modify sources.list to improve security?
I've got an amazon EC2 instance running Natty 11.04. I want to harden this server and make sure it's very secure as I ultimately will be handling sensitive data. I'm wondering what should be in /etc/apt/sources.list. Can anyone comment on these contents? Or, better yet, recommend a good secure sources.list file?
Code:
## Note, this file is written by cloud-init on first boot of an instance |
Question doesn't really make sense.
You have the security repos enabled already and you don't have any third-party ones enabled. I guess you could comment out the universe lines, but let's hope all the programs you want are in main and not universe nor multiverse. |
if one specifies 'universe' as my sources.list does, then that would include software that is "not officially supported" and which may contain either non-free software or copyrighted material. What concerns me most is that the universe repository appears to include packages developed by the world at large and this introduces the possibility that I may inadvertently install somebody's backdoor along with my various packages and their dependencies. Just because I reference only ubuntu servers doesn't guarantee security, does it?
On the other hand, ratcheting it down to just "main" might preclude software that I need for my LAMP server -- as you pointed out. Just wondering what the common wisdom is when setting up a LAMP server to handle sensitive data. |
All times are GMT -5. The time now is 02:20 PM. |