debian security
play

Debian Security An overview of features and processes Debian - PowerPoint PPT Presentation

Oct 19, 2022 •279 likes •1.79k views

Debian Security An overview of features and processes Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org Who is this guy? Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org Todd

  1. Typically referring to Windows AV Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  2. ClamAV, amavis Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  3. PAM Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  4. Allows for a wide array of auth/sesssion options Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  5. libpam-chroot Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  6. libpam-cracklib Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  7. libpam-krb5 Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  8. libpam-ldap Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  9. PAM Smartcard modules, SecureID Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  10. libpam-ccreds - Pam module to cache authentication credentials libpam-chroot - Chroot Pluggable Authentication Module for PAM libpam-cracklib - PAM module to enable cracklib support. libpam-devperm - PAM module to change device ownership on login libpam-doc - Documentation of PAM libpam-dotfile - A PAM module which allows users to have more than one password libpam-encfs - PAM module to automatically mount encfs filesystems on login libpam-foreground - create lockfiles describing which users own which console libpam-heimdal - PAM module for Heimdal Kerberos 5 libpam-http - a PAM module to authenticate via http/https libpam-krb5 - PAM module for MIT Kerberos libpam-ldap - Pluggable Authentication Module allowing LDAP interfaces libpam-modules - Pluggable Authentication Modules for PAM libpam-mount - PAM module that can mount volumes for a user session libpam-musclecard - PAM module for MuscleCard Framework libpam-mysql - PAM module allowing authentication from a MySQL server libpam-ncp - PAM module allowing authentication from a NetWare server libpam-openafs-kaserver - AFS distributed filesystem kaserver PAM module libpam-openafs-session - PAM Module to get AFS tokens and set up PAG libpam-opie - Use OTPs for PAM authentication libpam-p11 - PAM module for using PKCS#11 smart cards libpam-passwdqc - replacement for the pam_cracklib module libpam-pgsql - PAM module to authenticate using a PostgreSQL database libpam-poldi - PAM module allowing authentication using a OpenPGP smartcard libpam-pwdfile - PAM module allowing authentication via an /etc/passwd-like filelibpam-pwgen - a password generator libpam-radius-auth - The PAM RADIUS authentication module libpam-runtime - Runtime support for the PAM library libpam-shishi - PAM module for Shishi Kerberos v5 libpam-smbpass - pluggable authentication module for SMB/CIFS password database libpam-ssh - enable SSO behavior for ssh and pam libpam-tmpdir - automatic per-user temporary directories libpam-umask - adjust users' default umask using PAM libpam-unix2 - Blowfish-capable PAM module Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  11. Kernel Features Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  12. NetFilter Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  13. SELinux Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  14. Xen Hypervisor Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  15. GRSecurity ACL patches Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  16. GR PAX Patches (address space) Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  17. Other GR Patches http://www.grsecurity.net/features.php Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  18. Debian “harden” packages... Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  19. harden-clients - Avoid clients that are known to be insecure harden-development - Development tools for creating more secure programs harden-environment - Hardened system environment harden-nids - Harden a system by using a network intrusion detection system harden-remoteaudit - Audit your remote systems from this host harden-servers - Avoid servers that are known to be insecure harden-surveillance - Check services and/or servers automatically harden-tools - Tools to enhance or analyze the security of the local system Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

  20. Harden packages make clever use of Debian's packaging system Debian Security Todd Troxell <ttroxell@debian.org> http://www.debian.org

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20

Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20

Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20 000 source packages ~13 architectures 3 kernels The biggest database of FLOSS code (?) The Debile Project January, 19th 2014 Sylvestre Ledru

571 views • 25 slides
The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008

The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008

The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008 Outline Some bits about me Project goals, design &amp; features Debian and Debian Edu Development model and tools Debian Edu Etch

582 views • 36 slides
Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to Debian CI autopkgtest created back in 2006 (!) 2014: Debian CI launches Goal: provide automated testing for the Debian archive (i.e. run

816 views • 68 slides
Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day

Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day

Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day Definitions Distribution a set of OS kernel and supporting software in a defined format with the possibility of some integration by adjusting

134 views • 12 slides
Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell &lt;msp@debian.org&gt; Introduction

Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell &lt;msp@debian.org&gt; Introduction

Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell &lt;msp@debian.org&gt; Introduction Introduction The Debian KDE Extras Team maintain a portfolio of extra application packages for Debian GNU/Linux outside the KDE core applications

554 views • 18 slides
Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org,

Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org,

Conte udo Como criar um Distribui c ao Personalizada Debian Debian-BR-CDD Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org, enrico@debian.org Congreso Internacional de Software Livre - 2 Edi

532 views • 25 slides
Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos

Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos

apoikos@debian.org Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos DebConf16 - Cape Town 2016-07-04 Outline Introduction Installation Configuration management Package management People 2/26

697 views • 27 slides
Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C

Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C

Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C a p e T o w n Debian Derivatives Hctor Orn Martnez &lt;hector.oron@collabora.co.uk&gt; &lt;zumbi@debian.org&gt; Works for Collabora

511 views • 15 slides
Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini

Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini

Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini enrico@debian.org Secret Debian Internals BTS Where to find it Source code: bzr branch http://bugs.debian.org/debbugs-source/mainline/ Data on merkel at

370 views • 16 slides
Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years

Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years

Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years after Debian 7, codename wheezy (2013-05-04) Release Date: 2015-04-25 [party!] 75 supported languages 4.841 new source packages

587 views • 19 slides
Experiences made with the DebConf video-team or the making of http://debian-meetings.debian.net

Experiences made with the DebConf video-team or the making of http://debian-meetings.debian.net

Experiences made with the DebConf video-team or the making of http://debian-meetings.debian.net /pub/debian-meetings/ by Holger Levsen Sydney Linux User Group, January 22 nd 2007 Outline whoami project aims and features software

472 views • 19 slides
Debian Security Team presentation Yves-Alexis Perez SSTIC 2018 Introduction Introduction

Debian Security Team presentation Yves-Alexis Perez SSTIC 2018 Introduction Introduction

Debian Security Team presentation Yves-Alexis Perez SSTIC 2018 Introduction Introduction Debian Security Team presentation SSTIC 2018 1 / 37 corsac debian.org Introduction Who am I? Yves-Alexis Perez (Corsac) ANSSI head of software

795 views • 40 slides
Debian Data Export A standard for publishing Debian information. Enrico Zini enrico@debian.org

Debian Data Export A standard for publishing Debian information. Enrico Zini enrico@debian.org

Debian Data Export A standard for publishing Debian information. Enrico Zini enrico@debian.org Feb 7, 2009 15 slides Enrico Zini (enrico@debian.org) Fosdem, Brussels, February 7, 2009 - 09:43:46 AM 1/15 Debian Data Export Debian: the data

343 views • 15 slides
Debian Hamradio Blend Iain R. Learmonth &lt; irl@debian.org &gt; Debian Hamradio Maintainers 31st

Debian Hamradio Blend Iain R. Learmonth &lt; irl@debian.org &gt; Debian Hamradio Maintainers 31st

Debian Hamradio Blend Iain R. Learmonth &lt; irl@debian.org &gt; Debian Hamradio Maintainers 31st April 2016 Iain R. Learmonth (Debian Hams) Debian Hamradio Blend 31st April 2016 1 / 13 Pure Blends A collection of tasks (metapackages) Iain

783 views • 13 slides
Lernstick A Debian derivative for Schools in Switzerland Gaudenz Steinlin gaudenz@debian.org

Lernstick A Debian derivative for Schools in Switzerland Gaudenz Steinlin gaudenz@debian.org

Lernstick A Debian derivative for Schools in Switzerland Gaudenz Steinlin gaudenz@debian.org DebConf 15 22. Aug 2015 k c i t s n r e l Outline Lernstick Overview 1 2 How to help - Improve collaboration with Debian Questions 3 k

551 views • 29 slides
Debian Med A service for scientists in medicine and biomedical research Andreas Tille Debian

Debian Med A service for scientists in medicine and biomedical research Andreas Tille Debian

Debian Med A service for scientists in medicine and biomedical research Andreas Tille Debian Brussels, 02. February 2013 Andreas Tille (Debian) Debian Med Brussels, 02. February 2013 1 / 12 What is Debian Med? practice management system

610 views • 39 slides
Entity-based Coherence: Going Off the Grid Micha Elsner Elsner, Austerweil, Charniak: NAACL '07

Entity-based Coherence: Going Off the Grid Micha Elsner Elsner, Austerweil, Charniak: NAACL '07

Entity-based Coherence: Going Off the Grid Micha Elsner Elsner, Austerweil, Charniak: NAACL '07 (Unified Model of Local and Global Coherence) Elsner, Charniak: ACL '08 (Coreference-inspired Coherence Modeling) Text! Sir Walter Elliot, of

815 views • 55 slides
Extraction of Event Structures from Text May 29, 2018 Jun Araki Carnegie Mellon University

Extraction of Event Structures from Text May 29, 2018 Jun Araki Carnegie Mellon University

Ph.D. Thesis Defense Extraction of Event Structures from Text May 29, 2018 Jun Araki Carnegie Mellon University Thesis Committee: Teruko Mitamura (Chair), Eduard Hovy, Graham Neubig, and Luke Zettlemoyer Events are Everywhere Olympic games

754 views • 58 slides
Foundations I Professor Adam Bates Fall 2018 Security &amp; Privacy Research at Illinois (SPRAI)

Foundations I Professor Adam Bates Fall 2018 Security &amp; Privacy Research at Illinois (SPRAI)

CS 563 - Advanced Computer Security: Foundations I Professor Adam Bates Fall 2018 Security &amp; Privacy Research at Illinois (SPRAI) Administrative Learning Objectives : Understand the genesis and significance of Multics and the Reference

827 views • 66 slides
Structure History of Semantic Roles 1. Contemporary Frameworks 2. Difficult Phenomena (from an

Structure History of Semantic Roles 1. Contemporary Frameworks 2. Difficult Phenomena (from an

Annotating semantic roles: phenomena Katrin Erk Sebastian Pado ESSLLI 2006 Structure History of Semantic Roles 1. Contemporary Frameworks 2. Difficult Phenomena (from an 3. empirical perspective) Role Semantics vs. Formal Semantics 4.

637 views • 18 slides
VenomSeq A platform for drug discovery from animal venoms using di ff erential gene expression

VenomSeq A platform for drug discovery from animal venoms using di ff erential gene expression

VenomSeq A platform for drug discovery from animal venoms using di ff erential gene expression Joseph D. Romano , Hai Li, Ronald Realubit, Charles Karan, and Nicholas Tatonetti Columbia University presented 03/14/2018 AMIA 2018

581 views • 29 slides
The Virtual Immunization Communication (VIC) Network is a project of the National Public Health

The Virtual Immunization Communication (VIC) Network is a project of the National Public Health

The Virtual Immunization Communication (VIC) Network is a project of the National Public Health Information Coalition (NPHIC) and the California Immunization Coalition, funded through a cooperative agreement with the Centers for Disease Control

831 views • 67 slides
Best Practice Transfer Guidelines Home Birth Summit Collaboration Task Force

Best Practice Transfer Guidelines Home Birth Summit Collaboration Task Force

Home Birth Summit The Future of Home Birth in United States: Addressing Shared Responsibility Best Practice Transfer Guidelines Home Birth Summit Collaboration Task Force

306 views • 29 slides
Unsupervised speech processing using acoustic word embeddings Herman Kamper School of

Unsupervised speech processing using acoustic word embeddings Herman Kamper School of

Unsupervised speech processing using acoustic word embeddings Herman Kamper School of Informatics, University of Edinburgh TTI at Chicago MLSLP 2016: Spotlight invited talk Unsupervised speech processing Speech recognition applications

912 views • 68 slides

More recommend