[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Questions on Securing Debian Howto



Hello

nddias (<nathan.d.dias@gmail.com>) wrote:

> I am setting up a Debian (sarge) webserver to run over my home DSL
> connection. I've been using my best common sense and a whole lot of
> googling to follow along with the "Securing Debian Howto, but I still
> have some questions/need clarifications on some points. The numbers in
> parentheses refer to the sections of this guide:
> 
> http://www.debian.org/doc/manuals/securing-debian-howto/
> 
> 4.2 Executing a security update
> 
> Is the NAT/firewall in my wireless router (WEP enabled) sufficient
> protection when doing the security update during installation?

NAT is sufficient, as long as you don't forward new connections from the
outside into your local network. By the way, NAT may be sufficient, WEP
is not. Switch to WPA if you can, and use a good and long passphrase.

> 4.2.2 Security update of the Kernel
> 
> I recompiled and installed a 2.6.8 kernel w/ local APIC support
> disabled because I was getting "spurious interrupt" messages. I also
> enabled Athlon support. Will apt/dpkg still be able to detect when
> kernel updates are necessary according to this section? Or am I on my
> own to maintain my custom kernel?

If you install your own kernel, you are on your own. apt can however
detect when a new version of the kernel-source package is available. I
also recommend that you use kernel-package/make-kpkg to build your
kernel, or (as someone already mentioned) use a Debian kernel and
switch off APIC using the noapic boot option.

> 4.9.1, 4.9.2
> 
> These sections refer to modifying apt.conf, but this file doesn't
> exist...instead there is an /etc/apt/apt.conf.d directory and in it a
> 70debconf file. I can't find any docs on how this directory structure
> works or the proper way to modify it. The apt man page says that apt
> first reads the file in APT_CONFIG but this env var is not set. I have
> found plenty of docs on using apt, but none on configuring it.

Simply create apt.conf, or create your own file in /etc/apt/conf.d.

best regards
        Andreas Janssen

-- 
Andreas Janssen <andreas.janssen@bigfoot.com>
PGP-Key-ID: 0xDC801674 ICQ #17079270
Registered Linux User #267976
http://www.andreas-janssen.de/debian-tipps-sarge.html



Reply to: