[clug] Secure your Internet facing stuff (was Re: googlebot doing funny things in logs)
sjh at svana.org
Sat Jun 18 01:37:21 MDT 2011
On Sat, Jun 18, 2011 at 05:33:07PM +1000, Bob Edwards wrote:
> So, way back 2 and a bit days ago, Ian requested that someone give
> a presentation at a CLUG meeting about how to "secure" (that's for
> your enjoyment, Sam) an Internet-facing Linux machine.
> In the spirit of the CLUG list, there have been some helpful responses
> and some that are not so helpful (don't do it, you are not qualified,
> pay someone else to do it for you, you may end up killing someone etc.)
> which are not so much in the DIY spirit of CLUG, where we normally help
> and support each other in a free and open world.
> However, no one has actually put their hand up to do the requested
> presentation. Why is this? Is discussing network security some sort
> of secret geeks business that should be avoided. Or is it the case
> that some have intimidated others out of wanting to be the one seen
> to be the fool up front in these matters?
> I'm happy to give a presentation of how I have my Internet-facing Linux
> machine set up at home (and even the one I have at a hosting company).
> However, I thought it might be more helpful, in the spirit of CLUG,
> to hold some sort of "audit-off" night (possibly also known as a
> "crackfest"). My idea would be that during the evening, if you can
> demonstrate beyond a reasonable doubt that you own or administer a
> particular web site, then you can invite those attending to probe and
> otherwise audit your sites security. If and when we discover weaknesses
> we'll provide advice on how to fix them up etc.
> I propose we only do this at a live event and not over e-mail etc.
> in case we uncover serious issues which we don't want to advertise to
> the world until they can be sorted out.
> I reckon such an event could be both educational and helpful in the
> spirit of CLUG. What do others think?
I like it, though I am well aware of a few weaknesses with practice and some
setup aspects of the web server I have colocated. A shame Andrew Pollock is
not in Canberra as he has some good practices and setups on his I suspect
that will survive testing better. Maybe I should put my hand up, it will
give me some incentive to fix some of the issue sI know of before the
> Bob Edwards.
> linux mailing list
> linux at lists.samba.org
Steven Hanley sjh at svana.org http://svana.org/sjh/diary
no i don't prefer obscurity, but i'm an idealistic girl
and i wouldn't work for you, no matter what you paid
The Million You Never Made - Not A Pretty Girl - Ani
More information about the linux