Hardening Debian (Wheezy) on the desktop with KDE.
I would like to ask how should Debian be hardened on the desktop? By hardened, I am referring to security on the network including the Internet.
Is it possible for an attacker to read files stored on a remote Debian system? How secure is Web-browsing? Is it possible for a malicious web-page to change settings in /etc and replace executables?
If you are using a router make sure it has a Firewall and it is setup properly, if not use something like UFW to setup iptables.
1) disable any services you do not need
2) keep your system updated, especially the kernel and web browsers
3) never run web apps as root
4) use a firewall of some type
5) do not use telnet or other protocols that send info as plain text
6) be paranoid
even though it is a bit dated the harden-doc and harden packages are still worth using.
harden-doc - Useful documentation to secure a Debian system
bastille - Security hardening tool
harden - Makes your system hardened
harden-clients - Avoid clients that are known to be insecure
harden-environment - Hardened system environment
harden-nids - Harden a system by using a network intrusion detection system
harden-remoteaudit - Audit your remote systems from this host
harden-servers - Avoid servers that are known to be insecure
harden-surveillance - Check services and/or servers automatically
harden-tools - Tools to enhance or analyze the security of the local system
You may want to take a look at:
Security and Privacy on the Internet - https://www.linuxquestions.org/quest...internet-3080/
Grokking Debian GNU/Linux - https://www.linuxquestions.org/quest...nu-linux-3073/
First know what you are disabling, Google a process if you aren't sure what it is.
You can use sysv-rc-conf to disable them.
It used to be back in the day with Sarge and KDE I could get it down to around 45-50 running processes, now on sid with kde4 the best I can do is around 120+.
One of the first things I do on a new install is install and configure Bastille and a firewall.
UFW is reasonably simple to use.
The ufw kde module is nice since it gives you a gui in SystemSettings.
UFW KControl Module KDE-Apps.org - http://kde-apps.org/content/show.php?content=137789
Next setup tripwire and tiger, put the tripwire data on a usb drive.
If you run Stable it wouldn't hurt to install unattended-upgrades and/or use debsecan with a script to download/install security updates.
But then again I am paranoid. :P
I installed arno-iptables-firewall because I used it in the past.
|All times are GMT -5. The time now is 05:56 AM.|