Incoming from Andrew Graupe:
> For the last month or two, I have been especially paranoid about what
> could happen to my computer, beyond all reason (I'm behind a firewall).
Sh*t happens. The other day, my system got horribly confused, by apm.
It'd just shut down with no warning, then I'd find it fsck'ing
everything on reboot. And the reboot would fail because the BIOS
sensed that something was strange (too hot, confused, not completely
reset, whatever).
At first, I thought it was a failing battery, then I found that in the
ca. three years I've been using this thing, apm support was turned on
in the BIOS and I'd never turned that off. Even after twiddling that,
Linux apm support on this machine is flakey and unreliable, so I can't
use it (perhaps a kernel recompile will fix this; don't know; haven't
tried that yet). It's seldom a problem; it's almost always plugged
into a wall socket anyway. Obviously, I'd forgotten to test apm
support all this time.
It sometimes happens that one silly misconfiguration causes a cascade
of failures, none of which will clear up until you sort it out since
one failure causes something else to fail non-sensically.
I've heard of people who run two instances of whatever they use.
One's the testing side. Once they determine that a change works on
the testing side, they apply it to the "production" side. For a home
pc user, this is hopelessly anal, and isn't guaranteed to solve the
problem anyway since it's impossible to keep the two systems' changes
accurately in sync.
The best advice I can offer is:
- Harden your system. Don't run services you don't really need.
For whatever services you do think you need, harden them and
ensure that they can only be accessed by approved sources:
i) Sendmail? Why not try ssmtp instead?
ii) Identd? Try fauxident instead.
iii) bind/named? Maradns as a caching only server.
iv) httpd? Use your ISP's instead.
Go through your /etc/inetd.conf and comment out anything you can.
Stick a -notcp switch on the Xserverrc line that calls X.
- Stay away from anything that sends cleartext passwords: telnetd,
ftpd, rshd, etc. You don't need them. ssh and scp can do all of
that for you without opening you up to being owned. If you never
need to ssh _into_ your box, disable sshd. You'll still be able
to ssh _out_.
- Subscribe to your distribution's security announcement list.
They're usually low volume. For anything that comes through on
that, see if you're running it, upgrade it if it's insecure and if
that's possible, or disable it until you can.
- Make regular backups.
- Check your log files regularly (cronjobs are invaluable for this).
- Test installed software rigourously[*].
- Test the resultant system rigourously[*].
- Test your recovery/restore procedures.
- Don't underestimate the value of ignoring the hell out of the
thing until you can figure out what's _really_ wrong with it. If
you don't know where you are, stay there.
- Always be prepared to wipe the thing and start over. If you've
done the backups, and you've understood the recovery procedure,
reinstalling shouldn't be a lot of work or take much time.
- Did I mention backups?
[*] With the latest Windows-ish software that people are running on Linux
these days (KDE, Gnome, desktop managers, desktop environments,
wrapper helpers, etc.), sometimes a reboot _is_ necessary for these
goofy things to actually synchronise themselves with the rest of the
system. Either learn their limitations or don't use that stuff.
There's a lot to be said for a system whose configuration you can
understand.
--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://www.spots.ab.ca/~keeling
- -
_______________________________________________
clug-talk mailing list
[EMAIL PROTECTED]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
