Re: Newbie friendly security and firewall docs (cookbook?)
Hi, On Thu, Oct 09, 2014 at 06:50:18AM -0500, Richard Owlett wrote: Andrei POPESCU wrote: On Mi, 08 oct 14, 08:49:44, Richard Owlett wrote: I think the type of material I'm looking for should be in the Debian GNU/Linux Installation Guide. It is the one document _every_ new user is told to read. ... I'll take a stab at putting selected content in a form suitable for the Installation Guide. This weekend looks open. I'll send my attempt to you off-list. Probably not a good idea, because: 1. Things like this should be in public, even better filed as a patch in the BTS 2. Javier is not the Maintainer of the Installation Guide, the Debian Installer Team is (list debian-boot) Yah, to be official and to include in Javi's work takes more than just write short HOWTO's. Editorial and translation synchronization are overhead. I will still forward my attempt to Javier because: * I take the last paragraph as an invitation to give specific feedback. * that whatever I come up with will *REQUIRE* proofreading before I would dare submit as a patch. My modification would primarily be pruning what a newbie would see as distractions. The act of pruning could create errors of fact when done by someone with as little expertise as I. Anyway, the first thing is write it out. Let me point out that the lower barrier entry point exists for you to start. https://wiki.debian.org There you can publish your writing as long as you register your mail address to get the login right. The account comes with initial user web page. In my case: https://wiki.debian.org/OsamuAoki I create page initially from this page for HOWTOs of minor topics. When content becomes good enough, look for appropriate page to link from. Maybe one of the followings depending on what you write. https://wiki.debian.org/QuickInstall https://wiki.debian.org/SystemAdministration https://wiki.debian.org/SecurityManagement Regards, Osamu -- To UNSUBSCRIBE, email to debian-doc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141012002608.GA2886@goofy.local
Re: Newbie friendly security and firewall docs (cookbook?)
Hi, On Wed, Oct 08, 2014 at 10:29:09PM +0300, Andrei POPESCU wrote: On Mi, 08 oct 14, 08:49:44, Richard Owlett wrote: I think the type of material I'm looking for should be in the Debian GNU/Linux Installation Guide. It is the one document _every_ new user is told to read. Maybe Debian Reference would be more appropriate (CC-ing Osamu to get his attention). Well it is a bit too much to address such big topic. I only address few problematic cases in each section. Quite frankly, there is no easy way. Not to enable services and not to change default system permissions are good idea for most newbies. I'll take a stab at putting selected content in a form suitable for the Installation Guide. This weekend looks open. I'll send my attempt to you off-list. There are many firewall script if you wish to do so. But if you do not listen to port, you are safer, too. Some one said: Security is process. I think it is right. Osamu -- To UNSUBSCRIBE, email to debian-doc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141010132443.GB5447@goofy.local
Re: Newbie friendly security and firewall docs (cookbook?)
Andrei POPESCU wrote: On Mi, 08 oct 14, 08:49:44, Richard Owlett wrote: I think the type of material I'm looking for should be in the Debian GNU/Linux Installation Guide. It is the one document _every_ new user is told to read. Maybe Debian Reference would be more appropriate (CC-ing Osamu to get his attention). I was of two minds on that. There are four classes of newbies [three reachable]. They are those who: will only say install. will read installation instructions but have no tech foundations. will read more than installation instructions if it is right there. will devour anything available at their level. My friend is in the third class. I would be want something aimed at that group when, as now, I trying to accomplish something correctly within time constraints. I'm so far into the last group that ... ;/ I'll take a stab at putting selected content in a form suitable for the Installation Guide. This weekend looks open. I'll send my attempt to you off-list. Probably not a good idea, because: 1. Things like this should be in public, even better filed as a patch in the BTS 2. Javier is not the Maintainer of the Installation Guide, the Debian Installer Team is (list debian-boot) I will still forward my attempt to Javier because: * I take the last paragraph as an invitation to give specific feedback. * that whatever I come up with will *REQUIRE* proofreading before I would dare submit as a patch. My modification would primarily be pruning what a newbie would see as distractions. The act of pruning could create errors of fact when done by someone with as little expertise as I. -- To UNSUBSCRIBE, email to debian-doc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5436767a.1070...@cloud85.net
Re: Newbie friendly security and firewall docs (cookbook?)
Richard Owlett wrote: Javier Fernandez-Sanguino wrote: On 6 October 2014 13:53, Richard Owlett rowl...@cloud85.net mailto:rowl...@cloud85.net wrote: In the context of -doc the only document I'm aware of is the Securing Debian HOWTO. I've attempted to digest it. It's too complete - e.g. it talks about securing features [web servers etc] that I do not believe should exist on a system used by my target audience [including myself]. Yes, the document is targeted towards a sysadmin audience, not a desktop user. That being said, it should be easy to write a Security for desktops chapter more targeted towards end-users including do's and dont's and recommended best practices there. While it will probably contain all the information you require, but it's entirely possible it might scare your friend a bit. It scares me ;/ Please go through chapter 2 Before you begin and 3 Before and during the installation. I think those chapters can be easily applied to a desktop environment. If they scare you maybe we have to tone down the content. Will do. Probably not today, my furnace is out and cold front coming. I would recommend it as a separate document or as an appendix rather than a chapter. You want to refer a newbie to something small if possible. I got a chance to re-read https://www.debian.org/doc/manuals/securing-debian-howto/ . It's been months since I first read it. I think that document styles suitable for a newbie and that for a experienced sysadmin are so different it would be a mistake to try to force one document serve both groups. I would like to see a document with the content of: Chapt 2 Before you begin 3 Before and during the installation 5 Securing services running on your system Appendix B Configuration checklist F Security update protected by a firewall I think the type of material I'm looking for should be in the Debian GNU/Linux Installation Guide. It is the one document _every_ new user is told to read. I'll take a stab at putting selected content in a form suitable for the Installation Guide. This weekend looks open. I'll send my attempt to you off-list. -- To UNSUBSCRIBE, email to debian-doc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543540f8.30...@cloud85.net
Re: Newbie friendly security and firewall docs (cookbook?)
On Mi, 08 oct 14, 08:49:44, Richard Owlett wrote: I think the type of material I'm looking for should be in the Debian GNU/Linux Installation Guide. It is the one document _every_ new user is told to read. Maybe Debian Reference would be more appropriate (CC-ing Osamu to get his attention). I'll take a stab at putting selected content in a form suitable for the Installation Guide. This weekend looks open. I'll send my attempt to you off-list. Probably not a good idea, because: 1. Things like this should be in public, even better filed as a patch in the BTS 2. Javier is not the Maintainer of the Installation Guide, the Debian Installer Team is (list debian-boot) Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature
Re: Newbie friendly security and firewall docs (cookbook?)
Dominic Walden wrote: Richard Owlett rowl...@cloud85.net writes: I'm looking for a reference document that wouldn't scare my friend off Debian and also give me the required information to: 1. close the maximum number of ports. I see him using browser, email, ftp file downloading. I don't see him being a server. All incoming packets should be to fulfill a previous outgoing request - [correctly phrased?]. Totally not self-promotion or anything - ;) - but to achieve what you need I have a firewall script and some explanation on my site (drw.ninth.su/gnu.html). It is based on what you'll find in the Securing Debian Manual (which is well worth a read if you feel up to it). Let me know if you have any questions. Dom I don't think giving a useful answer to a publicly asked question is self promotion. I have a minor problem with the page. It states ... updated to use the newer init system used now on Debian. Newer than what? Is this referring to a Debian release later than Lenny or is it requiring systemd? All I essentially know about init systems is that people either love or hate systemd. Will your script run on Squeeze and Wheezy? A more heavily commented commented version might be a suitable instructional tool for newbies. -- To UNSUBSCRIBE, email to debian-doc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5433cf85.2090...@cloud85.net
Re: Newbie friendly security and firewall docs (cookbook?)
Richard Owlett rowl...@cloud85.net writes: I have a minor problem with the page. It states ... updated to use the newer init system used now on Debian. Newer than what? Is this referring to a Debian release later than Lenny or is it requiring systemd? All I essentially know about init systems is that people either love or hate systemd. Will your script run on Squeeze and Wheezy? I'm referring to dependency based boot sequencing[1] which was introduced starting with Squeeze. It controls when services are started at boot time. I'll add more info to my page when I have time. So to cut a long story short it should work on both Squeeze and Wheezy. 1. More info here: https://wiki.debian.org/LSBInitScripts/ and here: https://wiki.debian.org/LSBInitScripts/DependencyBasedBoot -- To UNSUBSCRIBE, email to debian-doc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87bnpnhhwu@dwalden.co.uk
Re: Newbie friendly security and firewall docs (cookbook?)
[CC-ing you since I don't know if you're subscribed to -doc] On Du, 05 oct 14, 14:01:56, Richard Owlett wrote: I'm looking for a reference document that wouldn't scare my friend off Debian and also give me the required information to: Hi Richard, In the context of -doc the only document I'm aware of is the Securing Debian HOWTO. While it will probably contain all the information you require, but it's entirely possible it might scare your friend a bit. However, it might help you ask the correct questions on -user ;) Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature
Re: Newbie friendly security and firewall docs (cookbook?)
Andrei POPESCU wrote: [CC-ing you since I don't know if you're subscribed to -doc] I'm subscribed. On Du, 05 oct 14, 14:01:56, Richard Owlett wrote: I'm looking for a reference document that wouldn't scare my friend off Debian and also give me the required information to: Hi Richard, In the context of -doc the only document I'm aware of is the Securing Debian HOWTO. I've attempted to digest it. It's too complete - e.g. it talks about securing features [web servers etc] that I do not believe should exist on a system used by my target audience [including myself]. While it will probably contain all the information you require, but it's entirely possible it might scare your friend a bit. It scares me ;/ However, it might help you ask the correct questions on -user ;) Sometimes you don't know the right question until you learned enough to have most of the answer. Thank you. -- To UNSUBSCRIBE, email to debian-doc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543282ac.8060...@cloud85.net
Re: Newbie friendly security and firewall docs (cookbook?)
On 6 October 2014 13:53, Richard Owlett rowl...@cloud85.net wrote: In the context of -doc the only document I'm aware of is the Securing Debian HOWTO. I've attempted to digest it. It's too complete - e.g. it talks about securing features [web servers etc] that I do not believe should exist on a system used by my target audience [including myself]. Yes, the document is targeted towards a sysadmin audience, not a desktop user. That being said, it should be easy to write a Security for desktops chapter more targeted towards end-users including do's and dont's and recommended best practices there. While it will probably contain all the information you require, but it's entirely possible it might scare your friend a bit. It scares me ;/ Please go through chapter 2 Before you begin and 3 Before and during the installation. I think those chapters can be easily applied to a desktop environment. If they scare you maybe we have to tone down the content. Best regards Javier
Re: Newbie friendly security and firewall docs (cookbook?)
Javier Fernandez-Sanguino wrote: On 6 October 2014 13:53, Richard Owlett rowl...@cloud85.net mailto:rowl...@cloud85.net wrote: In the context of -doc the only document I'm aware of is the Securing Debian HOWTO. I've attempted to digest it. It's too complete - e.g. it talks about securing features [web servers etc] that I do not believe should exist on a system used by my target audience [including myself]. Yes, the document is targeted towards a sysadmin audience, not a desktop user. That being said, it should be easy to write a Security for desktops chapter more targeted towards end-users including do's and dont's and recommended best practices there. While it will probably contain all the information you require, but it's entirely possible it might scare your friend a bit. It scares me ;/ Please go through chapter 2 Before you begin and 3 Before and during the installation. I think those chapters can be easily applied to a desktop environment. If they scare you maybe we have to tone down the content. Will do. Probably not today, my furnace is out and cold front coming. I would recommend it as a separate document or as an appendix rather than a chapter. You want to refer a newbie to something small if possible. Best regards Javier -- To UNSUBSCRIBE, email to debian-doc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54329249.3070...@cloud85.net
Re: Newbie friendly security and firewall docs (cookbook?)
Richard Owlett rowl...@cloud85.net writes: I'm looking for a reference document that wouldn't scare my friend off Debian and also give me the required information to: 1. close the maximum number of ports. I see him using browser, email, ftp file downloading. I don't see him being a server. All incoming packets should be to fulfill a previous outgoing request - [correctly phrased?]. Totally not self-promotion or anything - ;) - but to achieve what you need I have a firewall script and some explanation on my site (drw.ninth.su/gnu.html). It is based on what you'll find in the Securing Debian Manual (which is well worth a read if you feel up to it). Let me know if you have any questions. Dom -- To UNSUBSCRIBE, email to debian-doc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87d2a55btv@dwalden.co.uk
Newbie friendly security and firewall docs (cookbook?)
I'm a relatively new convert from Windows to Debian, although I've been a computer _user_ since the early 60's. I've evidently been talking up Linux enough that a friend is shipping a spare laptop with a request that I install my preferred version. [He is hesitant about his ability to do so although he is the one with a B.S.E.E.] I intend to set it up as multi-boot: 1. whatever Windows is on it 2. Squeeze LTS with Gnome2 - I like it and believe he will like its human interface. 3. Wheezy with KDE - Wheezy is more uptodate and I suspect would want some KDE specific applications. Although I've been asking questions for several months, they have been piecemeal and probably poorly worded. I'm looking for a reference document that wouldn't scare my friend off Debian and also give me the required information to: 1. close the maximum number of ports. I see him using browser, email, ftp file downloading. I don't see him being a server. All incoming packets should be to fulfill a previous outgoing request - [correctly phrased?]. 2. list of daemons/services/??? that should be disabled or not installed. I intend selecting common desktop tasks, laptop tasks and common tasks from the the menu near end of the installer. What else should I be asking? Thank you. -- To UNSUBSCRIBE, email to debian-doc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543195a4.8060...@cloud85.net
