Re: Newbie friendly security and firewall docs (cookbook?)

To: debian-user@lists.debian.org
Subject: Re: Newbie friendly security and firewall docs (cookbook?)
From: Richard Owlett <rowlett@cloud85.net>
Date: Wed, 08 Oct 2014 09:12:26 -0500
Message-id: <[🔎] 5435464A.1080900@cloud85.net>
In-reply-to: <[🔎] m109ql$fak$1@news.albasani.net>
References: <[🔎] 543278E8.3090401@cloud85.net> <[🔎] m109ql$fak$1@news.albasani.net>

koanhead wrote:

On 10/06/2014 04:20 AM, Richard Owlett wrote:

I'm a relatively new convert from Windows to Debian...
I'm looking for a reference document that wouldn't scare my friend off
Debian and also give me the required information to:
   1. close the maximum number of ports.
      I see him using browser, email, ftp file downloading.
      I don't see him being a server. All incoming packets should be to
      fulfill a previous outgoing request - [correctly phrased?].


https://wiki.debian.org/iptables should be as much as you need to
accomplish this.

That page is unsuitable for the audience I wish to reach. I sawit some time ago and had gone looking for something I could use.It's one of those Debian pages that reminds me of CPM-80 manualsof decades ago. The information present, but ...

It will walk you through setting up a basic,
restrictive iptables ruleset with optional allowed inputs for services.
     What it does not do is explain what iptables is for, what packets
are, why they need filtering, et cetera. I don't know that there's such
an introductory page on the wiki, but if one does not exist I'd be happy
to collaborate with you on making one. Feel free to contact me off-list
if you'd like.

I'll take you up on that. I volunteered for something else thisweekend that may help me coherently describe what I'm looking for.

   2. list of daemons/services/??? that should be disabled or not installed.


It depends on what your friend will do with his computer, and it would
likely be easier to list the few services which *should* be installed.
Off the top of my head: rpcbind, udevd, syslogd, getty, your diplay
manager if any. Probably others depending on use.

Any service you're not currently using should be disabled. Any service
you won't use should not be installed.


Yeah. But ;/ The devil is in the details.
Where is a list of services.
How would Joe the Janitor and Mary the Florist chose?


If you're going to advise someone else, particularly a newcomer to
Debian, please read the manuals, particularly

https://www.debian.org/doc/manuals/debian-reference/


I've got a copy locally. Time for another reread.


It's a lot of reading, and I'm not saying you need to read it all before
you do or say anything- but most of your questions will be answered
there, and having read it, you'll know better which questions to ask.

Good luck, and have fun!

Reply to:

Follow-Ups:
- Re: Newbie friendly security and firewall docs (cookbook?)
  - From: Stuart Longland <stuartl@longlandclan.yi.org>

References:
- Newbie friendly security and firewall docs (cookbook?)
  - From: Richard Owlett <rowlett@cloud85.net>
- Re: Newbie friendly security and firewall docs (cookbook?)
  - From: koanhead <koanhead@riseup.net>

Prev by Date: Re: Moderated posts?
Next by Date: Re: pcmanfm won't mount USB stick on Jessie
Previous by thread: Re: Newbie friendly security and firewall docs (cookbook?)
Next by thread: Re: Newbie friendly security and firewall docs (cookbook?)
Index(es):
- Date
- Thread