4 Responses to “Stupid Linux Tricks: Basic Server Hardening (Debian Lenny)”

1. Timothy O'Connell says:

   May 20, 2009 at 7:23 am

   I realized, shortly after I added the bit about

   /usr/bin/mesg n

   to root’s .bashrc that I was getting mysterious errors from non-interactive processes.

   Namely, when I ran rsync via cron, I was getting emails from cron that looked like this:

   stdin: is not a tty
   stdin: is not a tty
   stdin: is not a tty

   It didn’t take long for me to put two and two together and realize that this was output from that mesg command: it couldn’t do its thing because it didn’t have a tty on account of the session being a non-interactive one.

   In order to silence that particular lamb, I adjusted the mesg command in root’s .bashrc:

   if [ ! -f $USER ]
       then /usr/bin/mesg n
   fi

   It’s sort of ugly, but it gets the job done: if you’re starting an interactive session and you’ve got a $USER variable, then you get your mesg sent to n. If you’re not, then you don’t. Easy-peasy.
2. Bookmarks for 29.07.2009 through 03.08.2009 - mafflog says:

   August 3, 2009 at 9:01 am

   [...] almost effortless » Stupid Linux Tricks: Basic Server Hardening (Debian Lenny) – [...]
3. vivek says:

   August 21, 2009 at 10:29 pm

   If you mount /tmp with no-exec apt tends to fail since it unzips files in /tmp and runs postinstall from there. Are you sure about this?
4. jalfrock says:

   January 11, 2010 at 7:20 pm

   @vivek:

   Add the following to your /etc/apt/apt.conf:
   DPkg::Pre-Invoke{“mount -o remount,exec /tmp”;};
   DPkg::Post-Invoke {“mount -o remount /tmp”;};

   (This remounts /tmp exec before running dpkg, then re-remounts it noexec when it’s done.)