Does anyone know a complete guidline for establishing security for debian servers?
- Thread starter xodsuefk
- Start date
Your Google-fu is weak youngling.
This article by Linux.org regular @blunix was posted here at the end of March.
This article by Linux.org regular @blunix was posted here at the end of March.
This page could be quite helpful:
The whole manual is very comprehensive for debian on the issues.
The whole manual is very comprehensive for debian on the issues.
@osprey I actually also read this one while writing my blogpost, and found that there are many tutorials that offer in-depth security measures, but not many good ones that just explain the basics for people new to linux.
@JasKinasis that thread is sadly dead - i tried to revive it a couple of times, but the interest in our community to contribute was sadly low. I have hence written a blogpost about it (a LONG) one and posted it at the top of the thread. This way the thread still has value to users.
I'd still be delighted if we could finish the thread ofc
@JasKinasis that thread is sadly dead - i tried to revive it a couple of times, but the interest in our community to contribute was sadly low. I have hence written a blogpost about it (a LONG) one and posted it at the top of the thread. This way the thread still has value to users.
I'd still be delighted if we could finish the thread ofc
It doesn't need to be update constantly, it might be an idea to pin/sticky it so that it stays at the top of the forum category that way it's easier to find and update if someone does think of something to add.
Oh cmon we tried so long, the topic is easy Nobody really stuck to the rules. I consider it a failed experiment, thats why I wrote one myself. Feel free to read it, its well worth it. Was quite a bit of work.
Nobody really stuck to the rules. I consider it a failed experiment, thats why I wrote one myself. Feel free to read it, its well worth it. Was quite a bit of work.
Is openscap available for Debian? I know it is for most major Distro's.
I typically run this to see what fails. Then I run ansible scripts to fix the holes.
galaxy.ansible.com
galaxy.ansible.com
These cover about 95% of what openscap finds.
Also is "lynis" available for Debian?
I typically run this to see what fails. Then I run ansible scripts to fix the holes.
Ansible Galaxy
Ansible Galaxy
These cover about 95% of what openscap finds.
Also is "lynis" available for Debian?
In relation to openscap and lynis, both are available in debian:Is openscap available for Debian? I know it is for most major Distro's.
I typically run this to see what fails. Then I run ansible scripts to fix the holes.
Ansible Galaxy
Ansible Galaxy
These cover about 95% of what openscap finds.
Also is "lynis" available for Debian?
Code:
[tom@min ~]$ apt-cache show openscap-<TAB>
openscap-common openscap-scanner
openscap-doc openscap-utils
[tom@min ~/notes]$ apt-cache show lynis<TAB>
lynis
Mm.
That's probably due to the fact that, for the majority of folks coming to Linux nowadays, running a server is of no interest whatsoever. Although I've been with Linux for around a decade myself, even I have no interest in such a thing.
Yes, I know the majority of internet servers are more often than not powered by various server builds of Linux, and the call for Linux sysadmins is growing all the time. But the landscape is very different now compared to the early days.
If you're old enough to remember, getting a toehold in the Linux world back then involved proving your abilities to the rest of the still fledgeling Linux community........usually involving building & setting-up your own server AND creating, building & hosting your own website. Only by so doing were the rest of the community convinced you were serious.
For most, the transition to Linux is due to various degrees of getting p***ed-off by M$'s self-centred antics.......and these folks mainly want a replacement desktop OS that will do everything - or at least, the equivalent - that their Windoze install did/yet does. Everybody wants to be online, yet very few have the slightest interest in the technology that makes the web possible....
Mike.
In Azure and AWS, there are marketplace Linux images that come "pre-hardened".
Most of our cloud servers use CIS compliant Linux images. Of course this does limit
what distro's are available.
www.cisecurity.org
Most of our cloud servers use CIS compliant Linux images. Of course this does limit
what distro's are available.
CIS Hardened Images
CIS offers dozens of hardened images via major cloud computing vendors. CIS Hardened Images are available on AWS, GCP, and Microsoft Azure.
www.cisecurity.org
well the microsoft server market is pretty much dead by now and replaced by linux. in my career i heared of somebody running a osx server once. not sure if they still exist.
when I started linux the desktop community was MUCH smaller. It was literally before there was ubuntu. I started with debian on my laptop x)
Its very nice to see that so many ppl use linux on the desktop by now, but essentially every website you visit runs linux under the hood or openbsd if its sth paranoid. or microsoft if its a giant corporation xD they still use this old windows server nonsense.
when I started linux the desktop community was MUCH smaller. It was literally before there was ubuntu. I started with debian on my laptop x)
Its very nice to see that so many ppl use linux on the desktop by now, but essentially every website you visit runs linux under the hood
or openbsd if its sth paranoid. or microsoft if its a giant corporation xD they still use this old windows server nonsense.azure and hardending (security optimized) in one sentence is funny x)
Thats not how it works and just marketing nonsense. You restrict services to the bare minimum of permissions it requires to run and then, if you're paranoid, monitor if it tries to break the rules. That only works if you know the application, which cloud providers of course don't - they can not estimate how I wrote my application.
Azure does not make these images ( well not most of them, I'm sure they do the Ubuntu and Windows ones ) , they are in the marketplace images. The leading security recommendations are from CIS..
CIS Red Hat Enterprise Linux Benchmarks
Download our step-by-step checklist to secure your platform: An objective, consensus-driven security guideline for Red Hat Enterprise Linux.
www.cisecurity.org
These are the standards the US government, military and RSA use. Azure has little to do with them, other than that's the platform they run on.
Latest posts
-
-
-
Solved Select and copy ALL code generated in the terminal THE EASY WAY- Latest: Sherri is a Cat
-
