LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 05-30-2011, 04:27 PM   #1
sneakyimp
Member
 
Registered: Dec 2004
Posts: 795

Rep: Reputation: 50
modify sources.list to improve security?


I've got an amazon EC2 instance running Natty 11.04. I want to harden this server and make sure it's very secure as I ultimately will be handling sensitive data. I'm wondering what should be in /etc/apt/sources.list. Can anyone comment on these contents? Or, better yet, recommend a good secure sources.list file?

Code:
## Note, this file is written by cloud-init on first boot of an instance
## modifications made here will not survive a re-bundle.
## if you wish to make changes you can:
## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
##     or do the same in user-data
## b.) add sources in /etc/apt/sources.list.d
## c.) make changes to template file /etc/cloud/templates/sources.list.tmpl
#

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://us-west-1.ec2.archive.ubuntu.com/ubuntu/ natty main
deb-src http://us-west-1.ec2.archive.ubuntu.com/ubuntu/ natty main

## Major bug fix updates produced after the final release of the
## distribution.
deb http://us-west-1.ec2.archive.ubuntu.com/ubuntu/ natty-updates main
deb-src http://us-west-1.ec2.archive.ubuntu.com/ubuntu/ natty-updates main

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://us-west-1.ec2.archive.ubuntu.com/ubuntu/ natty universe
deb-src http://us-west-1.ec2.archive.ubuntu.com/ubuntu/ natty universe
deb http://us-west-1.ec2.archive.ubuntu.com/ubuntu/ natty-updates universe
deb-src http://us-west-1.ec2.archive.ubuntu.com/ubuntu/ natty-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
# deb http://us-west-1.ec2.archive.ubuntu.com/ubuntu/ natty multiverse
# deb-src http://us-west-1.ec2.archive.ubuntu.com/ubuntu/ natty multiverse
# deb http://us-west-1.ec2.archive.ubuntu.com/ubuntu/ natty-updates multiverse
# deb-src http://us-west-1.ec2.archive.ubuntu.com/ubuntu/ natty-updates multiverse

## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
# deb http://us-west-1.ec2.archive.ubuntu.com/ubuntu/ natty-backports main restricted universe multiverse
# deb-src http://us-west-1.ec2.archive.ubuntu.com/ubuntu/ natty-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu natty partner
# deb-src http://archive.canonical.com/ubuntu natty partner

deb http://security.ubuntu.com/ubuntu natty-security main
deb-src http://security.ubuntu.com/ubuntu natty-security main
deb http://security.ubuntu.com/ubuntu natty-security universe
deb-src http://security.ubuntu.com/ubuntu natty-security universe
# deb http://security.ubuntu.com/ubuntu natty-security multiverse
# deb-src http://security.ubuntu.com/ubuntu natty-security multiverse
 
Old 05-30-2011, 04:44 PM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,630

Rep: Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518
Question doesn't really make sense.

You have the security repos enabled already and you don't have any third-party ones enabled.

I guess you could comment out the universe lines, but let's hope all the programs you want are in main and not universe nor multiverse.
 
Old 05-30-2011, 05:02 PM   #3
sneakyimp
Member
 
Registered: Dec 2004
Posts: 795

Original Poster
Rep: Reputation: 50
if one specifies 'universe' as my sources.list does, then that would include software that is "not officially supported" and which may contain either non-free software or copyrighted material. What concerns me most is that the universe repository appears to include packages developed by the world at large and this introduces the possibility that I may inadvertently install somebody's backdoor along with my various packages and their dependencies. Just because I reference only ubuntu servers doesn't guarantee security, does it?

On the other hand, ratcheting it down to just "main" might preclude software that I need for my LAMP server -- as you pointed out.

Just wondering what the common wisdom is when setting up a LAMP server to handle sensitive data.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
'E:Malformed line 54 in source list /etc/apt/sources.list (dist parse), E:The list of vsssuccess@gmail.com Linux - Desktop 1 11-17-2010 08:17 AM
Whats the security updates now for the sources.list for etch/Debian? steelheat Linux - Newbie 7 12-15-2007 06:45 PM
Need Recommendation for Debian Etch sources.list ( /etc/apt/sources.list ) forgox Debian 6 05-05-2007 01:57 PM
Problems with apt/sources.list and security.debian.org grmoen Debian 2 01-04-2006 06:56 AM
Ubuntu Sources List! I need some great sources lists! Jengo Linux - Newbie 1 06-24-2005 04:50 PM


All times are GMT -5. The time now is 10:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration