Update chapter 14 "Security" for Debian 10
-
Update the chapter
- Take into the account the feedback received in #24 (closed) (about the apparmor section)
- Reconsider the fwbuilder recommendation (or put a disclaimer/work around => using iptables-legacy in the mean time) in light of https://github.com/fwbuilder/fwbuilder/issues/88 and debian-devel discussion: http://lists.debian.org/20190716095726.GA18908@home.ouaza.com
- Fix #25 (closed): document nftables/nft
- Get it reviewed
- Ask Seth Arnold to review the AppArmor section (he offered us to do that, please put hertzog@debian.org in copy of your mail)
- Fix the issues reported by the reviewer
- Announce availability of updated chapter to volunteer reviewers
Activity
added Chapter to update label
assigned to @frankhofmann-guest
assigned to @jorgesumle-guest and unassigned @frankhofmann-guest
mentioned in issue #12 (closed)
marked the checklist item Fix #25 (closed): document nftables/nft as completed
marked the checklist item Reconsider the fwbuilder recommendation (or put a disclaimer/work around => using iptables-legacy in the mean time) in light of https://github.com/fwbuilder/fwbuilder/issues/88 and debian-devel discussion: http://lists.debian.org/20190716095726.GA18908@home.ouaza.com as completed
marked the checklist item Take into the account the feedback received in #24 (closed) (about the apparmor as completed
added Chapter to review label and removed Chapter to update label
marked the checklist item Ask Seth Arnold to review the AppArmor section (he offered us to do that, please put hertzog@debian.org in copy of your mail) as completed
unassigned @jorgesumle-guest
Reviewed chapter 14 too. A few thoughts:
- I'm missing a section about fail2ban (I can write one too, but maybe not soon)
- 14.2.4 how often is ifupdown still used? should the example use systemd instead?
- 14.3.3.3 IIRC AIDE has a trigger to update the database after installing/updating/removing packages using the package system
- 14.3.3.3 rkhunter also has a database for file checksums
- 14.3.4 snort is missing from Jessie, but it is available in Buster (this release)
- 14.7.5 maybe list the commands to list files recently created?
- 14.7.5 wasn't there a special live-distro for forensics (IIRC GRML-Forensic, but there seem to be more now)?
As always there will be a separate merge request.
14.7.5 maybe list the commands to list files recently created?
Creation time is not something very common in Unix systems (https://unix.stackexchange.com/questions/20460/how-do-i-do-a-ls-and-then-sort-the-results-by-date-created), but modification time is. I feel though that this chapter is meant to give very general recommendations. Listing commands would be definitely useful, but there is no single approach: you can use
stat, you can usels, etc., but the creation time is still tricky and dependent on the filesystem (see https://stackoverflow.com/questions/14842195/how-to-get-file-creation-date-time-in-bash-debian). Do you think that adding a find command example to list the lately modified files would add much value?AIDE has a trigger to update the database after installing/updating/removing packages using the package system
I've read the documentation and some online tutorials and no-one mentions this feature. The cron file, however, sends information about changes made by the package manager after the daily checks, then I guess the administrator can choose if an update to the database should be made.
I'm missing a section about fail2ban (I can write one too, but maybe not soon)I'm missing a section about fail2ban (I can write one too, but maybe not soon)
I created a section called "Avoiding Intrusion", where I briefly talk about brute-force attacks and describe Fail2Ban. Since you offered to write it, I guess you are familiar with Fail2Ban, so your feedback would be extremely useful. Please have a look at !31 (merged).
Edited by Jorge Maldonado Ventura
mentioned in merge request !28 (merged)
mentioned in commit f05d26ce
mentioned in commit adfb86f3
