[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] doc/HARDENING Draft



cron-apt is also a viable option for debians.

https://wiki.archlinux.org/Âis afaik the bestÂstandard repository of all knowledge and wisdom about current linux, always solved my debian-codenameÂproblems.

On 25 November 2014 at 05:29, Tor Operator <tor@xxxxxxxxxxx> wrote:
On Mon, Nov 24, 2014 at 06:09:34PM -0500, Libertas wrote:
> Be sure to stay up-to-date using apt-get, and consider using cron-apt to
> automatically update:
> https://www.debian.org/doc/manuals/debian-faq/ch-uptodate.en.html

Maybe it also worth covering unattended-upgrades package to keep Debian up to
date. It requires to run "dpkg-reconfigure unattended-upgrades" after install
as it doesn't enable automatic upgrades right away after install and supposedly
don't do potentially dangerous operations like kernel upgrades automatically.
Using it in production myself, really helps to keep OS up to date.

Also for protecting SSH SSHGuard is in my opinion a much better choice as it
supports IPv6 unlike fail2ban (I heard there were patches for fail2ban to
address that but I'm not sure if they are already in mainstream and available
in all distributions).

--
Random

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays