[Lancaster] debian slug + security advice?

andy baxter andy at earthsong.free-online.co.uk
Wed Feb 25 06:25:56 UTC 2009 

andy baxter wrote:
> I'm thinking of setting it up as a home web server at some point, but 
> could do with some basic advice about the security side of things if 
> anyone can help with that. One question is how likely this is to be a 
> problem (and would the fact that it's on an arm chip not intel reduce 
> the likelihood of a successful attack?); also what kind of precautions I 
> should take against this happening?
>
> What I'm thinking of doing is:
>
> - run a firewall (shorewall?). (Though is this necessary on such a small 
> network where there are only the localnet and internet zones to think 
> about? I'm assuming that it's something I should do, but not sure what 
> kind of attacks a firewall would really stop, given that only one 
> incoming port (http) is going to be open on my router, and I can make 
> sure that the server doesn't have any incoming ports open except http 
> and ssh)
>
> - use aide to check the system files regularly. The way I'm thinking of 
> doing this is to put a bootable debian image (with aide installed) on a 
> flash disk, then every week or so boot my laptop from this with the 
> slug's usb hard drive plugged into the laptop as well, and check the 
> installation that way. Then install any updates, then calculate the 
> checksums again and store them on the flash disk. This is putting me off 
> somewhat, as I was doing something similar with another server I had a 
> while back, and it was a fair bit of hassle to keep it up every week. So 
> it would be good to know if this is overkill, or a sensible thing to do?
>
> andy.
>
>
>
>   
I've decided not to set up the slug as a web server for the time being, 
as I have some web space online as well (www.rhizomatix.net), but could 
still do with some advice about security because I'm now thinking it 
would be useful to run torrentflux http://www.torrentflux.com on it. 
This is a web based bittorrent client. The idea is that I can leave the 
slug running, downloading or seeding files, without having to have my 
laptop switched on all the time. I've had a few scares in the past with 
security (e.g. about a year or 18 months ago when I logged into my home 
server and found out that the hostname had suddenly changed to a 
subdomain of the university of exeter), so I want to do it right this 
time. See the above post for more info on the way I'm thinking of 
setting things up.

andy

More information about the Lancaster mailing list