On 06/29/2017 06:46 PM, Ansar Mohammed wrote:
> Actually James, incompetence would be opening up a high security
> system to additional attack vectors without a good business or
> technical reason (which you really haven't provided).
>
>
The business reason is the world is moving to IPv6.
Actually James, incompetence would be opening up a high security system to
additional attack vectors without a good business or technical reason
(which you really haven't provided).
On Thu, Jun 29, 2017 at 6:33 PM James Knott via talk
wrote:
> I have worked with
On 06/29/2017 06:18 PM, Ansar Mohammed wrote:
> Oh, and that growing portion of the internet that's IPv6 only is
> primarily China.
>
Actually, Belgium is in the lead, at around 35%. However, in many parts
of the world including, but not limited to, China IPv6 is the only thing
available,
It's not a matter of being afraid of anything. Security 101 tells you to
reduce your attack surface area.
I would not increase my attack surface area just for the sake of being an
early adopter of IPv6.
To be clear the conversation is about hardening. This is the right thing to
do.
On Thu, Jun
On Thu, Jun 29, 2017 at 07:31:10PM +, Ansar Mohammed wrote:
> IMHO if you are looking for a hardened system you should not start with
> Ubuntu.
> Ubuntu is what l like to call 'kitchen sink Linux'
Yeah I wouldn't start with that either.
> Start with a minimal Debian install, then add the
On 06/29/2017 03:31 PM, Ansar Mohammed via talk wrote:
> Disable IPv6.
Why? That's the way the Internet is moving.
Perhaps something like this would be useful:
https://www.suse.com/documentation/sles11/book_hardening/data/book_hardening.html
---
Talk Mailing List
talk@gtalug.org
IMHO if you are looking for a hardened system you should not start with
Ubuntu.
Ubuntu is what l like to call 'kitchen sink Linux'
Start with a minimal Debian install, then add the packages you need
incrementally.
Package removal is never an exact rollback of package installation.
Then add your
On Thu, Jun 29, 2017 at 10:18:26AM -0400, Anthony de Boer via talk wrote:
> Lennart Sorensen wrote:
> > On Wed, Jun 28, 2017 at 07:21:55PM -0400, Anthony de Boer via talk wrote:
> > > Many years ago a coworker tried "chmod 700" on /etc etc, and chmod 600 on
> > > many key files, the upshot of
Lennart Sorensen wrote:
> On Wed, Jun 28, 2017 at 07:21:55PM -0400, Anthony de Boer via talk wrote:
> > Many years ago a coworker tried "chmod 700" on /etc etc, and chmod 600 on
> > many key files, the upshot of which was that everything on the "secured"
> > firewall had to run as root and it
I think OP will be the only user on the server, so chmod /etc is not that
important. If someone exploits any service and gets a shell on the box,
chmod will not help too much.
Jailing the accessible servers on a container, or a old school chroot would
be nice.
On Jun 29, 2017 10:24, "Lennart
On 27/06/17 07:37 PM, Truth Hacker via talk wrote:
> Hi All,
>
> I am starting to go down the road to harden a Linux server, I am using
> the Ubuntu server image as my starting point.
>
> I searched a few articles and compiled a list of things to do, so far
> the stuff is a bit dated. So I was
On Thu, Jun 29, 2017 at 09:24:09AM -0400, Lennart Sorensen via talk wrote:
> On Wed, Jun 28, 2017 at 07:21:55PM -0400, Anthony de Boer via talk wrote:
> > Christopher Browne via talk wrote:
> > > On 27 June 2017 at 19:53, Kevin Cozens via talk wrote:
> > > > You may also want to
On Wed, Jun 28, 2017 at 07:21:55PM -0400, Anthony de Boer via talk wrote:
> Christopher Browne via talk wrote:
> > On 27 June 2017 at 19:53, Kevin Cozens via talk wrote:
> > > You may also want to "chmod 711 /etc", FWIW.
> >
> > That means that non-root-space applications will
13 matches
Mail list logo