One of the earliest Linux distros and officially consist of only free software. Many distros has been derived from the Debian codebase, like Ubuntu and Knoppix.
Questions tagged [debian]
91 questions
3
votes
1 answer
Sharing the UUIDs of my Linux partitions
I currently started using a Debian 9 server for my day-to-day tests.
Because most of the time the system ends destroyed in my hands, I was thinking about doing a backup of my fstab and smb.conf on a public GitHub repo and use them on my system after…
Lemon
- 133
- 7
3
votes
2 answers
How to prevent the latest ImageMagick vulnerability?
According to the CVE-2016–3714 there are a some vulnerabilities in the ImageMagick program (4 packages) :
Insufficient filtering for filename passed to delegate's command allows remote code execution during conversion of several file formats
There…
GAD3R
- 2,211
- 3
- 15
- 38
3
votes
4 answers
Is the Linux / Debian software and package-management ecosystem secure?
My basic question is this:
When we are using the Linux / Debian apt-get or yum package system, we're placing a lot of faith in that the packages we're downloading and installing are secure. For that matter, even downloading Linux images from Ubuntu…
emf
- 141
- 3
3
votes
1 answer
Hacked debian server alternative boot
The server of a customer has been hacked last night. It is a standard debian distribution with mysql, apache and ssh for remote access.
The way it has been hacked is very peculiar. The standard URL showed a deface page with link to nethack.alt.org.…
Bojan Hrnkas
- 133
- 3
3
votes
1 answer
Is binding all private services to the 127.0.0.1 address and then accessing them via SSH using an RSA key pair of 4096 bits secure?
Is it secure to bind all private services only to the 127.0.0.1 address, and then use a local SSH client's local port forwarding with an RSA public / private key pair file of 4096 bits and a passphrase to access them? I understand 4096 bits to be…
leeand00
- 1,297
- 1
- 13
- 21
2
votes
0 answers
Can high network usage be detected and prevented in Tor?
I've already asked this question here but as of yet it has no views/answers.
I was wondering if there is any way for Tor to detect high network usage in the context of transferring large files using a hidden service.
If so, what are the default…
Sebi
- 1,391
- 9
- 16
2
votes
1 answer
Does apt-get enforce cryptographic authentication and integrity validation by default for all packages? (debian, ubuntu)
Does the built-in apt package manager in Debian-based systems require successful cryptographic authentication and integrity validation for all packages?
My understanding was that software downloaded with apt-get packages would be cryptographically…
Michael Altfield
- 826
- 4
- 19
2
votes
2 answers
Was there ever any malware found in Debian/Ubuntu packages?
With over 30,000 projects packaged by Debian, it doesn't seem too unlikely that some of them may contain malware. On Ubuntu's side, the review process is apparently rather superficial, aimed at catching some negligent coding practices rather than…
MWB
- 303
- 2
- 11
2
votes
2 answers
Is autologin dangerous? (Debian/Linux)
If I use only a computer, can I disable the password when I log in? That is, the user account has a password, but in the settings I turn on autologin:
/etc/lightdm/lightdm.conf
[Seat:*]
autologin-user=user
autologin-user-timeout=0
Is this an…
secmost
- 21
- 1
2
votes
1 answer
ZFS on LUKS2 encrypted device: LuksFormat with or without dm-integrity?
Does it make sense to combine ZFS with LUKS2 for completely random-looking encryption on HDDs ? (Without luks-header on the disk of course, header placed elsewhere). The goal is to make a HDD really look like random data, since as I've learned ZFS…
Vortex
- 21
- 3
2
votes
1 answer
Transfer requests for localhost zone on my bind DNS server
I use Debian stretch and Bind 9.10.3 as my DNS server.
Today I saw the following entry in my log file:
Apr 17 23:04:22 ns named[111]: client 45.83.65.112#48974 (localhost): transfer of 'localhost/IN': AXFR started (serial 2)
Apr 17 23:04:22 ns…
divB
- 123
- 4
2
votes
1 answer
Signature hash algorithm SHA256 (Certificate) vs Peer signing digest: SHA1
As client I am using an API of a company. To be able to connect I have to decrease the security level to CipherString = DEFAULT@SECLEVEL = 1 in /etc/ssl/openssl.cnf using OpenSSL 1.1.1d.
Then if I do openssl s_client -connect :443 I…
TicJit
- 135
- 6
2
votes
1 answer
Sanitising a file/folder path from user input
I have an external server make backups of my main server via scp and a backup-only user account. I successfully restricted it to scp only using GNU Rush.
The scp command below executed on the backup server downloads /var/www/website1/file2 from the…
mehov
- 421
- 4
- 9
2
votes
1 answer
How to understand how someone had ssh access, and how to remove CVE-2017-0358
I have a home server that was compromised recently, it has been used to mine some crypto currencies.
I have not stopped anything yet apart from locking ssh to my user only. The processes are still running and I want to 1/ understand how they got in…
Benoit Duffez
- 123
- 4
2
votes
1 answer
How fix warnings from Debsecan
I'm new in linux admin and security approach, and need some tips about warnings from Debsecan scanner tool.
I have some warnings returned by simple check, like this below:
CVE-2017-1000158 python2.7-minimal (remotely exploitable, high…
MagicHat
- 121
- 6