/ > > -- > For more options, visit http://beagleboard.org/discuss > --- > You received this message because you are subscribed to the Google > Groups "BeagleBoard" group. > To unsubscribe from this group and stop receiving emails from it, > send an email to [email protected] > <mailto:beagleboard%[email protected]>. > For more options, visit https://groups.google.com/d/optout. > > > -- > For more options, visit http://beagleboard.org/discuss > --- > You received this message because you are subscribed to the Google > Groups "BeagleBoard" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > For more options, visit https://groups.google.com/d/optout.
I dont see how apache has anything to do with "securing" it. -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
