security of the universe repository

Gene Heskett gheskett at wdtv.com
Thu Dec 20 13:13:26 UTC 2012 

On Thursday 20 December 2012 07:47:15 Ric Moore did opine:

> On 12/20/2012 03:28 AM, Chandra Amarasingham wrote:
> > Thanks Ric,
> > 
> > I have experienced selinux before and thought it complex and wondered
> > if there were less complex tools which would report on what is
> > changing on a system, files added, changed, etc, on a regular
> > basis...
> > Chandra
> 
> Sorry, Selinux is what it is... and most find it challenging enough.
> Good luck! Namaskar, Ric

Well, for file changed type reports, there is tripwire, or used to be. I've 
not noticed it in the repo's recently, haven't been looking for it. Very 
complex to set up PROPERLY, but like most of that ilk, you get a notice 
after that fact, which IMNSHO is too late.

Having a good router in front of your home network, running something like 
dd-wrt lets you get a good nights sleep AND reduces the need for selinix to 
the vanishing point.

None of that is worth a toot if you don't have a good password in the 
router.  The admin account, or the ssh account, from the outside, is about 
35 characters long here.  John the Ripper could work on that till the next 
ice age is over.

That does not protect me from my own stupidity, so clamav looks at every 
incoming mail in real time and scans the system daily.

Security is a pro-active thing.  Here, only one person in the last 6 or 7 
years has gained access to this home network, and I gave him the password 
so he could do some troubleshooting.  The black hats, once they've grokked 
that they are up against dd-wrt, will go on to greener pastures, looking 
for a windows box they root in 30 seconds.

Cheers, Gene
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
My web page: <http://coyoteden.dyndns-free.com:85/gene> is up!
If it's working, the diagnostics say it's fine.
If it's not working, the diagnostics say it's fine.
		-- A proposed addition to rules for realtime programming
I was taught to respect my elders, but its getting 
harder and harder to find any...

More information about the ubuntu-users mailing list