C.3. Recommended Partitioning Scheme. For new users, personal Debian boxes, home systems, and other single-user setups, a single / partition (plus swap) is probably the easiest, simplest way to go. However, if your partition is larger than around 6GB, choose ext3 as your partition type. Ext2 partitions need periodic file system integrity checking, and this can cause delays during booting when the partition is large. For multi-user systems or systems with lots of disk space, it's best to put /usr, /var, /tmp, and /home each on their own partitions separate from the / partition.
You might need a separate /usr/local partition if you plan to install many programs that are not part of the Debian distribution. For very complex systems, you should see the Multi Disk HOWTO. With respect to the issue of swap partition size, there are many views. On some 32-bit architectures (m68k and PowerPC), the maximum size of a swap partition is 2GB. As an example, an older home machine might have 32MB of RAM and a 1.7GB IDE drive on /dev/hda.
Securing Debian Manual - Introduction. [ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ A ] [ B ] [ C ] [ D ] [ E ] [ F ] [ G ] [ H ] [ next ] One of the hardest things about writing security documents is that every case is unique. Two things you have to pay attention to are the threat environment and the security needs of the individual site, host, or network. For instance, the security needs of a home user are completely different from a network in a bank. While the primary threat a home user needs to face is the script kiddie type of cracker, a bank network has to worry about directed attacks. Additionally, the bank has to protect their customer's data with arithmetic precision. Note that this manual only covers issues relating to software. This document just gives an overview of what you can do to increase the security of your Debian GNU/Linux system. 1.1 Authors The current maintainer of this document is Javier Fernández-Sanguino Peña.
Now to the official part. Secure Ubuntu Desktop Using Firestarter Firewall. Firestarter is an Open Source visual firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators. Install Firestarter in Ubuntu If you want to install firestarter firewall run the following commannd sudo apt-get instal firestarter This will complete the installation If you want to open fire starter go to System--->Administration--->Firestarter For the first time you should see the following screen and click on forward Select Network Device setup and click on forward Select if you have any internet connection sharing and click on forward Here you need to click on check box next to start firewall now and click on save Now you should see the firestarter GUI like below Every time firestarter starting GUI it will prompt for root password may be this is bit difficult for this you can do the following steps to avoid password. export EDITOR=gedit && sudo visudo %ruchi ALL= NOPASSWD: /usr/sbin/firestarter sudo -- K.
Ubuntu (Gutsy): DynDNS Client Setup « Ivan Torres (mexpolk) Hello again, this time we’re going to setup a DynDNS client so your computer/server can be reached from anywhere. Step 1 First, you need to create an account with DynDNS to do so follow this howto: Step 2 First we’ll install ssh and ssh-socket so we can send our DynDNS user and password encrypted instead clear text: $ sudo apt-get install ssh libio-socket-ssl-perl Step 3 Install ddclient: $ sudo apt-get install ddclient Step 4 The installation will prompt you some questions.
Then, put your fully qualified domain name(s): Now, your DynDNS requistered username and password: And finally, type “web” as the DynDNS interface to use: Ok, so long we’ve finished installing ddclient but there’s still more work to do in order to get it working properly. Step 5 We, need to change the ddclient configuration file (/etc/ddclient.conf) in order to use ssh to send the username and password, and to properly check the IP adrress. . $ sudo vim /etc/ddclient.conf Step 7. See Where a Package is Installed on Ubuntu. Once you use the apt-get utility to install a package, sometimes it seems to disappear into nowhere. You know it’s installed, you just have no idea where. If you know the name of the executable, you can use the which command to find the location of the binary, but that doesn’t give you information on where the supporting files might be located.
There’s an easy way to see the locations of all the files installed as part of the package, using the dpkg utility. dpkg -L <packagename> Example: I had installed davfs2, but I wasn’t sure where the configuration file was, so I ran this command: Well, now I don’t have to wonder anymore. Geek@ubuntuServ:~$ dpkg -L davfs2 | grep etcdavfs2: /etc/davfs2/secretsdavfs2: /etc/davfs2/davfs2.confdavfs2: /etc/davfs2 Even easier to read. Update: Changed from -S to -L thanks to a tip from sebest. Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. How to setup a Ubuntu development server - Part 1. Since I'm starting some real work on my final school project, I want to install a Ubuntu development server here at home.
I have a Pentium 4 box here that will perform that task. In this first part I will show you how to install Subversion over WebDAV. All of this will be done in such a way that it's easy to serve multiple projects at once. In future parts I will tell you more about installing Trac, FastCGI (with Apache) to host Rails applications and how to use Capistrano to deploy your app properly. For now, let's get cracking at Subversion. ~ First off, I installed Ubuntu 6.10 on my server. Because I don't need a graphical user interface, I have installed Ubuntu in text-only mode. Open up to the universe The first thing I always do when I install a Ubuntu box is to enable the universe package repositories. Edit /etc/apt/sources.list and uncomment all the Universe related lines. The next step is to make sure all software present is up-to-date.
That's it. Getting SSH up and running Apache. Tutorial: Secure Ubuntu With AppArmor - Overclock.net - Overclocking.net. As a follow up to my previous post which gave an overview of various security technologies that can help greatly fortify Linux against attacks, I decided to provide a little tutorial aimed at putting one of these technologies to practice. Specifically, I will give an overview of how to use the Mandatory Access Control system known as AppArmor. I chose AppArmor here for two reasons: A) It is easier to configure for a novice than SELinux is.
B) It already comes preinstalled on the most popular Linux distro, Ubuntu (and Kubuntu). As I outlined in my previous post, there are several MAC/RBAC systems available for Linux. The most popular are probably SELinux and AppArmor. Both are similar in that they are plugged directly into the kernel via the LSM framework. If You Are Interested in SELinux If you want to use SELinux, then I suggest you install Fedora.
Getting started If you're on Ubuntu all you have to do to get started is: Code: sudo apparmor_status sudo enforce <application_name> Dynamic twin view with nvidia-settings from the command line? Setting Up Gitosis On Ubuntu. Overview This article is part one of a two part series that covers setting up a hosting server using gitosis for your central repository, and in the next article, taking an existing SVN repository and running the appropriate scripts and commands necessary to migrate it into something git can work with. So this article is how to setup and manage a git repository.
There are some great services out there than can do this for you, but why pay money for something you can easily do for free? This article shows how to setup and manage a secure and private git repository that people can use as a central sharing point. Setting Up Gitosis Gitosis is a tool for hosting git repositories. Its common usage is for a central repository that other developers can push changes to for sharing. First clone the gitosis repository and run the basic python install. Sudo apt-get install python-setuptools And then you can easily install it: git clone cd gitosis sudo python setup.py install.
Your Distro is Insecure: Ubuntu. Ubuntu Server has one of the cleanest and easiest Linux distribution installers. However, in many cases, its designers choose to ignore security in favor of ease-of-use. The result? An install that is not secure by default. During the last couple of years, Linux distributions have focused on improving the installation process of Linux in order to make the freely available operating system available to more people. It’s a noble goal, however, when making anything in computing easier, a common approach is to make a number of decisions for the user — decisions that can put an inexperienced (and possibly an experienced) Linux installer at risk. Unfortunately, many Linux distributions make a number of painfully wrong security decisions at install.
For this article we’ll look at Ubuntu Sever version 8.10. Identity,Authentication, andAuthorization Identity is key to providing access to computing resources. Excuses, Excuses Security During Installation Figure 1: Set up users and passwords.