Re: Questions on Securing Debian Howto
Hello nddias ([EMAIL PROTECTED]) wrote: I am setting up a Debian (sarge) webserver to run over my home DSL connection. I've been using my best common sense and a whole lot of googling to follow along with the Securing Debian Howto, but I still have some questions/need clarifications on some points. The numbers in parentheses refer to the sections of this guide: http://www.debian.org/doc/manuals/securing-debian-howto/ 4.2 Executing a security update Is the NAT/firewall in my wireless router (WEP enabled) sufficient protection when doing the security update during installation? NAT is sufficient, as long as you don't forward new connections from the outside into your local network. By the way, NAT may be sufficient, WEP is not. Switch to WPA if you can, and use a good and long passphrase. 4.2.2 Security update of the Kernel I recompiled and installed a 2.6.8 kernel w/ local APIC support disabled because I was getting spurious interrupt messages. I also enabled Athlon support. Will apt/dpkg still be able to detect when kernel updates are necessary according to this section? Or am I on my own to maintain my custom kernel? If you install your own kernel, you are on your own. apt can however detect when a new version of the kernel-source package is available. I also recommend that you use kernel-package/make-kpkg to build your kernel, or (as someone already mentioned) use a Debian kernel and switch off APIC using the noapic boot option. 4.9.1, 4.9.2 These sections refer to modifying apt.conf, but this file doesn't exist...instead there is an /etc/apt/apt.conf.d directory and in it a 70debconf file. I can't find any docs on how this directory structure works or the proper way to modify it. The apt man page says that apt first reads the file in APT_CONFIG but this env var is not set. I have found plenty of docs on using apt, but none on configuring it. Simply create apt.conf, or create your own file in /etc/apt/conf.d. best regards Andreas Janssen -- Andreas Janssen [EMAIL PROTECTED] PGP-Key-ID: 0xDC801674 ICQ #17079270 Registered Linux User #267976 http://www.andreas-janssen.de/debian-tipps-sarge.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Questions on Securing Debian Howto
Hi, I am setting up a Debian (sarge) webserver to run over my home DSL connection. I've been using my best common sense and a whole lot of googling to follow along with the Securing Debian Howto, but I still have some questions/need clarifications on some points. The numbers in parentheses refer to the sections of this guide: http://www.debian.org/doc/manuals/securing-debian-howto/ 4.2 Executing a security update Is the NAT/firewall in my wireless router (WEP enabled) sufficient protection when doing the security update during installation? 4.2.2 Security update of the Kernel I recompiled and installed a 2.6.8 kernel w/ local APIC support disabled because I was getting spurious interrupt messages. I also enabled Athlon support. Will apt/dpkg still be able to detect when kernel updates are necessary according to this section? Or am I on my own to maintain my custom kernel? 4.7 Restricting console login access The section talks about login.defs and securetty (PAM) config files, but both are installed on my system (default Debian install). Which one takes precedence, or are both in effect? 4.9.1, 4.9.2 These sections refer to modifying apt.conf, but this file doesn't exist...instead there is an /etc/apt/apt.conf.d directory and in it a 70debconf file. I can't find any docs on how this directory structure works or the proper way to modify it. The apt man page says that apt first reads the file in APT_CONFIG but this env var is not set. I have found plenty of docs on using apt, but none on configuring it. I'm sure I'll have more questions, but that's it for now. Thanks! Nathan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions on Securing Debian Howto
On Thu, Feb 02, 2006 at 03:26:15PM -0800, nddias wrote: These sections refer to modifying apt.conf, but this file doesn't exist...instead there is an /etc/apt/apt.conf.d directory and in it a 70debconf file. I can't find any docs on how this directory structure works or the proper way to modify it. The apt man page says that apt first reads the file in APT_CONFIG but this env var is not set. I have found plenty of docs on using apt, but none on configuring it. Create apt.conf. APT looks for the file, and is is used if found. Kumar -- Kumar Appaiah, 462, Jamuna Hostel, Indian Institute of Technology Madras, Chennai - 600 036 signature.asc Description: Digital signature
Re: Questions on Securing Debian Howto
On 2 Feb 2006 15:26:15 -0800 nddias [EMAIL PROTECTED] wrote: 4.2.2 Security update of the Kernel I recompiled and installed a 2.6.8 kernel w/ local APIC support disabled because I was getting spurious interrupt messages. I also enabled Athlon support. There are kernel packages for Athlon (the ones with k7) and you can disable local APIC with boot option 'noapic' Will apt/dpkg still be able to detect when kernel updates are necessary according to this section? Or am I on my own to maintain my custom kernel? I think so... AFAIK apt keeps track only of it's own packages. Even if you built it with make-kpkg it probably won't get updated. Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]