fbmail at ozemail.com.au
Thu Oct 11 00:34:22 PDT 2001
also sprach Henning Rohde on Wednesday, 10 Oct 2001:
> hmm, Fergus, please explain what do you want to achive, what are you
> afraid of?
Good question! Firstly, I want to ensure that my system is secure;
secondly, I want to learn more about security measures, and starting
from a very basic Home PC setup seems a good place to begin.
> You wonder why I'm asking although you've given quite some details?
> The security-requirements for any system depends on the purpose you want
> to use it for.
Point taken. Purpose of my system? E-mail & web browsing, both done
via a modem connection to my ISP, no sendmail, no fetchmail, no ftpd, no
telnetd, etc. Other than that, I use the machine to keep a few personal
records, play xMahjongg and Civilization (on Win98 - not interested in
freeciv), build LFS (my way of learning Linux). That's about it - I
don't use it for work, I'm not a programmer (if I were I'd be every
programmer's worst nightmare!). In short, it's more of a hobby for me.
> If you'd like to setup a server, I'd recommend that it's serving only
> one single service, anything else raises the risk of losing data because
> of an exploit in a sevice that appears unimportant and is because of
> that seldomly updated.
> -> Because there's only one open port on it, there's no need to do
> firewalling, except for special cases, see my firewalling-hint.
> -->> If you can't afford this layout you've to make a compromise at
This will come later, when I can afford to put a second machine
together, and will then require further learning - but not an issue at
Accidentally deleting files or dirs is certainly no greater risk than I
run under Win98 - the only time I have done it was because I didn't pay
attention when using fdisk, still feeling embarrassed about that one!
Normally I double check before I give anything the royal flick.
> --->>> This is the case where the hard labour begins: ;-)
> (A+B) Think about some elaborated layout of your filesystems:
> /, /bin, /dev, /etc, /lib, /sbin, /usr \
> on a seperate partition, mounted read-only
> /boot - " -, - " -
> If you would really like to setup this layout, please ask again, I'll
> tell you of my experiences in doing so, some of the bootscripts have to
> be changed.
I'll follow this one up a bit later if I may, but I am certainly
interested in this approach.
> (D+E) Setup your own 'personal firewall', as lined out in my hint.
Already got a copy, but not yet studied it - on the 'TO DO' list!
> PS: excuse me for starting a new thread, but I couldn't find your first
> mail as a posting in the newsgroup.
The original thread forked into discussions of freeciv and firewalling.
Many thanks for your comments, Henning. I guess some of the confusion
from my original e-mail arises from the fact that I'm more interested in
learning about security issues than needing to resolve particular
fbmail at ozemail.com.au
This day shall not come again,
Each minute a priceless gem.
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message
More information about the blfs-support