Fergus Belford fbmail at
Thu Oct 11 00:34:22 PDT 2001

also sprach Henning Rohde on Wednesday, 10 Oct 2001:

> hmm, Fergus, please explain what do you want to achive, what are you
> afraid of?

Good question! Firstly, I want to ensure that my system is secure;
secondly, I want to learn more about security measures, and starting
from a very basic Home PC setup seems a good place to begin.  
> You wonder why I'm asking although you've given quite some details?
> The security-requirements for any system depends on the purpose you want
> to use it for.

Point taken.  Purpose of my system?  E-mail & web browsing, both done
via a modem connection to my ISP, no sendmail, no fetchmail, no ftpd, no
telnetd, etc. Other than that, I use the machine to keep a few personal
records, play xMahjongg and Civilization (on Win98 - not interested in
freeciv), build LFS (my way of learning Linux). That's about it - I
don't use it for work, I'm not a programmer (if I were I'd be every
programmer's worst nightmare!). In short, it's more of a hobby for me. 

> If you'd like to setup a server, I'd recommend that it's serving only
> one single service, anything else raises the risk of losing data because
> of an exploit in a sevice that appears unimportant and is because of
> that  seldomly updated.
> -> Because there's only one open port on it, there's no need to do
> firewalling, except for special cases, see my firewalling-hint.
> -->> If you can't afford this layout you've to make a compromise at
> security.

This will come later, when I can afford to put a second machine
together, and will then require further learning - but not an issue at
the moment. 

Accidentally deleting files or dirs is certainly no greater risk than I
run under Win98 - the only time I have done it was because I didn't pay
attention when using fdisk, still feeling embarrassed about that one!
Normally I double check before I give anything the royal flick.

> --->>> This is the case where the hard labour begins:   ;-)
> (A+B) Think about some elaborated layout of your filesystems:
> /, /bin, /dev, /etc, /lib, /sbin, /usr  \
>         on a seperate partition, mounted read-only
> /boot           - " -,                  - " -
	<etc, etc>
> If you would really like to setup this layout, please ask again, I'll
> tell you of my experiences in doing so, some of the bootscripts have to
> be changed.

I'll follow this one up a bit later if I may, but I am certainly
interested in this approach. 

> (D+E) Setup your own 'personal firewall', as lined out in my hint.

Already got a copy, but not yet studied it - on the 'TO DO' list!
> PS: excuse me for starting a new thread, but I couldn't find your first
> mail as a posting in the newsgroup.

The original thread forked into discussions of freeciv and firewalling.

Many thanks for your comments, Henning.  I guess some of the confusion
from my original e-mail arises from the fact that I'm more interested in
learning about security issues than needing to resolve particular

Fergus Belford
fbmail at
This day shall not come again,
Each minute a priceless gem.

Unsubscribe: send email to listar at
and put 'unsubscribe blfs-support' in the subject header of the message

More information about the blfs-support mailing list