Web lists-archives.com

Re: security issues




On Saturday 26 August 2017 14:51:41 Brian wrote:

> On Sat 26 Aug 2017 at 07:40:09 -0400, Gene Heskett wrote:
> > On Saturday 26 August 2017 04:13:38 Dejan Jocic wrote:
> > > On 26-08-17, R Calleja wrote:
> > > > Buenos dias, soy usuario de debian 8.9 desde hace 2 años.
> > > > Tengo problemas de seguridad que me obligan a reinstalar el
> > > > sistema a menudo, una vez al año.
> > > > He leido documentos y ayuda para mejorar la seguridad.
> > > > Pero no soy un usuario con conocimientos avanzados de sistemas.
> > > > Mi objetivo es conseguir una estacion de trabajo segura .
> > > > He conocido herramientas como:
> > > > Lynis, openval, nessus, grsecurity,apparmor, selinux, etc
> > > > Si puede alguien con conocimientos de seguridad  ayudarme. O hay
> > > > alguna empresa que de soporte.
> > > >
> > > > Muchas gracias, Roberto
> > > >
> > > >
> > > > Good afternoon, I have been debian 8.9 user for 2 years.
> > > > I have security issues that force me to reinstall the system
> > > > often, once a year.
> > >
> > > What security issues?
> > >
> > > > I have read documents and help to improve security.
> > >
> > > What documents?
> > >
> > > > But I am not a user with advanced systems knowledge.
> > >
> > > That is not problem, you can find lots of tutorials and documents
> > > around.
> > >
> > > > My goal is to get a safe work station.
> > > > I have known tools like:
> > > > Lynis, openval, nessus, grsecurity, apparmor, selinux, etc.
> > >
> > > Apparmor and selinux do not go together, use just apparmor because
> > > it is easier to set up and easier not to mess up. Selinux in
> > > theory can provide you with more protection, but in practical use
> > > you will not see it. Lynis is probably too much for you. Openval I
> > > do not know, nessus I did not use. Grsecurity is, according to
> > > Linus Torvald:
> > >
> > > "
> > >
> > >     Don't bother with grsecurity.
> > >
> > >     Their approach has always been "we don't care if we break
> > >     anything, we'll just claim it's because we're extra secure".
> > >
> > >     The thing is a joke, and they are clowns. When they started
> > >     talking about people taking advantage of them, I stopped
> > >     trying to be polite about their bullshit.
> > >
> > >     Their patches are pure garbage.
> > >
> > >     Linus
> > > "
> > >
> > > > If anyone with safety knowledge can help me. Or is there any
> > > > support company.
> > > >
> > > > Thank you very much, Roberto
> > >
> > > For someone who knows little, you are sure installing too much
> > > things. Here are some general advices, but do not take this for
> > > granted, it is based on personal opinion after all, and I'm not
> > > security expert, though I did read for few of those have to say
> > > about security in linux.
> > >
> > > 1. Firewall. If you are connected to net and use some services you
> > > really want it. Choose simple one, like gufw. That is front end
> > > for ufw ( uncomplicated firewall ) and will serve your needs well.
> > > If you want something more secure, but really more complicated,
> > > you will have to learn iptables.
> >
> > If the security being worried about is external, coming in and
> > attacking you from the internet, then I would recommend getting an
> > aftermarket router with enough flashable memory to support
> > reprogramming it with dd-wrt. I don't worry about local security
> > here as we're an older couple and the wife is not computer
> > litterate, so I am the only user.  I don't
>
> That's what you think! But while you are slumbering, she is emailing
> friends and talking with Donald on Twitter. Never underestimate a
> woman's ability to manipulate a communication medium.
>
Ahh, no.  This one is 77 yo, dying of COPD slowly but surely.  She also 
fell and broke a hip back in February, which was replaced, and what 
little moving around is usually with e walker assist, and just to the 
potty chair 10 feet from the recliner she has taken up residence in, and 
with an oxy hose hanging on her ears, probably sleeps 12-16 hours a day.  
Not at all computer litterate. Ever.

A retired elementary school music teacher, she was once forced to use an 
elderly PB 286 computer with 2 floppy disks, running dos3.2, to do her 
report cards.  That disaster was not, to my knowledge, repeated.  One of 
the reasons she took her 34 years of credit for teaching and retired in 
the late 90's.

I am doing all the housekeeping and cooking since February. And I do take 
time out for "my stuff" like these mailing lists, and converting elderly 
machine tools, mills and lathes, to 10x the original precision with 
linuxcnc, new drive screws and me making at least half the hardware to 
make the conversions.  And I just wrote the gcodes to put a new barrel 
in old meat in the pot, chambered for 6.5 Creedmoor.  The barrels in it 
from the early '60's up till now have all been for the 30-06 Ackley 
Improved, but its kick was beginning to beat the old man up. So I do 
this stuff to keep me out of the bars.  Seems to be working fairly 
well... ;-)  And I make some furniture from time to time.

> > install any of the firewall type stuff, dd-wrt in the router is the
> > best guard dog. I've been running some form of it for 15 or more
> > years, and have not been breached.
>
> Isn't dd-wrt only suitable for particular routers?
>
> > OTOH, if other family members are able to access your machine, then
> > it may be that apparmor needs to be installed & setup.
>
> Not really. But, if it is to your taste, go ahead,


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>