On 5/12/23 16:08, Jonathan Hutchins wrote:

Here's hoping that this message is not lost in the flood of
potentially thousands of read notifications to your mailing list
post.  Hope you learned your lesson on that.

I appreciate your concern that your message might have gotten lost.
There aren't a lot of active readers on this list.

These days "security" seems to consist of installing and enabling
every item you can find that's labeled "security".  A huge amount of
it is pure waste, addressing mythical scenarios that no ordinary user
will ever encounter.

I'm not talking about ordinary users. I'm talking about people who might manage fewer than 10 machines.

Real security comes from correctly analyzing your actual threat
profile, and carefully addressing real vulnerabilities, rather than a shotgun approach that misses as much as it hits.

That said, here's my own favorite treatise on server security.  A bit dated, RedHat oriented, and probably not generic to your own purposes.

   http://www.trinityos.com/LINUX/index-linux.html

Best of luck,

Thanks for the advice.

So far, this official Debian list is in line with my expectations. For
every 1 person on a Debian list, there are 10 who will tell you it's a
waste of time. So far, the best "stop wasting our time" line is that
Debian is unlikely to want to write about a package that's not in one of
the repositories (e.g. webmin)

It's why I posted the question as I did.

Cheers,
jec

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-05-12 16:27:59 -0700 (-0700), Jeffrey Chimene wrote:
[...]

So far, this official Debian list is in line with my expectations.
For every 1 person on a Debian list, there are 10 who will tell
you it's a waste of time. So far, the best "stop wasting our time"
line is that Debian is unlikely to want to write about a package
that's not in one of the repositories

[...]

Debian is, first and foremost, a software distribution, so it makes
sense that Debian documentation would focus on software that is
actually packaged in Debian. For example, you brought up HIDS: there
are several options for this already in the distribution. I've
personally used tiger, lynis and iwatch for HIDS purposes in a
professional syadmin capacity, and I can safely install them through
Debian's own cryptographically signed chain of trust.

Ideally, Debian can be secured with the software available in
Debian, but it also simply doesn't make sense (to me) for Debian to
recommend software it doesn't provide instead of providing that
software or otherwise recommending alternatives which someone has
put in the effort to get into the distribution. I don't consider
discussion of these topics to be a waste of time, but there are
plenty of places to publish articles about arbitrary software useful
to sysadmins where it might be more on topic and reach a wider
audience.
--
Jeremy Stanley

-----BEGIN PGP SIGNATURE-----

iQKTBAABCgB9FiEEl65Jb8At7J/DU7LnSPmWEUNJWCkFAmRfANxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk3 QUU0OTZGQzAyREVDOUZDMzUzQjJFNzQ4Rjk5NjExNDM0OTU4MjkACgkQSPmWEUNJ WCkIoA//aJx8L5uP/hE18ADJ9nMRtwlhMDidIXfhwLe/CIymoPzXKcJQAwOmjqTs 2xUxqx+dZ758Ct1jlIQEHjsV5rUdEcEO9l4m/G0QXzltmykzBzFtppLZLaU4qMoe MwSJeELpxRhJk/0o9L2wIyH4of8w+q3yFaW3QUBZC9wlhcQVg6RL608C+gghJFUm ckf+CRz0nDhy48lzDeR94PjEorVWPNfqJGvCvQkkVbfFBslKMXKtzFkv5YEGi7tj t0Uqi8cEscWUxafNkcyvzp5D8JbsW8S6AT/aovPOnqYMo7pLJcpbwQ/W8Ggxs9Vj L74GNuPvUPca5XeoY68S/n2N4/ar1cmc5uQWWXwOAud0HYXJYseA9xtAVP74X4je c1cwst1zzHxn+MEM0o/HPQbmVicB24nSoCrzspzbDj05aHwLPyZc8avVH+w0ei6R vd8E7XaDrz22ytvwSytGkhX7bqoKltWrst5Mye6SK2jyTTV4WlTt86yjHcvkWJJZ 8LjMGHUV9Qw652/QWf/otyXebL/vjxgl1sdFpKp2XL6ZcubLTjxfu/ohq6skpos7 7uQV8JXorT7r16xuxKZgv48n/v/NKZq1arOmSUKyjd51uOuMNVhKycKLJOsLx/3b lfbHjlpFALScfuIhl6aeiWPuY6eRCUjVcHhdkbb/aV/B4UWbSkg=
=pBwC
-----END PGP SIGNATURE-----

--- SoupGate-Win32