Stupid Linux Tricks: Basic Server Hardening (Debian Lenny)

This post has been moved to http://demongin.org/blog/829

Published by

Trevor Turk

A chess-playing machine of the late 18th century, promoted as an automaton but later proved a hoax.

4 thoughts on “Stupid Linux Tricks: Basic Server Hardening (Debian Lenny)”

  1. I realized, shortly after I added the bit about <pre>/usr/bin/mesg n</pre> to root's .bashrc that I was getting mysterious errors from non-interactive processes.

    Namely, when I ran rsync via cron, I was getting emails from cron that looked like this:<pre>stdin: is not a tty

    stdin: is not a tty

    stdin: is not a tty</pre> It didn't take long for me to put two and two together and realize that this was output from that mesg command: it couldn't do its thing because it didn't have a tty on account of the session being a non-interactive one.

    In order to silence that particular lamb, I adjusted the mesg command in root's .bashrc:<pre>if [ ! -f $USER ]

    then /usr/bin/mesg n

    fi</pre>

    It's sort of ugly, but it gets the job done: if you're starting an interactive session and you've got a $USER variable, then you get your mesg sent to n. If you're not, then you don't. Easy-peasy.

  2. If you mount /tmp with no-exec apt tends to fail since it unzips files in /tmp and runs postinstall from there. Are you sure about this?

  3. @vivek:

    Add the following to your /etc/apt/apt.conf:

    DPkg::Pre-Invoke{"mount -o remount,exec /tmp";};

    DPkg::Post-Invoke {"mount -o remount /tmp";};

    (This remounts /tmp exec before running dpkg, then re-remounts it noexec when it's done.)

Comments are closed.