[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian or Redhat 7???

On Mon, Feb 19, 2001 at 07:13:40PM -0800, Rick Rezinas wrote:
> I've been loosely foloowing this thread, and hope you have the best of
> luck locking down.  A few places to start with the inetd.conf file.  You probably don't
> need any of those services.  Install ssh.  Setup your apt sources.list to
> check for 
> 
> deb http://security.debian.org stable/updates main contrib non-free
> 
> but you may want to use a mirror, so they don't get nailed.
> 

There are no mirrors of security.debian.org (or shouldn't be)
for security reasons.
This way the authenticity of security packages can be better controlled.

- Tal

> basically, each line in the sources.list has a list of packages, and they
> look to see who is the newest and install that puppy.
> 
> those are a coupla basic steps to locking down your box.  Others include
> not running named cux it's often a problem...I have no doubt that there are
> crackers out there with several named and sendmail holes in their pocket.
> That haven't been exposed before.  So if you run mail, check out qmail. 
> IMHO.  Don't have key services run as root, like your webserver if that is
> key.  That way if you get compromised they still need to work for root.
> 
> have a nice day
> rick
> 
> 
> 
> On Mon, 19 Feb 2001, Steve Rudd wrote:
> 
> > Steve here,
> > 
> > Well first, I repent of calling Linux 7: Redhat 7. Yes I am new. I have 
> > been maintaining my own box from a su level for about 3 months. That is why 
> > I was calling in an expert to install Debian tomorrow. It has become quite 
> > obvious to me that I am way over my head in trying to get my server secure.
> > 
> > But I would also like to say that I was humbled by the sheer volume of 
> > caring replies. I want to say that I have taken note of all of them and 
> > thank you.
> > 
> > My personal/superficial conclusions to my own questions based upon your 
> > replies is that Debian (as a software package) is a little more secure (for 
> > a variety of reasons), than Redhat 7. But the biggest factor is me getting 
> > pro help by someone who knows what he is doing. Done!
> > 
> > There is one primary reason why I would have chosen Debian over Redhat in 
> > the first place. The auto-update feature. I was on line for the Redhat 
> > Network. It never notified me of anything. Even now, after being hacked, is 
> > gives me those nice smiley icons saying all is ok! <g>
> > 
> > For me to get the box set up, then issue a one line command as the SU via 
> > "CRT" program in SSH mode, to update is breathtakingly attractive!
> > 
> > Steve
> > 
> > 
> > -- 
> > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> > 
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-- 
----------------------------------------------------------------- 
Tal Danzig     tal@libranet.com |          Libranet Linux
http://tal.thepenismightier.net |     http://www.libranet.com
-----------------------------------------------------------------
Reply to: