Bureaucrats, oversight, Administrators
1,194
edits
(Created page with "This document attempts to outline some of the steps that have been taken to enhance the security of sudomesh servers. = Automatic updates = We only ever install the debian/u...") |
Tunabananas (talk | contribs) (added link to Cryptoparty page for end users) |
||
(2 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
This document attempts to outline some of the steps that have been taken to enhance the security of sudomesh servers. | This document attempts to outline some of the steps that have been taken to enhance the security of sudomesh servers. For more info on end-user security best practices, such as encrypted email and using VPNs, see the many resources available at the [[Cryptoparty]] page. | ||
= Automatic updates = | = Automatic updates = | ||
Line 7: | Line 7: | ||
aptitude update && aptitude safe-upgrade | aptitude update && aptitude safe-upgrade | ||
= cron-apt = | We use one of the following methods to set up automatic security upgrades. | ||
= unattended-upgrades method = | |||
Install and configure the unattended-upgrades package. | |||
aptitude update && aptitude install unattended-upgrades | |||
dpkg-reconfigure -plow unattended-upgrades | |||
Edit the file /etc/apt/apt.conf.d/50unattended-upgrades and make sure it contains a section like this: | |||
Unattended-Upgrade::Allowed-Origins { | |||
"${distro_id}:${distro_codename}-security"; | |||
// "${distro_id}:${distro_codename}-updates"; | |||
// "${distro_id}:${distro_codename}-proposed"; | |||
// "${distro_id}:${distro_codename}-backports"; | |||
}; | |||
= cron-apt method = | |||
cron-apt is installed and set up to automatically download and install security updates once every 24 hours. | cron-apt is installed and set up to automatically download and install security updates once every 24 hours. | ||
cron-apt | cron-apt and anacron are installed: | ||
aptitude install cron-apt | aptitude install cron-apt anacron | ||
then it is disabled in cron.d since we want to use anacron instead: | then it is disabled in cron.d since we want to use anacron instead: |