Embedded Files
When a Debian OS is compromised, sysadmin is usually encouraged to create the operating system from scratch again since the OS is no longer trustworthy. Hence, this section guides you on how to harden Debian by OS snapshot and reproducible build.
Identified Threats
Identified Threats
These are the identified threats related to Debian Software.
(T-61) Debian OS Is Unrecoverable Upon Compromised
(T-61) Debian OS Is Unrecoverable Upon Compromised
When the Debian OS is compromised, its configuration, setup, etc are not recoverable.
(T-62) Kernel in Debian Stable is Out-of-Date
(T-62) Kernel in Debian Stable is Out-of-Date
While it is good to use Debian stable kernel, a lot of software (e.g. nvidia driver) would not work properly on the old kernel.
Actions Required
Actions Required
Here are the list if actions to counter the issues.
Use of Disk Imaging Capable Virtualization Technology
Use of Disk Imaging Capable Virtualization Technology
Sysadmin is always encouraged to build the OS using disk imaging capable virtualization technology as a master template. When there is a compromise, he/she can roll in the fixes inside this master template and re-flash it back into the system.
With this technology, one can quickly restore the OS by re-flashing instead of rebuilding the entire operating system.
Periodic Snapshot/Update Master Template
Periodic Snapshot/Update Master Template
Sysadmin is advised to snapshot/update the master OS template from time to time for any rolling updates at a given time.
Use backport Generic Kernel
Use backport Generic Kernel
Kernel in backport upstream has generic kernel. Hence, one can use that version over the old ones. See Kernel Packages.
That's all for hardening Debian by OS snapshot and reproducible build.
Page updated
Google Sites
Report abuse