Re: Debian security team support for Bullseye?

On 2023-01-07 11:22 -0800, John Conover wrote: > How much longer will Debian security team support Bullseye? For one year after the release of Bookworm, whenever that may be. > The LTS Wiki page is kind of confusing as to when I have to upgrade to > Bookworm. It seems to project that the LTS te

Re: debian security for personal box

On Mon, Dec 13, 2021 at 08:52:55AM +0800, Piper H wrote: >Hello members, >After installation debian. shall I change the default SSH port (22) to a >random port? >Shall I disable the root login? and what other policy should be applied >generally for security? >Thanks >Pip

Re: Debian Security

Hi, Sorry Andrew for the CC. This one wasn't done on purpose. Your message was saved in draft and I did a mistake for the sending. On 2021-08-11 4:21 a.m., Polyna-Maude Racicot-Summerside wrote: > Hi, > > On 2021-07-24 5:33 a.m., Andrew M.A. Cater wrote: >> On Sat, Jul 24, 2021 at 01:07:24AM -04

Re: Debian Security

Hi, On 2021-07-24 5:33 a.m., Andrew M.A. Cater wrote: > On Sat, Jul 24, 2021 at 01:07:24AM -0400, Polyna-Maude Racicot-Summerside > wrote: >> Hi ! >> How would you copy the debian security update repository ? >> I know it's not recommended. >> But I'd like to do so. >> -- >> Polyna-Maude R.-Summ

Re: Debian Security

Hi, On 2021-07-24 5:33 a.m., Andrew M.A. Cater wrote: > On Sat, Jul 24, 2021 at 01:07:24AM -0400, Polyna-Maude Racicot-Summerside > wrote: >> Hi ! >> How would you copy the debian security update repository ? >> I know it's not recommended. >> But I'd like to do so. >> -- >> Polyna-Maude R.-Summ

Re: Debian Security

On 2021-07-24 at 13:44, Polyna-Maude Racicot-Summerside wrote: > Hi, > > On 2021-07-24 12:11 p.m., Georgi Naplatanov wrote: > >> On 7/24/21 6:47 PM, Polyna-Maude Racicot-Summerside wrot >> >>> I simply want to have a local copy of the security updates so I >>> can install machine really fast wi

Re: Debian Security

Hi, On 2021-07-24 12:11 p.m., Georgi Naplatanov wrote: > On 7/24/21 6:47 PM, Polyna-Maude Racicot-Summerside wrot >> >> I simply want to have a local copy of the security updates so I can >> install machine really fast with some limited bandwidth. And I can't use >> apt-cache because I want this t

Re: Debian Security

On Sat, Jul 24, 2021 at 11:47:41AM -0400, Polyna-Maude Racicot-Summerside wrote: > Hi, > > > On 2021-07-24 4:49 a.m., to...@tuxteam.de wrote: [...] > Yes, I'm talking about doing a local copies of all packages in > debian-security. I see. > I've tried using debmirror and it seems to fail beca

Re: Debian Security

On 7/24/21 6:47 PM, Polyna-Maude Racicot-Summerside wrot > > I simply want to have a local copy of the security updates so I can > install machine really fast with some limited bandwidth. And I can't use > apt-cache because I want this to be on a hard disk and independant of > the network. > In

Re: Debian Security

Hi, On 2021-07-24 4:49 a.m., to...@tuxteam.de wrote: > On Sat, Jul 24, 2021 at 01:07:24AM -0400, Polyna-Maude Racicot-Summerside > wrote: >> Hi ! >> How would you copy the debian security update repository ? > > What do you mean by "copy the repository"? Make local copies of all the > packages

Re: Debian Security

On Sat, Jul 24, 2021 at 01:07:24AM -0400, Polyna-Maude Racicot-Summerside wrote: > Hi ! > How would you copy the debian security update repository ? > I know it's not recommended. > But I'd like to do so. > -- > Polyna-Maude R.-Summerside > -Be smart, Be wise, Support opensource development > In

Re: Debian Security

hello, what are your intentions? would an apt-cacher be an option? so you can download it once and distribute it several times. Am 24.07.21 um 07:07 schrieb Polyna-Maude Racicot-Summerside: > Hi ! > How would you copy the debian security update repository ? > I know it's not recommended. > But I'

Re: Debian Security

On Sat, Jul 24, 2021 at 01:07:24AM -0400, Polyna-Maude Racicot-Summerside wrote: > Hi ! > How would you copy the debian security update repository ? What do you mean by "copy the repository"? Make local copies of all the packages in debian-security? In that case, perhaps debmirror [1] is for you.

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

On Wed, Feb 17, 2016 at 10:08 PM, Tom Browder wrote: > I have several remote Debian 7 servers and would like to secure it in > the following manner: > > 1. root will not be allowed any external access (access is only via a > user becoming root while logged in) > > 2. after initial setup, no ssh a

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

On 2/18/2016 5:05 PM, Roman wrote: > Seriously, you have to trust someone to achieve goals. So accessing > server via ssh keys is pretty normal and secure + ldaps auth of course > (centralized account management), so if someone leaves, just disable > his account. sudo supports ldap auth, kind of

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

On Fri, Feb 19, 2016 at 09:30:20AM +1300, Richard Hector wrote: > That then means that you don't get to choose which people have root on > which boxes - anyone who gets the rule gets the lot. And that includes > anyone who leaves, of course. Yes, but a leaked root password for one host does not tr

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

On Wed, Feb 17, 2016 at 02:24:02PM +, Darac Marjal wrote: > On Wed, Feb 17, 2016 at 08:08:26AM -0600, Tom Browder wrote: > >2. after initial setup, no ssh access will be allowed via a password > > $ echo "PasswordAuthentication No" | sudo tee -a /etc/ssh/sshd_config Convenient for writing in

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

On Wednesday 17 February 2016 14:24:02 Darac Marjal wrote: > >2. after initial setup, no ssh access will be allowed via a password > > $ echo "PasswordAuthentication No" | sudo tee -a /etc/ssh/sshd_config That's a bad idea: You may end up with 2 PasswordAuthentication entries in sshd_config. Tha

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Please don't cc me; I'm on the list] On 19/02/16 11:05, Roman wrote: > 2016-02-18 22:30 GMT+02:00 Richard Hector >: > > > > I think a better solution in the end is to generate a random password > for each box, and leave it, on paper, in a safe or similar.

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

2016-02-18 22:30 GMT+02:00 Richard Hector : > > > I think a better solution in the end is to generate a random password > for each box, and leave it, on paper, in a safe or similar. It's very > rare anyone needs to use it. > > > Here is a hint (joke), how to secure root password for servers that a

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

On 18/02/16 11:02, Jeremy T. Bouse wrote: >>> I do agree locking the root password isn't advisable. As I use >>> >> configuration management/automation to handle my servers I simply set the >>> >> root password to generated password that only I know the algorithm to >>> >> reproduce it when I n

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

On Wed, Feb 17, 2016 at 4:02 PM, Jeremy T. Bouse wrote: > On 2/17/2016 3:31 PM, Tom Browder wrote: >> On Wed, Feb 17, 2016 at 9:33 AM, Jeremy T. Bouse >> wrote: ... >>> I do agree locking the root password isn't advisable. As I use >>> configuration management/automation to handle my servers

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

On 2/17/2016 3:31 PM, Tom Browder wrote: > On Wed, Feb 17, 2016 at 9:33 AM, Jeremy T. Bouse > wrote: >> Setting SSH "PermitRoot no" and "PasswordAuthentication no" are good >> starts... I'd also check that "ChallengeResponseAuthentication no" is set as >> well as some PAM modules will utiliz

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

On Wed, Feb 17, 2016 at 9:33 AM, Jeremy T. Bouse wrote: > Setting SSH "PermitRoot no" and "PasswordAuthentication no" are good > starts... I'd also check that "ChallengeResponseAuthentication no" is set as > well as some PAM modules will utilize it and be able to get around passwords > being e

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

Setting SSH "PermitRoot no" and "PasswordAuthentication no" are good starts... I'd also check that "ChallengeResponseAuthentication no" is set as well as some PAM modules will utilize it and be able to get around passwords being entered as well as "UsePAM no" I do agree locking the root pa

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Feb 17, 2016 at 04:26:28PM +0100, Peter Ludikovsky wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > More or less. What I wouldn't agree with is locking the root account > completely, because, like Thomas said, you'll be locked out

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 More or less. What I wouldn't agree with is locking the root account completely, because, like Thomas said, you'll be locked out should you ever be dropped to a rescue shell due to an hardware error. Regards, /peter Am 17.02.2016 um 15:56 schrieb Tom

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

On Wed, Feb 17, 2016 at 8:24 AM, Darac Marjal wrote: > On Wed, Feb 17, 2016 at 08:08:26AM -0600, Tom Browder wrote: >> >> I have several remote Debian 7 servers and would like to secure it in >> the following manner: ... I can follow that! Thanks so much, Darac. Best, -Tom

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

On Wed, Feb 17, 2016 at 8:23 AM, Peter Ludikovsky wrote: > -BEGIN PGP SIGNED MESSAGE- ... Thanks, Peter. Do you agree with Darac's solution? Best, -Tom

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Feb 17, 2016 at 02:24:02PM +, Darac Marjal wrote: > On Wed, Feb 17, 2016 at 08:08:26AM -0600, Tom Browder wrote: > >I have several remote Debian 7 servers and would like to secure it in > >the following manner: > > > >1. root will not be al

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, The first requirement is simple. Add the line PermitRootLogin no or change it accordingly, and reload the SSH daemon. For the second: do you want to disallow any logins via passwords, or are the to be allowed once to set up the keys? The first

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

On Wed, Feb 17, 2016 at 08:08:26AM -0600, Tom Browder wrote: I have several remote Debian 7 servers and would like to secure it in the following manner: 1. root will not be allowed any external access (access is only via a user becoming root while logged in) Ensure all users who may be allowed

Re: Debian security.

On Mon, 3 Apr 2006 18:10:57 -0500 "Dan Sheffner" <[EMAIL PROTECTED]> wrote: > The only security that you can guarantee is what you do to the server to > secure it. Even Microsoft doesn't guarantee security. "Even"??? That's about the most unsecure computer environment! But still many people fals

Re: Debian security.

The only security that you can guarantee is what you do to the server to secure it.  Even Microsoft doesn't guarantee security.On 4/3/06, Steve Block < [EMAIL PROTECTED]> wrote:On Mon, Apr 03, 2006 at 01:44:16PM +0200, Jan Schledermann wrote: >Surachai Locharoen wrote:>>> Is there any body guarante

Re: Debian security.

On Mon, Apr 03, 2006 at 01:44:16PM +0200, Jan Schledermann wrote: Surachai Locharoen wrote: Is there any body guarantee debian security. I want to install debian as my server instead of redhat as3 server which just attack by Phishing. Kan Nope no guaranties! But you won't get such guaranties

Re: Debian security.

On 4/3/06, Surachai Locharoen <[EMAIL PROTECTED]> wrote: > Is there any body guarantee debian security. I want to install debian as > my server instead of redhat as3 server which just attack by Phishing. > > Kan As stated already, this sort of problem usually comes about because of some insecure P

Re: Debian security.

Andrew Sackville-West wrote: > On Mon, 03 Apr 2006 15:15:38 +0700 > Surachai Locharoen <[EMAIL PROTECTED]> wrote: > > >>Is there any body guarantee debian security. I want to install debian as >>my server instead of redhat as3 server which just attack by Phishing. >> >>Kan >> > > > just out of

Re: Debian security.

On Mon, 03 Apr 2006 15:15:38 +0700 Surachai Locharoen <[EMAIL PROTECTED]> wrote: > Is there any body guarantee debian security. I want to install debian as > my server instead of redhat as3 server which just attack by Phishing. > > Kan > just out of curiosity, how was your machine "Attacked" b

Re: Debian security.

Surachai Locharoen wrote: > Is there any body guarantee debian security. I want to install debian as > my server instead of redhat as3 server which just attack by Phishing. > > Kan Nope no guaranties! But you won't get such guaranties from ANY other os supplier either. Security of software is muc

Re: Debian security for home user

[EMAIL PROTECTED] (Wanda Round) writes: > Can someone point me to a simple document for a home > user using Debian 3.0 testing on one machine with > dialup connection? That is, just a simple intro or > maybe checklist with pointers. Make sure you have a line in your /etc/apt/sources.list that men

Re: Debian security for home user

Wanda Round wrote: Debian certainly has lots of help files for security, so many that I got overwhelmed. Can someone point me to a simple document for a home user using Debian 3.0 testing on one machine with dialup connection? That is, just a simple intro or maybe checklist with pointers. Iptables

Re: Debian security for home user

Hello Wanda! On Tue, Apr 20, 2004 at 11:25:51AM -0700, Wanda Round wrote: > Debian certainly has lots of help files for security, > so many that I got overwhelmed. > > Can someone point me to a simple document for a home > user using Debian 3.0 testing on one machine with > dialup connection? Tha

Re: Debian security prb

On Tue, Aug 26, 2003 at 09:03:26AM +0200, Fr?d?ric Aliotti wrote: > I have installed Debian GNU/Linux 3.0 rl "Woody" Official i386. > I'm trying to use an application called Cyberdocs on this computer : this > application have to open OpenOffice.org to convert word documents to XML. > This proces

Re: Debian security prb

On Wed, 2003-08-27 at 03:14, Frédéric Aliotti wrote: > Hello > > A 13:49 26/08/03 -0400, vous avez écrit : > >On Tue, 2003-08-26 at 03:03, Frédéric Aliotti wrote: > > > I have installed Debian GNU/Linux 3.0 rl "Woody" Official i386. > > > I'm trying to use an application called Cyberdocs on this c

Re: Debian security prb

On Tue, 2003-08-26 at 03:03, Frédéric Aliotti wrote: > I have installed Debian GNU/Linux 3.0 rl "Woody" Official i386. > I'm trying to use an application called Cyberdocs on this computer > : this application have to open OpenOffice.org to convert word > documents to XML. This process is triggered

Re: Debian security support for older versions

On Saturday 01 March 2003 22:44, Nathan E Norman wrote: > I don't think you could have chosen a worse analogy. Read the thread again. I was replying to Paul Johnson who could not understand that people can need security support for more than three years. To you I would say that Moores law relate

Re: Debian security support for older versions

On Sat, Mar 01, 2003 at 12:59:11PM +0100, Svenn Are Bjerkem wrote: > On Friday 28 February 2003 11:26, Paul Johnson wrote: > > Why is obscelesence somehow a surprise to people? > > Because you don't expect your vacuum cleaner to > need a new hose every 3 years... ? I don't think you could have ch

Re: Debian security support for older versions

On Saturday 01 March 2003 16:07, Paul Johnson wrote: > Software != household appliances They are placed next to each other in many stores. Now even grocery stores offer PC's. Milk, eggs and XP2003 ... Darwin says: Adopt or die. Svenn -- To UNSUBSCRIBE,

Re: Debian security support for older versions

On Sat, Mar 01, 2003 at 12:59:11PM +0100, Svenn Are Bjerkem wrote: > > Why is obscelesence somehow a surprise to people? > > Because you don't expect your vacuum cleaner to > need a new hose every 3 years... ? Software != household appliances -- .''`. Baloo <[EMAIL PROTECTED]> : :' :p

Re: Debian security support for older versions

On Friday 28 February 2003 11:26, Paul Johnson wrote: > Why is obscelesence somehow a surprise to people? Because you don't expect your vacuum cleaner to need a new hose every 3 years... ? Svenn -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [E

Re: Debian security support for older versions

hi ya On Fri, 28 Feb 2003, Johann Spies wrote: > The article "New Linux support policies are ominous" by Jon Lasser, > Security Focus Online at > http://www.theregister.co.uk/content/61/29330.html is disturbing. It not a issue at all ... one usually doesnt pay redhat's $50K/yr support or $300

Re: Debian security support for older versions

On Fri, Feb 28, 2003 at 11:48:28AM +0200, Johann Spies wrote: > The article "New Linux support policies are ominous" by Jon Lasser, > Security Focus Online at > http://www.theregister.co.uk/content/61/29330.html is disturbing. It > highlights new support policies from Mandrake and Redhat that is ba

Re: Debian security support for older versions

On Fri, Feb 28, 2003 at 11:48:28AM +0200, Johann Spies wrote: > The article "New Linux support policies are ominous" by Jon Lasser, > Security Focus Online at > http://www.theregister.co.uk/content/61/29330.html is disturbing. It Not really. Is it really too much to ask that you go download free

Re: Debian security support for older versions

On Fri, Feb 28, 2003 at 11:48:28AM +0200, Johann Spies wrote: > What exactly is Debian's policy regarding security support for older > versions? I know there is still support for potato, but for how long? http://lists.debian.org/debian-devel-announce-0302/msg00010.html > What are the opinions

Re: Debian security

oliver_willemse: >Hey people, > >I'm looking for documents/howto's for securing my Debian box. For it >concerns many different issues I'm curious if there might be a nice document >for this. > There is such a document at: http://www.debian.org/doc/manuals/securing-debian-howto/ This HOWTO is quit

Re: Debian Security

On Fri, Apr 28, 2000 at 05:43:10AM -0800, Ethan Benson wrote: > if you go with *nix you should also check out the book "Practical Guide > to Unix and internet security" (or very close to that, sorry don't > have it handy at the moment) it does a good job pointing out > historical mistakes and wha

Re: Debian Security

On Fri, Apr 28, 2000 at 06:18:12AM -0700, Dan Hutchinson wrote: > Thanks for the response. I was working for the government and we were > just hacked twice with a WindowsNT System. I am basically looking for > a way to make it hard to be hacked. Right now we are wide open and it > is mostly beca

Re: Debian Security

Thanks for the response. I was working for the government and we were just hacked twice with a WindowsNT System. I am basically looking for a way to make it hard to be hacked. Right now we are wide open and it is mostly because management wants there ICQ, MSN, etc.. and total access to HTTP and

Re: Debian Security

On Thu, Apr 27, 2000 at 12:30:39PM -0700, Dan Hutchinson wrote: > This may be the wrong group for the following, but I went to the website > www.linuxsecurity.com and there stating that it is impossible to make > GNU/Linux -> Debian/Linux total secure because the root user has the > ability to chan

Re: debian-security: another new mailing list

Wichert Akkerman wrote: > Previously Keith Harbaugh wrote: > > This is to announce the establishment of a new debian mailing list: > > > > debian-security, > > > > for the discussion of all aspects of security > > significant to the Debian system, including cryptography. > > How can it happe

Re: debian-security: another new mailing list

Previously Keith Harbaugh wrote: > This is to announce the establishment of a new debian mailing list: > > debian-security, > > for the discussion of all aspects of security > significant to the Debian system, including cryptography. How can it happen that this list was made without the se

Re: Debian Security packages?

Ole B Hansen 22-07-97 09:18 Test af svar-agent fra OLH -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .

Re: Debian Security packages?

Ole B Hansen 22-07-97 09:18 Test af svar-agent fra OLH -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .

Re: Debian Security packages?

Ole B Hansen 22-07-97 09:18 Test af svar-agent fra OLH -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .

Re: Debian Security packages?

Ole B Hansen 22-07-97 09:18 Test af svar-agent fra OLH -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .

Re: Debian Security packages?

On May 22, Kendrick Myatt wrote > Be happy to make them... what all is involved? Do I have to have permission > of the author or anything weird like that? Please point me in the direction > oif whatever I need to get started. Sorry for the delay... To get started building Debian packages, you s

Re: Debian Security packages?

> Be happy to make them... what all is involved? Do I have to have permission > of the author or anything weird like that? Please point me in the direction > oif whatever I need to get started. I was about to complain about the lack of documentation about this, then I looked: http://www.

Re: Debian Security packages?

others packaged up... It'd be >great if you could package a few of them for Debian, since you're >interested in them. > > Christian > > >Attachment Converted: D:\Users\myattk\Eudora\download\Re Debian Security packages1 > -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .

Re: Debian Security packages?

On May 22, Kendrick Myatt wrote > Hello :) > > I have looked but not found many Debian packages of popular security > programs such as crack, lsof, cops, iss, satan, swatch, etc. I did find > tripwire on the debian site, though. > > Are these kept somewhere else, or do they not exist? Just wond