Hacker News new | past | comments | ask | show | jobs | submit login

Securing this beast should serve as a nice training course for any sysadmin; bonus points if you start handing out shell accounts to anonymous people in certain neighborhoods of EFNet.



Just update packages to the latest, patched version. What so difficult about it?


If this is based on a popular distro, maybe; but if you wanted to loosen up a Linux box, you can build a freak from pieces that no one would find lineage for, much less a repo.


umm no.

He specifically mentions that all the softwares are vulnerable:

"Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks."

Just replace them with the latest, patched, default configured version.


What pieces of software do you replace? How do you replace it? Remember that it likely doesn't some with anything like apt to make this easy.


You wipe the disk and install OpenBSD.


Good idea, but completely beside the point.


Why sit around replacing packages by hand when you're not really learning anything? The best fix for a system like this is to nuke it from orbit and reinstall. I mean, odds are, you'll miss something, and then spent hours fooling around after getting hacked, when you could have just spent your time concentrating on what's important: saving relevant data and configuration, reinstalling, and securing the updated configuration.


This is a course in security and thats why the comment is completely beside the point.


The important point, which I did miss, is that it's not just a "security course", it's a course about how to break into things, so you need vulnerable programs. If you're not specializing in security stuff, the best course of action, is, however, to just keep your stuff up to date via apt or some similar mechanism.


But in order to properly understand what you could be vulnerable to and the why/how, you should learn how to break into things. Yes, normally, you're working at a higher level of abstraction, but if you want to understand how things really work, you work at a lower level for a while.


Or you could just get an iPad.


There are other ways to update software..


Riiight, downloading individual packages, libraries and kernels and building them from source. Which is why I thought it would be a good exercise, however very boring.

Running a Bastille script on the box would give you a quick TODO list. Pushing it to "production" and getting a few servers up and running, across version incompatibilities, would prove a bit more interesting. Running it under an older 2.4.x or 2.2.x kernel, doubly so.


I'm far from a security expert.

I have spent hundreds if not thousands of hours upgrading random packages in Linux for various reasons. Afterwards, I didn't feel any wiser in security or anything except how to build stuff (well, maybe a bit of systems stuff...).

If upgrading is main task here, what do you really learn? If upgrading isn't the main task here, what is?


Not update, but upgrade to another more secure distribution.


Or 4chan.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: