also sprach Roberto C. Sanchez <email@example.com> [2005.09.03.0311 +0200]: > I seem to recall on an episode of MacGyver where MacGyver took > some duck tape, Please watch your words! It would be more politically correct to use the term "duct tape", rather than the brand name here. First of all, duck tape didn't exist at the time when McGyver's hairdoo was only beaten by that of the actors of Dallas, and second: some of us may take personal offence at the thought of *ducks* being made into *plastic strips*. > On to more serious responses. Uh, right... sorry. > OpenLDAP is your friend. It is? It's definitely my enemy. But we have come to good terms now that I set cron to restart it every 4 hours to prevent it from exploding and rendering our server useless until an administrator could intervene. Okay, I am talking about several dozen of logins per second (it's a cluster), but still... > You want to look at the Bastille package. It will walk you > through the hardening of your system in a tutorial fashion and > explain at each step what it wants to do, why it wants to do it, > and reasons why you may or may not want to deviate from the > default. It's also *terribly* outdated, breaks some things when used carelessly, and gives a wonderfully false sense of security. The same applies to tiger/TARA, btw. > Also, read the Securing Debian Manual: > http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html > It is a bit more general in nature, but has some good information. It is one of the best resources on Linux security out there. Javier, you rock! -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <firstname.lastname@example.org> : :' : proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP (sub)keys? Use subkeys.pgp.net as keyserver! on the other hand, you have different fingers.
Description: Digital signature (GPG/PGP)