[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Windows Server to Debian migration

also sprach Roberto C. Sanchez <roberto@familiasanchez.net> [2005.09.03.0311 +0200]:
> I seem to recall on an episode of MacGyver where MacGyver took
> some duck tape,

Please watch your words! It would be more politically correct to use
the term "duct tape", rather than the brand name here. First of all,
duck tape didn't exist at the time when McGyver's hairdoo was only
beaten by that of the actors of Dallas, and second: some of us may
take personal offence at the thought of *ducks* being made into
*plastic strips*.

> On to more serious responses.

Uh, right... sorry.

> OpenLDAP is your friend.

It is? It's definitely my enemy. But we have come to good terms now
that I set cron to restart it every 4 hours to prevent it from
exploding and rendering our server useless until an administrator
could intervene. Okay, I am talking about several dozen of logins
per second (it's a cluster), but still...

> You want to look at the Bastille package.  It will walk you
> through the hardening of your system in a tutorial fashion and
> explain at each step what it wants to do, why it wants to do it,
> and reasons why you may or may not want to deviate from the
> default. 

It's also *terribly* outdated, breaks some things when used
carelessly, and gives a wonderfully false sense of security. The
same applies to tiger/TARA, btw.

> Also, read the Securing Debian Manual:
> http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html
> It is a bit more general in nature, but has some good information.

It is one of the best resources on Linux security out there. Javier,
you rock!

Please do not send copies of list mail to me; I read the list!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer and author: http://debiansystem.info
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP (sub)keys? Use subkeys.pgp.net as keyserver!
on the other hand, you have different fingers.

Attachment: signature.asc
Description: Digital signature (GPG/PGP)

Reply to: