security

Fergus Belford fbmail at ozemail.com.au
Thu Oct 11 00:34:22 PDT 2001


also sprach Henning Rohde on Wednesday, 10 Oct 2001:

> hmm, Fergus, please explain what do you want to achive, what are you
> afraid of?

Good question! Firstly, I want to ensure that my system is secure;
secondly, I want to learn more about security measures, and starting
from a very basic Home PC setup seems a good place to begin.  
 
> You wonder why I'm asking although you've given quite some details?
> The security-requirements for any system depends on the purpose you want
> to use it for.

Point taken.  Purpose of my system?  E-mail & web browsing, both done
via a modem connection to my ISP, no sendmail, no fetchmail, no ftpd, no
telnetd, etc. Other than that, I use the machine to keep a few personal
records, play xMahjongg and Civilization (on Win98 - not interested in
freeciv), build LFS (my way of learning Linux). That's about it - I
don't use it for work, I'm not a programmer (if I were I'd be every
programmer's worst nightmare!). In short, it's more of a hobby for me. 

> 
> If you'd like to setup a server, I'd recommend that it's serving only
> one single service, anything else raises the risk of losing data because
> of an exploit in a sevice that appears unimportant and is because of
> that  seldomly updated.
> -> Because there's only one open port on it, there's no need to do
> firewalling, except for special cases, see my firewalling-hint.
> -->> If you can't afford this layout you've to make a compromise at
> security.

This will come later, when I can afford to put a second machine
together, and will then require further learning - but not an issue at
the moment. 

Accidentally deleting files or dirs is certainly no greater risk than I
run under Win98 - the only time I have done it was because I didn't pay
attention when using fdisk, still feeling embarrassed about that one!
Normally I double check before I give anything the royal flick.
 

> --->>> This is the case where the hard labour begins:   ;-)
> 
> (A+B) Think about some elaborated layout of your filesystems:
> /, /bin, /dev, /etc, /lib, /sbin, /usr  \
>         on a seperate partition, mounted read-only
> /boot           - " -,                  - " -
	<etc, etc>
 
> If you would really like to setup this layout, please ask again, I'll
> tell you of my experiences in doing so, some of the bootscripts have to
> be changed.

I'll follow this one up a bit later if I may, but I am certainly
interested in this approach. 

> (D+E) Setup your own 'personal firewall', as lined out in my hint.

Already got a copy, but not yet studied it - on the 'TO DO' list!
 
> PS: excuse me for starting a new thread, but I couldn't find your first
> mail as a posting in the newsgroup.

The original thread forked into discussions of freeciv and firewalling.

Many thanks for your comments, Henning.  I guess some of the confusion
from my original e-mail arises from the fact that I'm more interested in
learning about security issues than needing to resolve particular
problems!

-- 
Fergus Belford
fbmail at ozemail.com.au
--
This day shall not come again,
Each minute a priceless gem.

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message



More information about the blfs-support mailing list