Re: SOP for debian isp/corporate server...
Prasad,
1) There is a manual on securing Debian at:
http://www.debian.org/doc/manuals/securing-debian-howto
2) There really is no SOP on "bloat" because one man's bloat is another's needed
service.
You, however, can create your own. Basically do an install and add/strip
whatever packages you want. Once you have your "perfect" set of packages do a:
dpkg --get-selections '*' > {some-file-name}
You will now have a list of the status of all Debian packages (i.e. installed,
purged, etc.) on your system.
Next time you do an install do a:
dpkg --set-selections < {some-file-name}
then run apt-get dselect-upgrade
This will add and remove packages as needed to bring the packages on your new
system exactly like the base system.
Pete
--
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Ho
Quoting prasad <pgadgil@hathway.com>:
> hi,
>
> As many of you must have experienced, there are usual SOPs for setting
> up
> non-bloated, secure bare-bones Servers with respective OSs eg for
> solaris.
>
> Is there SOP for debian, if not, I guess this list is better poised to
> produce one. Any links, pointers... I have googled, but didn't find any
> old
> message,
>
> What applies for isp-servers also applies for corporate servers which
> are
> 24/7 connected to net for things like mail etc, which need to take
> similar
> precautions. One of the reasons I have found, one company took a policy
> decision to not deploy to linux servers some time back, is becuse these
> rapidly moving distros like RH with insecure preinstalled bloat, was
> causing
> major maintainance & security hasle. Now that RH is out of picture, and
> debian just the kind of thing made for such a configuration, SOP will
> help.
>
> regards,
> prasad
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
>
sting
Reply to: