debian security
play

Debian Security An overview of features and processes Debian - PowerPoint PPT Presentation

Oct 19, 2022 •279 likes •1.79k views

Debian Security An overview of features and processes Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org Who is this guy? Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org Todd

  1. Typically referring to Windows AV Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  2. ClamAV, amavis Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  3. PAM Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  4. Allows for a wide array of auth/sesssion options Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  5. libpam-chroot Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  6. libpam-cracklib Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  7. libpam-krb5 Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  8. libpam-ldap Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  9. PAM Smartcard modules, SecureID Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  10. libpam-ccreds - Pam module to cache authentication credentials libpam-chroot - Chroot Pluggable Authentication Module for PAM libpam-cracklib - PAM module to enable cracklib support. libpam-devperm - PAM module to change device ownership on login libpam-doc - Documentation of PAM libpam-dotfile - A PAM module which allows users to have more than one password libpam-encfs - PAM module to automatically mount encfs filesystems on login libpam-foreground - create lockfiles describing which users own which console libpam-heimdal - PAM module for Heimdal Kerberos 5 libpam-http - a PAM module to authenticate via http/https libpam-krb5 - PAM module for MIT Kerberos libpam-ldap - Pluggable Authentication Module allowing LDAP interfaces libpam-modules - Pluggable Authentication Modules for PAM libpam-mount - PAM module that can mount volumes for a user session libpam-musclecard - PAM module for MuscleCard Framework libpam-mysql - PAM module allowing authentication from a MySQL server libpam-ncp - PAM module allowing authentication from a NetWare server libpam-openafs-kaserver - AFS distributed filesystem kaserver PAM module libpam-openafs-session - PAM Module to get AFS tokens and set up PAG libpam-opie - Use OTPs for PAM authentication libpam-p11 - PAM module for using PKCS#11 smart cards libpam-passwdqc - replacement for the pam_cracklib module libpam-pgsql - PAM module to authenticate using a PostgreSQL database libpam-poldi - PAM module allowing authentication using a OpenPGP smartcard libpam-pwdfile - PAM module allowing authentication via an /etc/passwd-like filelibpam-pwgen - a password generator libpam-radius-auth - The PAM RADIUS authentication module libpam-runtime - Runtime support for the PAM library libpam-shishi - PAM module for Shishi Kerberos v5 libpam-smbpass - pluggable authentication module for SMB/CIFS password database libpam-ssh - enable SSO behavior for ssh and pam libpam-tmpdir - automatic per-user temporary directories libpam-umask - adjust users' default umask using PAM libpam-unix2 - Blowfish-capable PAM module Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  11. Kernel Features Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  12. NetFilter Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  13. SELinux Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  14. Xen Hypervisor Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  15. GRSecurity ACL patches Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  16. GR PAX Patches (address space) Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  17. Other GR Patches http://www.grsecurity.net/features.php Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  18. Debian “harden” packages... Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  19. harden-clients - Avoid clients that are known to be insecure harden-development - Development tools for creating more secure programs harden-environment - Hardened system environment harden-nids - Harden a system by using a network intrusion detection system harden-remoteaudit - Audit your remote systems from this host harden-servers - Avoid servers that are known to be insecure harden-surveillance - Check services and/or servers automatically harden-tools - Tools to enhance or analyze the security of the local system Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  20. Harden packages make clever use of Debian's packaging system Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

Recommend

Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20

Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20

Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20 000 source packages ~13 architectures 3 kernels The biggest database of FLOSS code (?) The Debile Project January, 19th 2014 Sylvestre Ledru

571 views • 25 slides
The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008

The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008

The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008 Outline Some bits about me Project goals, design &amp; features Debian and Debian Edu Development model and tools Debian Edu Etch

582 views • 36 slides
Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to Debian CI autopkgtest created back in 2006 (!) 2014: Debian CI launches Goal: provide automated testing for the Debian archive (i.e. run

816 views • 68 slides
Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day

Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day

Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day Definitions Distribution a set of OS kernel and supporting software in a defined format with the possibility of some integration by adjusting

134 views • 12 slides
Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell &lt;msp@debian.org&gt; Introduction

Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell &lt;msp@debian.org&gt; Introduction

Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell &lt;msp@debian.org&gt; Introduction Introduction The Debian KDE Extras Team maintain a portfolio of extra application packages for Debian GNU/Linux outside the KDE core applications

554 views • 18 slides
Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org,

Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org,

Conte udo Como criar um Distribui c ao Personalizada Debian Debian-BR-CDD Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org, enrico@debian.org Congreso Internacional de Software Livre - 2 Edi

532 views • 25 slides
Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos

Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos

apoikos@debian.org Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos DebConf16 - Cape Town 2016-07-04 Outline Introduction Installation Configuration management Package management People 2/26

697 views • 27 slides
Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C

Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C

Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C a p e T o w n Debian Derivatives Hctor Orn Martnez &lt;hector.oron@collabora.co.uk&gt; &lt;zumbi@debian.org&gt; Works for Collabora

511 views • 15 slides
Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini

Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini

Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini enrico@debian.org Secret Debian Internals BTS Where to find it Source code: bzr branch http://bugs.debian.org/debbugs-source/mainline/ Data on merkel at

370 views • 16 slides
Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years

Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years

Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years after Debian 7, codename wheezy (2013-05-04) Release Date: 2015-04-25 [party!] 75 supported languages 4.841 new source packages

587 views • 19 slides
Experiences made with the DebConf video-team or the making of http://debian-meetings.debian.net

Experiences made with the DebConf video-team or the making of http://debian-meetings.debian.net

Experiences made with the DebConf video-team or the making of http://debian-meetings.debian.net /pub/debian-meetings/ by Holger Levsen Sydney Linux User Group, January 22 nd 2007 Outline whoami project aims and features software

472 views • 19 slides
Debian Security Team presentation Yves-Alexis Perez SSTIC 2018 Introduction Introduction

Debian Security Team presentation Yves-Alexis Perez SSTIC 2018 Introduction Introduction

Debian Security Team presentation Yves-Alexis Perez SSTIC 2018 Introduction Introduction Debian Security Team presentation SSTIC 2018 1 / 37 corsac debian.org Introduction Who am I? Yves-Alexis Perez (Corsac) ANSSI head of software

795 views • 40 slides
Debian Data Export A standard for publishing Debian information. Enrico Zini enrico@debian.org

Debian Data Export A standard for publishing Debian information. Enrico Zini enrico@debian.org

Debian Data Export A standard for publishing Debian information. Enrico Zini enrico@debian.org Feb 7, 2009 15 slides Enrico Zini (enrico@debian.org) Fosdem, Brussels, February 7, 2009 - 09:43:46 AM 1/15 Debian Data Export Debian: the data

343 views • 15 slides
Debian Hamradio Blend Iain R. Learmonth &lt; irl@debian.org &gt; Debian Hamradio Maintainers 31st

Debian Hamradio Blend Iain R. Learmonth &lt; irl@debian.org &gt; Debian Hamradio Maintainers 31st

Debian Hamradio Blend Iain R. Learmonth &lt; irl@debian.org &gt; Debian Hamradio Maintainers 31st April 2016 Iain R. Learmonth (Debian Hams) Debian Hamradio Blend 31st April 2016 1 / 13 Pure Blends A collection of tasks (metapackages) Iain

783 views • 13 slides
Lernstick A Debian derivative for Schools in Switzerland Gaudenz Steinlin gaudenz@debian.org

Lernstick A Debian derivative for Schools in Switzerland Gaudenz Steinlin gaudenz@debian.org

Lernstick A Debian derivative for Schools in Switzerland Gaudenz Steinlin gaudenz@debian.org DebConf 15 22. Aug 2015 k c i t s n r e l Outline Lernstick Overview 1 2 How to help - Improve collaboration with Debian Questions 3 k

551 views • 29 slides
Debian Med A service for scientists in medicine and biomedical research Andreas Tille Debian

Debian Med A service for scientists in medicine and biomedical research Andreas Tille Debian

Debian Med A service for scientists in medicine and biomedical research Andreas Tille Debian Brussels, 02. February 2013 Andreas Tille (Debian) Debian Med Brussels, 02. February 2013 1 / 12 What is Debian Med? practice management system

610 views • 39 slides
Rethinking of the Rethinking of the debian/watch debian/watch With thought experiments about

Rethinking of the Rethinking of the debian/watch debian/watch With thought experiments about

Rethinking of the Rethinking of the debian/watch debian/watch With thought experiments about uscan Kentaro Hayashi DebConf18 in T aiwan 2018-08-03 ClearCode Inc. Digest of this talk Current d/watch fi le is sometimes complicated Update

800 views • 77 slides
Customizing Debian Benjamin Mako Hill mako@canonical.com mako@debian.org

Customizing Debian Benjamin Mako Hill mako@canonical.com mako@debian.org

Customizing Debian Benjamin Mako Hill mako@canonical.com mako@debian.org http://mako.yukidoke.org Based on a talk given at: Ubuntu New York Linux Use Group 2004-11-17 Debian GNU/Linux Project Benjamin Mako Hill Barcelona LUG:

263 views • 15 slides
Ultimate Debian Database Lucas Nussbaum Debconf16 Lucas Nussbaum Ultimate Debian Database 1

Ultimate Debian Database Lucas Nussbaum Debconf16 Lucas Nussbaum Ultimate Debian Database 1

Ultimate Debian Database Lucas Nussbaum Debconf16 Lucas Nussbaum Ultimate Debian Database 1 / 15 Debian: the data hell A lot of different sources of data in Debian With different data formats: text files, BerkeleyDB, SQL databases, JSON,

200 views • 17 slides
debtags.debian.net reloaded! Enrico Zini enrico@debian.org Feb 5, 2012 Enrico Zini

debtags.debian.net reloaded! Enrico Zini enrico@debian.org Feb 5, 2012 Enrico Zini

debtags.debian.net reloaded! Enrico Zini enrico@debian.org Feb 5, 2012 Enrico Zini (enrico@debian.org) Fosdem, Bruxelles, Feb 5, 2012 debtags.debian.net reloaded! Introduction: debtags Debtags is the category system for Debian packages. It

319 views • 14 slides
El proyecto Debian Sam Hocevar (sam@zoy.org) Lder de proyecto Debian 2007-2008 8 vo Encuentro

El proyecto Debian Sam Hocevar (sam@zoy.org) Lder de proyecto Debian 2007-2008 8 vo Encuentro

El proyecto Debian Sam Hocevar (sam@zoy.org) Lder de proyecto Debian 2007-2008 8 vo Encuentro Linux Arica, Chile 13 de Octubre 2007 rpidamente 1000 desarrolladores voluntarios en todo el mundo un sistema operativo

486 views • 23 slides
Use of Grid Computing for Debian Quality Assurance Lucas Nussbaum lucas@debian.org

Use of Grid Computing for Debian Quality Assurance Lucas Nussbaum lucas@debian.org

Introduction QA tasks Infrastructure Results Future Work Conclusion Use of Grid Computing for Debian Quality Assurance Lucas Nussbaum lucas@debian.org lucas.nussbaum@imag.fr Laboratoire dInformatique de Grenoble - Projet MESCAL

576 views • 31 slides
The Debian Videoteam behind the scenes Holger Levsen, 2008-08-11 Outline some bits about me

The Debian Videoteam behind the scenes Holger Levsen, 2008-08-11 Outline some bits about me

The Debian Videoteam behind the scenes Holger Levsen, 2008-08-11 Outline some bits about me a bit of history current setup hardware software people future Some Debian bits about me running Debian stable as primary

534 views • 34 slides
Grid Computing with Debian, Globus Grid Computing with Debian, Globus and ARC and ARC Mattias

Grid Computing with Debian, Globus Grid Computing with Debian, Globus and ARC and ARC Mattias

Grid Computing with Debian, Globus Grid Computing with Debian, Globus and ARC and ARC Mattias Ellert, Uppsala Universitet (.se) Steffen Mller, Universitt zu Lbeck (.de) Anders Wnnen, Niels Bohr Institutet (.dk) Grid Computing

514 views • 17 slides

More recommend