Product SiteDocumentation Site

Apéndice A. Historia de revisiones

Historial de revisiones
Revisión 3-18.4Thu Apr 26 2018Marcos Fouces
Translation files synchronised with XML sources 3-18
Revisión 3-18.3Thu Apr 26 2018Marcos Fouces
Translation files synchronised with XML sources 3-18
Revisión 3-18.2Thu Apr 26 2018Marcos Fouces
Translation files synchronised with XML sources 3-18
Revisión 3-18.1Thu Apr 26 2018Marcos Fouces
Translation files synchronised with XML sources 3-18
Revisión 3-18April 2017Marcos Fouces
Migrate to Docbook XML.
Build with Publican. No longer use custom Makefile.
Revisión 3-17January 2017Thijs Kinkhorst
Remove mention of MD5 shadow passwords.
Do not recommend dselect for holding packages.
No longer include the Security Team FAQ verbatim, because it duplicates information documented elsewhere and is hence perpetually out of date.
Update section on restart after library upgrades to mention needrestart.
Avoid gender-specific language. Patch by Myriam.
Use LSB headers for firewall script. Patch by Dominic Walden.
Revisión 3-16January 2013Javier Fernández-Sanguino Peña.
Indicate that the document is not updated with latest versions.
Update pointers to current location of sources.
Update information on security updates for newer releases.
Point information for Developers to online sources instead of keeping the information in the document, to prevent duplication.
Extend the information regarding securing console access, including limiting the Magic SysRq key.
Update the information related to PAM modules including how to restrict console logins, use cracklib and use the features avialable in /etc/pam.d/login. Remove the references to obsolete variables in /etc/login.defs.
Reference some of the PAM modules available to use double factor authentication, for administrators that want to stop using passwords altogether.
Fix shell script example in Appendix.
Fix reference errors.
Point to the Basille sourceforge project instead of the site as it is not responding.
Revisión 3-15December 2010Javier Fernández-Sanguino Peña
Change reference to Log Analysis' website as this is no longer available.
Revisión 3-14March 2009Javier Fernández-Sanguino Peña
Change the section related to choosing a filesystem: note that ext3 is now the default.
Change the name of the packages related to enigmail to reflect naming changes introduced in Debian.
Revisión 3-13February 2008Javier Fernández-Sanguino Peña
Change URLs pointing to Bastille Linux to since the domain has been
Fix pointers to Linux Ramen and Lion worms.
Use linux-image in the examples instead of the (old) kernel-image packages.
Fix typos spotted by Francesco Poli.
Revisión 3-12August 2007Javier Fernández-Sanguino Peña
Update the information related to security updates. Drop the text talking about Tiger and include information on the update-notifier and adept tools (for Desktops) as well as debsecan. Also include some pointers to other tools available.
Divide the firewall applications based on target users and add fireflier to the Desktop firewall applications list.
Remove references to libsafe, it's not in the archive any longer (was removed January 2006).
Fix the location of syslog's configuration, thanks to John Talbut.
Revisión 3-11January 2007Javier Fernández-Sanguino Peña
Thanks go to Francesco Poli for his extensive review of the document.
Remove most references to the woody release as it is no longer available (in the archive) and security support for it is no longer available.
Describe how to restrict users so that they can only do file transfers.
Added a note regarding the debian-private declasiffication decision.
Updated link of incident handling guides.
Added a note saying that development tools (compilers, etc.) are not installed now in the default 'etch' installation.
Added a note saying that development tools (compilers, etc.) are not installed now in the default 'etch' installation.
Fix references to the master security server.
Add pointers to additional APT-secure documentation.
Improve the description of APT signatures.
Comment out some things which are not yet final related to the mirror's official public keys.
Fixed name of the Debian Testing Security Team.
Remove reference to sarge in an example.
Update the antivirus section, clamav is now available on the release. Also mention the f-prot installer.
Removes all references to freeswan as it is obsolete.
Describe issues related to ruleset changes to the firewall if done remotely and provide some tips (in footnotes).
Update the information related to the IDS installation, mention BASE and the need to setup a logging database.
Rewrite the "running bind as a non-root user" section as this no longer applies to Bind9. Also remove the reference to the init.d script since the changes need to be done through /etc/default.
Remove the obsolete way to setup iptables rulesets as woody is no longer supported.
Revert the advice regarding LOG_UNKFAIL_ENAB it should be set to 'no' (as per default).
Added more information related to updating the system with desktop tools (including update-notifier) and describe aptitude usage to update the system. Also note that dselect is deprecated.
Updated the contents of the FAQ and remove redundant paragraphs.
Review and update the section related to forensic analysis of malware.
Remove or fix some dead links.
Fix many typos and gramatical errors reported by Francesco Poli.
Revisión 3-10November 2006Javier Fernández-Sanguino Peña
Provide examples using apt-cache's rdepends as suggested by Ozer Sarilar.
Fix location of Squid's user's manual because of its relocation as notified by Oskar Pearson (its maintainer).
Fix information regarding umask, it's logins.defs (and not limits.conf) where this can be configured for all login connections. Also state what is Debian's default and what would be a more restrictive value for both users and root. Thanks to Reinhard Tartler for spotting the bug.
Revisión 3-9October 2006Javier Fernández-Sanguino Peña
Add information on how to track security vulnerabilities and add references to the Debian Testing Security Tracker.
Add more information on the security support for testing.
Fix a large number of typos with a patch provided by Simon Brandmair.
Added section on how to disable root prompt on initramfs provided by Max Attems.
Remove references to queso.
Note that testing is now security-supported in the introduction.
Revisión 3-8July 2006Javier Fernández-Sanguino Peña
Rewrote the information on how to setup ssh chroots to clarify the different options available, thank to Bruce Park for bringing up the different mistakes in this appendix.
Fix lsof call as suggested by Christophe Sahut.
Include patches for typo fixes from Uwe Hermann.
Fix typo in reference spotted by Moritz Naumann.
Revisión 3-7April 2006Javier Fernández-Sanguino Peña
Add a section on Debian Developer's best practices for security.
Ammended firewall script with comments from WhiteGhost.
Revisión 3-6March 2006Javier Fernández-Sanguino Peña
Included a patch from Thomas Sjögren which describes that noexec works as expected with "new" kernels, adds information regarding tempfile handling, and some new pointers to external documentation.
Add a pointer to Dan Farmer's and Wietse Venema's forensic discovery web site, as suggested by Freek Dijkstra, and expanded a little bit the forensic analysis section with more pointers.
Fixed URL of Italy's CERT, thanks to Christoph Auer.
Reuse Joey Hess' information at the wiki on secure apt and introduce it in the infrastructure section.
Review sections referring to old versions (woody or potato).
Fix some cosmetic issues with patch from Simon Brandmair.
Included patches from Carlo Perassi: acl patches are obsolete, openwall patches are obsolete too, removed fixme notes about 2.2 and 2.4 series kernels, hap is obsolete (and not present in WNPP), remove references to Immunix (StackGuard is now in Novell's hands), and fix a FIXME about the use of bsign or elfsign.
Updated references to SElinux web pages to point to the Wiki (currently the most up to date source of information).
Include file tags and make a more consistent use of "MD5 sum" with a patch from Jens Seidel.
Patch from Joost van Baal improving the information on the firewall section (pointing to the wiki instead of listing all firewall packages available) (Closes: #339865).
Review the FAQ section on vulnerability stats, thanks to Carlos Galisteo de Cabo for pointing out that it was out of date.
Use the quote from the Social Contract 1.1 instead of 1.0 as suggested by Francesco Poli.
Revisión 3-5November 2005Javier Fernández-Sanguino Peña
Note on the SSH section that the chroot will not work if using the nodev option in the partition and point to the latest ssh packages with the chroot patch, thanks to Lutz Broedel for pointing these issues out.
Fix typo spotted by Marcos Roberto Greiner (md5sum should be sha1sum in code snippet).
Included Jens Seidel's patch fixing a number of package names and typos.
Slightly update of the tools section, removed tools no longer available and added some new ones.
Rewrite parts of the section related to where to find this document and what formats are available (the website does provide a PDF version). Also note that copies on other sites and translations might be obsolete (many of the Google hits for the manual in other sites are actually out of date).
Revisión 3-4August-September 2005Javier Fernández-Sanguino Peña
Improved the after installation security enhancements related to kernel configuration for network level protection with a sysctl.conf file provided by Will Moy.
Improved the gdm section, thanks to Simon Brandmair.
Typo fixes from Frédéric Bothamy and Simon Brandmair.
Improvements in the after installation sections related to how to generate the MD5 (or SHA-1) sums of binaries for periodic review.
Updated the after installation sections regarding checksecurity configuration (was out of date).
Revisión 3-3June 2005Javier Fernández-Sanguino Peña
Added a code snippet to use grep-available to generate the list of packages depending on Perl. As requested in #302470.
Rewrite of the section on network services (which ones are installed and how to disable them).
Added more information to the honeypot deployment section mentioning useful Debian packages.
Revisión 3-2March 2005Javier Fernández-Sanguino Peña
Expanded the PAM configuration limits section.
Added information on how to use pam_chroot for openssh (based on pam_chroot's README).
Fixed some minor issues reported by Dan Jacobson.
Updated the kernel patches information partially based on a patch from Carlo Perassi and also by adding deprecation notes and new kernel patches available (adamantix).
Included patch from Simon Brandmair that fixes a sentence related to login failures in terminal.
Added Mozilla/Thunderbird to the valid GPG agents as suggested by Kapolnai Richard.
Expanded the section on security updates mentioning library and kernel updates and how to detect when services need to be restarted.
Rewrote the firewall section, moved the information that applies to woody down and expand the other sections including some information on how to manually set the firewall (with a sample script) and how to test the firewall configuration.
Added some information preparing for the 3.1 release.
Added more detailed information on kernel upgrades, specifically targeted at those that used the old installation system.
Added a small section on the experimental apt 0.6 release which provides package signing checks. Moved old content to the section and also added a pointer to changes made in aptitude.
Typo fixes spotted by Frédéric Bothamy.
Revisión 3-1January 2005Javier Fernández-Sanguino Peña
Added clarification to ro /usr with patch from Joost van Baal.
Apply patch from Jens Seidel fixing many typos.
FreeSWAN is dead, long live OpenSWAN.
Added information on restricting access to RPC services (when they cannot be disabled) also included patch provided by Aarre Laakso.
Update aj's apt-check-sigs script.
Apply patch Carlo Perassi fixing URLs.
Apply patch from Davor Ocelic fixing many errors, typos, urls, grammar and FIXMEs. Also adds some additional information to some sections.
Rewrote the section on user auditing, highlight the usage of script which does not have some of the issues associated to shell history.
Revisión 3-0December 2004Javier Fernández-Sanguino Peña
Rewrote the user-auditing information and include examples on how to use script.
Revisión 2-99March 2004Javier Fernández-Sanguino Peña
Added information on references in DSAs and CVE-Compatibility.
Added information on apt 0.6 (apt-secure merge in experimental).
Fixed location of Chroot daemons HOWTO as suggested by Shuying Wang.
Changed APACHECTL line in the Apache chroot example (even if its not used at all) as suggested by Leonard Norrgard.
Added a footnote regarding hardlink attacks if partitions are not setup properly.
Added some missing steps in order to run bind as named as provided by Jeffrey Prosa.
Added notes about Nessus and Snort out-of-dateness in woody and availability of backported packages.
Added a chapter regarding periodic integrity test checks.
Clarified the status of testing regarding security updates (Debian bug 233955).
Added more information regarding expected contents in securetty (since it's kernel specific).
Added pointer to snoopylogger (Debian bug 179409).
Added reference to guarddog (Debian bug 170710).
apt-ftparchive is in apt-utils, not in apt (thanks to Emmanuel Chantreau for pointing this out).
Removed jvirus from AV list.
Revisión 2-98Javier Fernández-Sanguino Peña
Fixed URL as suggested by Frank Lichtenheld.
Fixed PermitRootLogin typo as suggested by Stefan Lindenau.
Revisión 2-97September 2003Javier Fernández-Sanguino Peña
Added those that have made the most significant contributions to this manual (please mail me if you think you should be in the list and are not).
Added some blurb about FIXME/TODOs.
Moved the information on security updates to the beginning of the section as suggested by Elliott Mitchell.
Added grsecurity to the list of kernel-patches for security but added a footnote on the current issues with it as suggested by Elliott Mitchell.
Removed loops (echo to 'all') in the kernel's network security script as suggested by Elliott Mitchell.
Added more (up-to-date) information in the antivirus section.
Rewrote the buffer overflow protection section and added more information on patches to the compiler to enable this kind of protection.
Revisión 2-96August 2003Javier Fernández-Sanguino Peña
Removed (and then re-added) appendix on chrooting Apache. The appendix is now dual-licensed.
Revisión 2-95June 2003Javier Fernández-Sanguino Peña
Fixed typos spotted by Leonard Norrgard.
Added a section on how to contact CERT for incident handling (Capítulo 11, After the compromise (incident response)).
More information on setting up a Squid proxy.
Added a pointer and removed a FIXME thanks to Helge H. F.
Fixed a typo (save_inactive) spotted by Philippe Faes.
Fixed several typos spotted by Jaime Robles.
Revisión 2-94April 2003Javier Fernández-Sanguino Peña
Following Maciej Stachura's suggestions I've expanded the section on limiting users.
Fixed typo spotted by Wolfgang Nolte.
Fixed links with patch contributed by Ruben Leote Mendes
Added a link to David Wheeler's excellent document on the footnote about counting security vulnerabilities.
Revisión 2-93March 2003Frédéric Schütz
rewrote entirely the section of ext2 attributes (lsattr/chattr)
Revisión 2-92February 2003Javier Fernández-Sanguino Peña, Frédéric Schütz
Merge section 9.3 ("useful kernel patches") into section 4.13 ("Adding kernel patches"), and added some content.
Added a few more TODOs.
Added information on how to manually check for updates and also about cron-apt. That way Tiger is not perceived as the only way to do automatic update checks.
Slightly rewrite of the section on executing a security updates due to Jean-Marc Ranger comments.
Added a note on Debian's installation (which will suggest the user to execute a security update right after installation).
Revisión 2-91January/February 2003Javier Fernández-Sanguino Peña
Added a patch contributed by Frédéric Schütz.
Added a few more references on capabilities thanks to Frédéric.
Slight changes in the bind section adding a reference to BIND's 9 online documentation and proper references in the first area (Hi Pedro!).
Fixed the changelog date - new year :-).
Added a reference to Colin's articles for the TODOs.
Removed reference to old ssh+chroot patches.
More patches from Carlo Perassi.
Typo fixes (recursive in Bind is recursion), pointed out by Maik Holtkamp.
Revisión 2-9December 2002Javier Fernández-Sanguino Peña
Reorganized the information on chroot (merged two sections, it didn't make much sense to have them separated).
Added the notes on chrooting Apache provided by Alexandre Ratti.
Applied patches contributed by Guillermo Jover.
Revisión 2-8Javier Fernández-Sanguino Peña
Applied patches from Carlo Perassi, fixes include: re-wrapping the lines, URL fixes, and fixed some FIXMEs.
Updated the contents of the Debian security team FAQ.
Added a link to the Debian security team FAQ and the Debian Developer's reference, the duplicated sections might (just might) be removed in the future.
Fixed the hand-made auditing section with comments from Michal Zielinski.
Added links to wordlists (contributed by Carlo Perassi).
Fixed some typos (still many around).
Fixed TDP links as suggested by John Summerfield.
Revisión 2-7Javier Fernández-Sanguino Peña
Some typo fixes contributed by Tuyen Dinh, Bartek Golenko and Daniel K. Gebhart.
Note regarding /dev/kmem rootkits contributed by Laurent Bonnaud.
Fixed typos and FIXMEs contributed by Carlo Perassi.
Revisión 2-6September 2002Cris Tillman
Changed around to improve grammar/spelling.
s/host.deny/hosts.deny/ (1 place).
Applied Larry Holish's patch (quite big, fixes a lot of FIXMEs).
Revisión 2-5.1September 2002Javier Fernández-Sanguino Peña
Fixed minor typos submitted by Thiemo Nagel.
Added a footnote suggested by Thiemo Nagel.
Fixed an URL link.
Revisión 2-5.0August 2002Javier Fernández-Sanguino Peña
Applied a patch contributed by Philipe Gaspar regarding the Squid which also kills a FIXME.
Yet another FAQ item regarding service banners taken from the debian-security mailing list (thread "Telnet information" started 26th July 2002).
Added a note regarding use of CVE cross references in the How much time does the Debian security team... FAQ item.
Added a new section regarding ARP attacks contributed by Arnaud "Arhuman" Assad.
New FAQ item regarding dmesg and console login by the kernel.
Small tidbits of information to the signature-checking issues in packages (it seems to not have gotten past beta release).
New FAQ item regarding vulnerability assessment tools false positives.
Added new sections to the chapter that contains information on package signatures and reorganized it as a new Debian Security Infrastructure chapter.
New FAQ item regarding Debian vs. other Linux distributions.
New section on mail user agents with GPG/PGP functionality in the security tools chapter.
Clarified how to enable MD5 passwords in woody, added a pointer to PAM as well as a note regarding the max definition in PAM.
Added a new appendix on how to create chroot environments (after fiddling a bit with makejail and fixing, as well, some of its bugs), integrated duplicate information in all the appendix.
Added some more information regarding SSH chrooting and its impact on secure file transfers. Some information has been retrieved from the debian-security mailing list (June 2002 thread: secure file transfers).
New sections on how to do automatic updates on Debian systems as well as the caveats of using testing or unstable regarding security updates.
New section regarding keeping up to date with security patches in the Before compromise section as well as a new section about the debian-security-announce mailing list.
Added information on how to automatically generate strong passwords.
New section regarding login of idle users.
Reorganized the securing mail server section based on the Secure/hardened/minimal Debian (or "Why is the base system the way it is?") thread on the debian-security mailing list (May 2002).
Reorganized the section on kernel network parameters, with information provided in the debian-security mailing list (May 2002, syn flood attacked? thread) and added a new FAQ item as well.
New section on how to check users passwords and which packages to install for this.
New section on PPTP encryption with Microsoft clients discussed in the debian-security mailing list (April 2002).
Added a new section describing what problems are there when binding any given service to a specific IP address, this information was written based on the Bugtraq mailing list in the thread: Linux kernel 2.4 "weak end host" issue (previously discussed on debian-security as "arp problem") (started on May 9th 2002 by Felix von Leitner).
Added information on ssh protocol version 2.
Added two subsections related to Apache secure configuration (the things specific to Debian, that is).
Added a new FAQ related to raw sockets, one related to /root, an item related to users' groups and another one related to log and configuration files permissions.
Added a pointer to a bug in libpam-cracklib that might still be open... (need to check).
Added more information regarding forensics analysis (pending more information on packet inspection tools such as tcpflow).
Changed the "what should I do regarding compromise" into a bullet list and included some more stuff.
Added some information on how to set up the Xscreensaver to lock the screen automatically after the configured timeout.
Added a note related to the utilities you should not install in the system. Included a note regarding Perl and why it cannot be easily removed in Debian. The idea came after reading Intersect's documents regarding Linux hardening.
Added information on lvm and journalling file systems, ext3 recommended. The information there might be too generic, however.
Added a link to the online text version (check).
Added some more stuff to the information on firewalling the local system, triggered by a comment made by Hubert Chan in the mailing list.
Added more information on PAM limits and pointers to Kurt Seifried's documents (related to a post by him to Bugtraq on April 4th 2002 answering a person that had ``discovered'' a vulnerability in Debian GNU/Linux related to resource starvation).
As suggested by Julián Muñoz, provided more information on the default Debian umask and what a user can access if given a shell in the system (scary, huh?).
Included a note in the BIOS password section due to a comment from Andreas Wohlfeld.
Included patches provided by Alfred E. Heggestad fixing many of the typos still present in the document.
Added a pointer to the changelog in the Credits section since most people who contribute are listed here (and not there).
Added a few more notes to the chattr section and a new section after installation talking about system snapshots. Both ideas were contributed by Kurt Pomeroy.
Added a new section after installation just to remind users to change the boot-up sequence.
Added some more TODO items provided by Korn Andras.
Added a pointer to the NIST's guidelines on how to secure DNS provided by Daniel Quinlan.
Added a small paragraph regarding Debian's SSL certificates infrastructure.
Added Daniel Quinlan's suggestions regarding ssh authentication and exim's relay configuration.
Added more information regarding securing bind including changes suggested by Daniel Quinlan and an appendix with a script to make some of the changes commented on in that section.
Added a pointer to another item regarding Bind chrooting (needs to be merged).
Added a one liner contributed by Cristian Ionescu-Idbohrn to retrieve packages with tcpwrappers support.
Added a little bit more info on Debian's default PAM setup.
Included a FAQ question about using PAM to provide services without shell accounts.
Moved two FAQ items to another section and added a new FAQ regarding attack detection (and compromised systems).
Included information on how to set up a bridge firewall (including a sample Appendix). Thanks to Francois Bayart who sent this to me in March.
Added a FAQ regarding the syslogd's MARK heartbeat from a question answered by Noah Meyerhans and Alain Tesio in December 2001.
Included information on buffer overflow protection as well as some information on kernel patches.
Added more information (and reorganized) the firewall section. Updated the information regarding the iptables package and the firewall generators available.
Reorganized the information regarding log checking, moved logcheck information from host intrusion detection to that section.
Added some information on how to prepare a static package for bind for chrooting (untested).
Added a FAQ item regarding some specific servers/services (could be expanded with some of the recommendations from the debian-security list).
Added some information on RPC services (and when it's necessary).
Added some more information on capabilities (and what lcap does). Is there any good documentation on this? I haven't found any documentation on my 2.4 kernel.
Se corrigieron algunos errores ortográficos.
Revisión 2-4June 2002Javier Fernández-Sanguino Peña
Reescrita la parte de la sección BIOS.
Revisión 2-3.1April 2002Javier Fernández-Sanguino Peña
La mayoría de los archivos se encuentran marcados con la etiqueta file.
Fallo de ortografía observado por Edi Stojicevi.
La sección de herramientas de auditoría remota se ha modificado ligeramente.
Se añadieron algunas piezas de PORHACER.
Se añadió más información con respecto a impresoras y los archivos de configuración de cups (tomado de un hilo en debian-security).
Se añadió un parche suministrado por Jesus Climent relacionado con el acceso de usuarios válidos del sistema en Proftpd cuando se ha configurado como servidor anónimo.
Pequeños cambios sobre divisiones de esquemas para el caso especial de servidores de correo.
Se añadió Hacking Linux Exposed para la sección de los libros.
Error en directorio notificado por Eduardo Pérez Ureta.
Error ortográfico /etc/ssh en la checklist notificado por Edi Stojicevi.
Revisión 2-3.0April 2002Javier Fernández-Sanguino Peña
Cambio de ubicación del fichero de configuración de dpkg.
Alexander eliminado de la información de contacto.
Se añadieron direcciones de correo alternativas.
Se arregló la dirección de correo de Alexander (aún entre comentarios).
Se arregló la ubicación de la llave publicada de la distribución (gracias a Pedro Zorzenon por señalarlo).
Revisión 2-2April 2002Javier Fernández-Sanguino Peña
Se arreglaron errores ortográficos gracias a Jamin W. Collins.
Se añadió una referencia a la página de manual de apt-extracttemplate (documenta la configuración APT::ExtracTemplate).
Se añadió la sección sobre SSH restringido. Información basada en los correos enviados por Mark Janssen, Christian G. Warden y Emmanuel Lacour en la lista de correo debian-security.
Se añadió información sobre programas antivirus.
Se añadió un FAQ: las bitácoras de su debido al cron que se ejecuta como root.
Revisión 2-1April 2002Javier Fernández-Sanguino Peña
Se eliminó el ARREGLAME de lshell gracias a Oohara Yuuma.
Se agregó un paquete para sXid y se eliminaron comentarios desde que éste se encuentra disponible.
Se corrigieron algunos fallos ortográficos descubiertos por Oohara Yuuma.
ACID está ahora disponible en Debian (en el paquete acidlab). Gracias a Oohara Yuuma por notificarlo.
Se arreglaron los URLs de seguridad de Linux (gracias a Dave Wreski por comentarlo). versión 2.0 cuando todos los ARREGLAMEs estaban cambiados, pero los eliminé de los números 1.9X :(
Revisión 2-0March 2002Javier Fernández-Sanguino Peña
Se convirtió el HOWTO a un manual (ahora puedo decir apropiadamente LEJM).
Se añadió más información con respecto a los tcpwrappers y a Debian (ahora muchos servicios están compilados con soporte para ellos, así que ya no es problema de inetd).
Se aclaró la información sobre como deshabilitar el servicio rpc para hacerlo más consistente (la información rpc hacía referencia a update-rc.d).
Se añadieron pequeñas notas sobre lprng.
Se agregó alguna información sobre servidores comprometidos (aún muy rústico).
Se corrigieron fallos ortográficos detectados por Mark Bucciarelli.
Se añadieron algunos pasos en la recuperación de password para proteger los casos en que el administrador tiene paranoid-mode=on.
Se añadió información para colocar paranoid-mode=on cuando el login está en la consola.
Nuevo párrafo para introducir las configuraciones de servicios.
Se reorganizó la sección Después de la instalación. Además ésta se descompone en varios temas más, facilitando la lectura.
Se escribió información sobre como montar un cortafuegos con el montaje estándar de Debian 3.0 (paquete iptables).
Un pequeño párrafo explicando por qué la instalación estando conectado a Internet no es buena idea y cómo evitar esto usando las herramientas Debian.
Un pequeño párrafo referenciando a un trabajo publicado en el IEEE sobre como aplicar a tiempo parches de seguridad.
Un apéndice sobre como montar una máquina snort Debian basada en lo que Vladimir envió a la lista de seguridad de debian-security (3 de septiembre de 2001).
Información sobre como logcheck se monta en Debian y como puede ser usado en el sistema HIDS.
Información sobre la contabilidad del usuario y los beneficios de los análisis.
Se incluyó la configuración apt.conf para leer únicamente /usr copiado del correo de Olaf Meeuwissen a la lista de correos debian-security.
Nueva sección en VPN con algunas indicaciones y paquetes disponibles en Debian (se necesita contenido de como establecer VPNs y problemas específicos de Debian), basado en los envíos de Jaroslaw Tabor y Samuli Suonpaa a la lista debian-security.
Una corta nota con respecto a algún programa que automáticamente construye jaulas para el cambio de directorio raíz.
Nuevo artículo FAQ con respecto a identd basado en una discusión en la lista de correo debian-security (febrero 2002, empezado por Johannes Weiss).
Nuevo artículo FAQ con respecto al inetd basada en una discusión en la lista de correo debian-security (febrero 2002).
Se introdujo una nota en rcconf en la sección "deshabilitar servicios".
Varió el enfoque con respecto a LKM, gracias a Philipe Gaspar.
Se añadieron enlaces a documentos del CERT y fuentes de información de Couterpane.
Revisión 1-99January 2002Javier Fernández-Sanguino Peña
Se añadió un nuevo FAQ con respecto al tiempo de arreglo de vulnerabilidades de seguridad.
Secciones FAQ reorganizadas.
Se comenzó a escribir la sección con respecto al firewalling en Debian GNU/Linux (podría ser ampliado un poco).
Eliminados errores ortográficos detectados por Matt Kraai.
Cambiada la información de DNS.
Se agregó información sobre whisker y nbtscan para la sección de auditoría.
Se modificó algún URL erróneo.
Revisión 1-98January 2002Javier Fernández-Sanguino Peña
Se añadió una nueva sección con respecto a la auditoría usando Debian GNU/Linux.
Se añadió información con respecto al demonio finger tomada de la lista de correo de seguridad.
Revisión 1-97January 2002Javier Fernández-Sanguino Peña
Se cambió el enlace a Linux Trustees.
Se corrigieron fallos ortográficos (parches de Oohara Yuuma y Pedro Zorzenon).
Revisión 1-96December 2001Javier Fernández-Sanguino Peña
Se reorganizó el servicio de instalación y se añadieron y eliminaron algunas notas.
Se añadieron algunas notas con respecto al uso de sistemas de comprobación de integridad como herramientas de detección de intrusos.
Se añadió un capítulo con respecto firmas de paquetes.
Revisión 1-95December 2001Javier Fernández-Sanguino Peña
Se añadieron notas con respecto a la seguridad de Squid enviadas por Philipe Gaspar.
Cambios de enlaces sobre rookits gracias a Philipe Gaspar.
Revisión 1-94November 2001Javier Fernández-Sanguino Peña
Se añadieron algunas notas con respecto a Apache y Lpr/lpng.
Se añadió alguna información con respecto a noexec y particiones de acceso aleatorio.
Reescritura de como puede el usuario ayudar en los asuntos de seguridad Debian (FAQ).
Revisión 1-93November 2001Javier Fernández-Sanguino Peña
Se arregló el sitio donde se encuentra el programa de correo.
Se añadieron algunos nuevos elementos a las FAQ.
Revisión 1-92October 2001Javier Fernández-Sanguino Peña
Añadió una pequeña sección de como se maneja la seguridad en Debian.
Clarificación sobre las contraseñas MD5 (gracias a `rocky').
Añadida un poco más de información con respecto a harden-X de Stephen Egmond.
Se añadieron algunos nuevos elementos a las FAQ.
Revisión 1-91October 2001Javier Fernández-Sanguino Peña
Añadida un poco de información forense enviada por Yotam Rubin.
Añadió información de como construir una red trampa con Debian GNU/Linux.
Añadidas unas cosas a hacer más.
Corrección de más errores ortográficos (gracias a Yotam).
Revisión 1-9October 2001Javier Fernández-Sanguino Peña
Se añadió un parche para arreglar errores de ortografía y un poco de nueva información (contribuido por Yotam Rubin).
Se añadieron referencias a otra documentación en línea (y no en línea) tanto en una única sección (vea Sección 2.2, “Sea consciente de los problemas de seguridad general”) como dentro de algunas secciones.
Añadida alguna información sobre como configurar opciones de bind para restringir el acceso al servidor de DNS.
Agregada información de como bastionar un sistema de Debian automáticamente (con respecto al paquete harden y bastille).
Eliminados algunos PORHACER hechos y añadidos otros nuevos.
Revisión 1-8October 2001Javier Fernández-Sanguino Peña
Se añadió la lista de usuario/grupo por defecto proporcionada por Joey Hess (enviada a la lista de correo debian-security).
Se añadió información sobre los rootkits LKM (Sección 10.4.1, “LKM - Loadable Kernel Modules (módulos cargables en el núcleo)”) contribuida por Philipe Gaspar.
Se agregó información sobre Proftp contribuida por Emmanuel Lacour.
Se recuperó el apéndice checklist de Era Eriksson.
Se añadieron algunos artículos nuevos al PORHACER y se arreglaron otros.
Se incluyeron manualmente los parches de Era dado que no se habían incluido en la versión anterior.
Revisión 1-7September 2001Javier Fernández-Sanguino Peña, Era Eriksson
Se arreglaron errores ortográficos y se cambiaron algunas palabras.
Cambios menores de las etiquetas para seguir removiendo las tt, y sustituirlas por las etiquetas de prgn/package.
Revisión 1-6August 2001Javier Fernández-Sanguino Peña
Se añadió el enlace al documento como se publicó en el DDP (debería reemplazar el original en el futuro cercano).
Comenzó un mini-FAQ (debería extenderse) con algunas preguntas recuperadas de mi buzón.
Se añadió información general a considerar cuando se está bastionando.
Se añadió un párrafo con respecto al envío de correo local (entrante).
Se añadieron enlaces de información.
Se añadió información con respecto al servicio de impresión.
Se añadió una lista de chequeo de bastionado.
Se reorganizó información de NIS y RPC.
Se añadieron algunas notas tomadas mientras está leyendo este documento en mi nuevo visor :)
Se arreglaron algunas líneas mal formateadas.
Se corrigieron algunos errores ortográficos.
Se añadieron ideas Geniales/Paranoícas contribuidas por Gaby Schilders.
Revisión 1-5May 2001Javier Fernández-Sanguino Peña, Josip Rodin
Se añadieron párrafos relacionados con bind y algunos ARREGLAMEs.
Revisión 1-4May 2001Javier Fernández-Sanguino Peña
Se revisaron algunos setuid pequeños.
Cambios menores.
Se averiguó como usar sgml2txt -f para la versión txt.
Revisión 1-3March 2001Javier Fernández-Sanguino Peña
Se añadió una actualización de seguridad después del párrafo de la instalación.
Se añadió un párrafo del proftpd.
En ésta ocasión se escribió algo sobre XDM, disculpas por el anterior.
Revisión 1-2December 2000Javier Fernández-Sanguino Peña
Muchas correcciones de gramática por James Treacy, nuevo párrafo de XDM.
Revisión 1-1December 2000Javier Fernández-Sanguino Peña
Errores ortográficos, cambios varios.
Revisión 1-0December 2000Javier Fernández-Sanguino Peña
Versión inicial.