Changing BINDs user

Regarding limiting BIND's privileges you must be aware that if a non-root user runs BIND, then BIND cannot detect new interfaces automatically, for example when you put a PCMCIA card into your laptop. Check the README.Debian file in your named documentation ( usr share doc bind README.Debian) directory for more information about this issue. There have been many recent security problems concerning BIND, so switching the user is useful when possible. We will detail here the steps needed in order...

Creating users and groups for software daemons

If your software runs a daemon that does not need root privileges, you need to create a user for it. There are two kind of Debian users that can be used by packages static uids (assigned by base-passwd, for a list of static users in Debian see 'Operating system users and groups' on page 186) and dynamic uids in the range assigned to system users. In the first case, you need to ask for a user or group id to the base-passwd. Once the user is available there the package needs to be distributed...

Antivirus tools

There are not many anti-virus tools included with Debian GNU Linux, probably because GNU Linux users are not plagued by viruses. The Unix security model makes a distinction between privileged (root) processes and user-owned processes, therefore a hostile executable that a non-root user receives or creates and then executes cannot infect or otherwise manipulate the whole system. However, GNU Linux worms and viruses do exist, although there has not (yet, hopefully) been any that has spread in the...

Irpas

While xprobe provide only remote operating system detection (using TCP IP fingerprinting, nmap and knocker do both operating system detection and port scanning of the remote hosts. On the other hand, hping2 and icmpush can be used for remote ICMP attack techniques. Designed specifically for SMB networks, nbtscan can be used to scan IP networks and retrieve name information from SMB-enabled servers, including usernames, network names, MAC addresses. . . On the other hand, fragrouter can be used...

CVE compatibility

Debian Security Advisories were declared CVE-Compatible (http www.debian.org security CVE- certificate.jpg)2 in February 24, 2004. Debian developers understand the need to provide accurate and up to date information of the security status of the Debian distribution, allowing users to manage the risk associated with new security vulnerabilities. CVE enables us to provide standardized references that allow users to develop a CVE-enabled security management process (http www.cve.mitre. org...