Web lists-archives.com

Re: security issues




On Sat 26 Aug 2017 at 07:40:09 -0400, Gene Heskett wrote:

> On Saturday 26 August 2017 04:13:38 Dejan Jocic wrote:
> 
> > On 26-08-17, R Calleja wrote:
> > > Buenos dias, soy usuario de debian 8.9 desde hace 2 años.
> > > Tengo problemas de seguridad que me obligan a reinstalar el sistema
> > > a menudo, una vez al año.
> > > He leido documentos y ayuda para mejorar la seguridad.
> > > Pero no soy un usuario con conocimientos avanzados de sistemas.
> > > Mi objetivo es conseguir una estacion de trabajo segura .
> > > He conocido herramientas como:
> > > Lynis, openval, nessus, grsecurity,apparmor, selinux, etc
> > > Si puede alguien con conocimientos de seguridad  ayudarme. O hay
> > > alguna empresa que de soporte.
> > >
> > > Muchas gracias, Roberto
> > >
> > >
> > > Good afternoon, I have been debian 8.9 user for 2 years.
> > > I have security issues that force me to reinstall the system often,
> > > once a year.
> >
> > What security issues?
> >
> > > I have read documents and help to improve security.
> >
> > What documents?
> >
> > > But I am not a user with advanced systems knowledge.
> >
> > That is not problem, you can find lots of tutorials and documents
> > around.
> >
> > > My goal is to get a safe work station.
> > > I have known tools like:
> > > Lynis, openval, nessus, grsecurity, apparmor, selinux, etc.
> >
> > Apparmor and selinux do not go together, use just apparmor because it
> > is easier to set up and easier not to mess up. Selinux in theory can
> > provide you with more protection, but in practical use you will not
> > see it. Lynis is probably too much for you. Openval I do not know,
> > nessus I did not use. Grsecurity is, according to Linus Torvald:
> >
> > "
> >
> >     Don't bother with grsecurity.
> >
> >     Their approach has always been "we don't care if we break
> >     anything, we'll just claim it's because we're extra secure".
> >
> >     The thing is a joke, and they are clowns. When they started
> >     talking about people taking advantage of them, I stopped
> >     trying to be polite about their bullshit.
> >
> >     Their patches are pure garbage.
> >
> >     Linus
> > "
> >
> > > If anyone with safety knowledge can help me. Or is there any support
> > > company.
> > >
> > > Thank you very much, Roberto
> >
> > For someone who knows little, you are sure installing too much things.
> > Here are some general advices, but do not take this for granted, it is
> > based on personal opinion after all, and I'm not security expert,
> > though I did read for few of those have to say about security in
> > linux.
> >
> > 1. Firewall. If you are connected to net and use some services you
> > really want it. Choose simple one, like gufw. That is front end for
> > ufw ( uncomplicated firewall ) and will serve your needs well. If you
> > want something more secure, but really more complicated, you will have
> > to learn iptables.
> 
> If the security being worried about is external, coming in and attacking  
> you from the internet, then I would recommend getting an aftermarket 
> router with enough flashable memory to support reprogramming it with 
> dd-wrt. I don't worry about local security here as we're an older couple 
> and the wife is not computer litterate, so I am the only user.  I don't 

That's what you think! But while you are slumbering, she is emailing
friends and talking with Donald on Twitter. Never underestimate a woman's
ability to manipulate a communication medium.

> install any of the firewall type stuff, dd-wrt in the router is the best 
> guard dog. I've been running some form of it for 15 or more years, and 
> have not been breached.

Isn't dd-wrt only suitable for particular routers?

> OTOH, if other family members are able to access your machine, then it 
> may be that apparmor needs to be installed & setup.

Not really. But, if it is to your taste, go ahead,

-- 
Brian.