RE: suggestions welcome

To: <debian-user@lists.debian.org>
Subject: RE: suggestions welcome
From: "justin cunningham" <jcunningham@engine8.com>
Date: Tue, 15 Jan 2002 17:26:18 -0800
Message-id: <[🔎] 03f001c19e2c$cc00d200$da01a8c0@tin>
In-reply-to: <[🔎] 20020116000030.GE21542@fishbowl.madduck.net>

Thanks a bunch Martin!  Your response was exactly what I was looking
for.  

-----Original Message-----
From: martin f krafft [mailto:madduck@madduck.net] 
Sent: Tuesday, January 15, 2002 4:01 PM
To: 		
Subject: Re: suggestions welcome

also sprach justin cunningham <jcunningham@engine8.com> [2002.01.15.1907
+0100]:
> Given the above details what's the best way to approach the project?

easy: install, but when asked about tasksel and/or dselect, select "no"
both times. i don't recall what exactly is in this vanilla system that
you'll then have, but i know that it does include things like portmap
and others. so right there, run dselect as root on the console and
*purge* everything you don't need. (purging is done with the _ key).
then, press enter, and select "remove" from the menu, when that's done,
quit dselect and run

  dpkg -l

to verify what is installed.

then you just use

  apt-get install <packagename>

to add just what you want, so you will probably want to add "ssh" and
maybe some security tools like "arpwatch", "snort", "tcpdump",
"logcheck", "iptables" (kernel 2.4) or "ipchains" (kernel 2.2),
"kernel-image-2.2.20" (you don't want to run < 20, and 2.4 isn't ready
for production in many peoples' opinion (i use it for production
though)).

other things that don't hurt: "apt-utils", "cruft", "suidmanager",
"w3m", "wget", "ncftp" (to replace ftp), "netcat" (to replace telnet),
"nmap", "ntp-simple", "logoutd", "tripwire", "tmpreaper", "uptimed",
"watchdog", and "wipe".

you can get info on each package by executing

  apt-cache show <packagename>

moreover, you might want to look into the following packages:

  harden - Makes your system hardened.
  harden-clients - Avoid clients that are known to be insecure.
  harden-doc - Useful documentation to secure a Debian system.
  harden-environment - Hardened system environment.
  harden-localflaws - Avoid packages with security holes.
  harden-remoteaudit - Audit your system from this host.
  harden-remoteflaws - Avoid packages with security holes.
  harden-servers - Avoid servers that are known to be insecure.
  harden-tools - Tools to enhance or analyze the security.

and then even though "exim" is already installed and you thus have a
full-featured MTA, you have the option of other good ones, like postfix,
qmail, zmailer, and many others. just attempt to purge exim in dselect,
press 'R', then purge exim again, and find all the available mailers
right there on that page. <enter> will get you back to the dselect
package selection.

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck

this site has moved.
we'd tell you where, but then
we'd have to delete you.

Reply to:

Follow-Ups:
- Re: suggestions welcome
  - From: martin f krafft <madduck@madduck.net>

References:
- Re: suggestions welcome
  - From: martin f krafft <madduck@madduck.net>

Prev by Date: Re: vi vs ae
Next by Date: Re: Help! Random reboots after booting
Previous by thread: Re: suggestions welcome
Next by thread: Re: suggestions welcome
Index(es):
- Date
- Thread