| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4056BE5C.4060502@cc.kuleuven.ac.be> From: Rik.Bobbaers at cc.kuleuven.ac.be (harry) Subject: a secure base system harry wrote: > ... a lot of crap ;)) it seems that i wasn't exactly clear, when a system has been compromised, it has to be reinstalled completely. my intention is to set up a base system (an other system) just to run as a spare server (only for servers!!!). when a system gets compromised, we have to completely reinstall another server, which takes a lot of time. we don't want that... that's why i need a secure start for a new server, a base install from which we can install all our future servers the standard we use here is debian, so i guess i'm stuck to debian (or maybe trusteddebian, which i'm looking into right now) (no bsd :() RSBAC provides everything SELinux has, and more ==> which is in adamantix i'll see for a 2.6 kernel (since 2.4 and noexec doesn't help very much) remote logging (without a doubt) noexec, nodev, nosuid, ... on parts that we don't need lvm, raid1, ... so i think i know what to do now ( also talked to some peaple over here...) i'm gonna start installing later today :) thanks all... you are really the best! (i learn a lot on this list! :)) -- harry aka Rik Bobbaers ps. i'm a satisfied reader :)) K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 Rik.Bobbaers@...kuleuven.ac.be -=- http://harry.ulyssis.org "Work hard and do your best, it'll make it easier for the rest" -- Garfield
Powered by blists - more mailing lists