Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Help with install Debian with security in mind.
Help with install Debian with security in mind.
So I have been trying debian in virtualbox for a while now and while I still have
several things to learn I am restricted by only using it in the VM.
So the next step is to install it as my main OS for a while.
So I am reading the Securing Debian Manual and it is pretty advanced (not very beginner friendly) and not that easy to follow sometimes.
It says Do not plug to the Internet until ready and suggests to block everything but updates with a firewall
B.6. Security update protected by a firewall
https://www.debian.org/doc/manuals/secu ... te.en.html
But wont I have to connect to the internet to install the firewall?
These lines also have confused
FIXME: This needs DNS to be working properly since it is required for security.
debian.org to work. You can add security.debian.org to /etc/hosts but now it is
a CNAME to several hosts (there is more than one security mirror)
FIXME: this will only work with HTTP URLs since ftp might need the ip_conntrack_ftp module, or use passive mode.
How do the more advanced users here install debian on your system? Tips is appreciated.
several things to learn I am restricted by only using it in the VM.
So the next step is to install it as my main OS for a while.
So I am reading the Securing Debian Manual and it is pretty advanced (not very beginner friendly) and not that easy to follow sometimes.
It says Do not plug to the Internet until ready and suggests to block everything but updates with a firewall
B.6. Security update protected by a firewall
https://www.debian.org/doc/manuals/secu ... te.en.html
But wont I have to connect to the internet to install the firewall?
These lines also have confused
FIXME: This needs DNS to be working properly since it is required for security.
debian.org to work. You can add security.debian.org to /etc/hosts but now it is
a CNAME to several hosts (there is more than one security mirror)
FIXME: this will only work with HTTP URLs since ftp might need the ip_conntrack_ftp module, or use passive mode.
How do the more advanced users here install debian on your system? Tips is appreciated.
-
- Global Moderator
- Posts: 2931
- Joined: 2014-07-20 18:12
- Location: Europe
- Has thanked: 72 times
- Been thanked: 401 times
Re: Help with install Debian with security in mind.
Hello,
IMHO, standard installation of a Debian stable release is usually quite secure from network attacks, anyway. Therefore, firewall configuration is not strictly required for a standard personal computer in a controlled network (e.g. connected to a router with an embedded firewall), unless services or programs at risk are installed or unless the network is already compromised.
Usually, the basic "rule of the thumb" is activate only the strictly required network services.
Of course, not even a firewall can protect you from some kind of attacks that relies on user's deception (e.g. phishing), but they are not properly network attacks.
The basic commands to manually configure a firewall are usually already shipped with standard debian install images (ISO images), therefore you have not to get it from a repository on the internet. These basic commands have been updated (see https://wiki.debian.org/nftables) in respect to the ones listed in the aforementioned guide, but they are still supported with optional packages.jazzeroo wrote: ↑2022-06-08 02:18 [..] I am reading the Securing Debian Manual and it is pretty advanced (not very beginner friendly) and not that easy to follow sometimes. It says Do not plug to the Internet until ready and suggests to block everything but updates with a firewall
B.6. Security update protected by a firewall
https://www.debian.org/doc/manuals/secu ... te.en.html
But wont I have to connect to the internet to install the firewall?
IMHO, standard installation of a Debian stable release is usually quite secure from network attacks, anyway. Therefore, firewall configuration is not strictly required for a standard personal computer in a controlled network (e.g. connected to a router with an embedded firewall), unless services or programs at risk are installed or unless the network is already compromised.
Usually, the basic "rule of the thumb" is activate only the strictly required network services.
Of course, not even a firewall can protect you from some kind of attacks that relies on user's deception (e.g. phishing), but they are not properly network attacks.
Last edited by Aki on 2022-06-11 05:41, edited 1 time in total.
- dilberts_left_nut
- Administrator
- Posts: 5346
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: Help with install Debian with security in mind.
+1
Stop worrying and just install it.
If you understand how a firewall works, you will know how to set it up for your needs.
If you don't know, you don't need one - it will only cause you grief and will not help with your "security".
Stop worrying and just install it.
If you understand how a firewall works, you will know how to set it up for your needs.
If you don't know, you don't need one - it will only cause you grief and will not help with your "security".
AdrianTM wrote:There's no hacker in my grandma...
Re: Help with install Debian with security in mind.
Thank you both for the replies. I believe I do need a firewall though but I'll stick to setting it up with Ufw since I am able to use it at my skill level.
- dilberts_left_nut
- Administrator
- Posts: 5346
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: Help with install Debian with security in mind.
And what do you hope that will achieve?
AdrianTM wrote:There's no hacker in my grandma...
-
- Global Moderator
- Posts: 2931
- Joined: 2014-07-20 18:12
- Location: Europe
- Has thanked: 72 times
- Been thanked: 401 times
Re: Help with install Debian with security in mind.
Experimenting is always interesting and useful to learn more. :wink:
Happy Debian & happy hacking
- dilberts_left_nut
- Administrator
- Posts: 5346
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: Help with install Debian with security in mind.
AdrianTM wrote:There's no hacker in my grandma...
Re: Help with install Debian with security in mind.
I am back to pester you with more questions.
I am making the usb iso to install debian as I type this and I get that you probably think that I am overly concerned about things but in the guide it says to validate the installation with checksum, which I did and it was correct but then it also said:
To ensure that the checksums files themselves are correct, use GnuPG to verify them against the accompanying signature files.
I was not able to do this since I am using Windows and cold not find a comprehensive guide to do it on Windows if it is possible at all.
How important is this step? And if it is important can it be done in Windows?
I am making the usb iso to install debian as I type this and I get that you probably think that I am overly concerned about things but in the guide it says to validate the installation with checksum, which I did and it was correct but then it also said:
To ensure that the checksums files themselves are correct, use GnuPG to verify them against the accompanying signature files.
I was not able to do this since I am using Windows and cold not find a comprehensive guide to do it on Windows if it is possible at all.
How important is this step? And if it is important can it be done in Windows?
Last edited by jazzeroo on 2022-06-11 10:29, edited 1 time in total.
Re: Help with install Debian with security in mind.
Protection from someone hacking my computer and using it as a zombie machine for example. I have been subjected to a number of probably random port scans lately and I rather be safe then sorry.
I know that a firewall is not a protect against everything solution but they must be doing some good.
I will read the article you provided but I haven't yet.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Help with install Debian with security in mind.
I would take issue with this because it doesn't cover common desktop use cases where the only ports required are 80 (http) & 443 (https), which will always be open for established and related connections (ie, those opened by the user) even with restrictive rulesets.
The only way nftable's supplied "workstation" ruleset (basic default-deny) would cause any problems is if the desktop user wanted to run a server or something and in that case they would know which port(s) to open. Otherwise a restrictive ruleset just prevents inadvertent exposure, for example if a service was installed that listened to ports but the user was unaware of this the firewall blocks the ports with no action required. Yes the service would break but that's a good thing. Without a firewall the service would be left running and exposed without the user's knowledge.
The resource overhead for nftables is so small that I really do think it's worth running in default-deny if you know you don't ever want to expose listening services.
They can scan all the ports they want, it will be completely ineffective unless you have any services listening to the ports and keeping them open. A firewall is not needed to keep ports closed unless an installed service is trying to use them.jazzeroo wrote:I have been subjected to a number of probably random port scans lately
Firewalls are a nice fallback but the best approach is to make sure you know exactly which ports are open and exactly what is listening to them:
Code: Select all
# netstat -tulpn | grep LISTEN
EDIT:
GNUPG is available for Windows:jazzeroo wrote:To ensure that the checksums files themselves are correct, use GnuPG to verify them against the accompanying signature files.
I was not able to do this since I am using Windows and cold not find a comprehensive guide to do it on Windows if it is possible at all.
https://gnupg.org/download/
deadbang
- fabien
- Forum Helper
- Posts: 668
- Joined: 2019-12-03 12:51
- Location: Anarres (Toulouse, France actually)
- Has thanked: 61 times
- Been thanked: 154 times
Re: Help with install Debian with security in mind.
But it is needed to keep ports stealth.
I accept (almost) everything over IPv4 because it is already on a private network behind NAT (filtering would lead to unexpected behaviours with certain protocols or complicated rules). I filter IPv6 in input.
But I don't worry too much during the install (I always start with minimal installs), it's more of a long term measure. However, the rules could be applied early.
Code: Select all
#!/usr/sbin/nft -f
flush ruleset
# ----- IPv4 -----
table ip filter {
chain INPUT {
### accept all ipv4 traffic which should be on the local network behind the gateway
type filter hook input priority 0; policy drop;
ct state invalid counter drop
iif lo accept comment "accept loopback"
iif != lo ip daddr 127.0.0.1/8 counter drop comment "drop connections to loopback not coming from loopback"
### Force SYN checks.
tcp flags & (fin|syn|rst|ack) != syn ct state new counter drop
### Drop XMAS packets.
tcp flags & (fin|syn|rst|psh|ack|urg) == fin|syn|rst|psh|ack|urg counter drop
### Drop NULL packets.
tcp flags & (fin|syn|rst|psh|ack|urg) == 0x0 counter drop
tcp dport 22 ct state new limit rate over 5/minute log prefix "NFT_IPV4_input_ssh22_RateLimit_drop " drop
tcp dport 22 ct state new log prefix "NFT_IPV4_input_ssh22_accept " accept
ct state {new, established, related} accept
}
chain FORWARD {
type filter hook forward priority 0; policy drop;
counter comment "NFT ipv4 forward dropped packets count"
}
chain OUTPUT {
type filter hook output priority 0; policy accept;
ct state invalid counter drop
#counter comment "count accepted packets"
}
}
# ----- IPv6 -----
table ip6 filter {
chain INPUT {
type filter hook input priority 0; policy drop;
ct state invalid counter drop comment "NFT ipv6 early drop of invalid packets"
iif lo accept comment "NFT ipv6 accept loopback"
iif != lo ip6 daddr ::1/128 counter drop comment "NFT ipv6 drop connections to loopback not coming from loopback"
### Force SYN checks.
tcp flags & (fin|syn|rst|ack) != syn ct state new counter drop comment "Force SYN checks"
### Drop XMAS packets.
tcp flags & (fin|syn|rst|psh|ack|urg) == fin|syn|rst|psh|ack|urg counter drop comment "Drop XMAS packets"
### Drop NULL packets.
tcp flags & (fin|syn|rst|psh|ack|urg) == 0x0 counter drop comment "Drop NULL packets"
### ICMP - accept all but echo requests
icmpv6 type {echo-request} counter drop comment "NFT ipv6 drop input icmp echo-request"
ip6 nexthdr icmpv6 accept comment "NFT ipv6 accept all ICMP types"
### Rules with “limit” need to be put before rules accepting “established” connections
tcp dport 22 ct state new limit rate 5/minute counter log prefix "NFT_IPV6_input_ssh22_accept " accept comment "NFT ipv6 accept SSH22"
ct state {established, related} accept
counter comment "count dropped packets"
}
chain FORWARD {
type filter hook forward priority 0; policy drop;
counter comment "NFT ipv6 forward dropped packets count"
}
chain OUTPUT {
type filter hook output priority 0; policy accept;
icmpv6 type {echo-reply} counter drop comment "NFT ipv6 drop output icmp echo-reply"
ct state invalid counter drop
#counter comment "count accepted packets"
}
}
I also have a /etc/sysctl.d/98-networking.conf file as follow (caveat: some settings are subject to discussions, always document yourself beforehand):
Code: Select all
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#######################################################
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to prevent some spoofing attacks
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.enp2s0.rp_filter=1 ### to be adapted to interface name (see /proc/sys/net/ipv4/conf/)
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4 (router)
#net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6 (router)
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
# Do not accept ICMP redirects (prevent MITM attacks)
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.enp2s0.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.enp2s0.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
# Do not send ICMP redirects (we are not a router)
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.enp2s0.send_redirects = 0
# Do not accept IP source route packets (we are not a router)
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.enp2s0.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv6.conf.enp2s0.accept_source_route = 0
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
If you access checksum files over say https, there's already a security layer. And if the entire Debian architecture is compromised, global scandal should reach you.
edit: revised nftables rules order
Last edited by fabien on 2022-06-13 00:30, edited 1 time in total.
- craigevil
- Posts: 5391
- Joined: 2006-09-17 03:17
- Location: heaven
- Has thanked: 28 times
- Been thanked: 39 times
Re: Help with install Debian with security in mind.
If you are truly paranoid you might like Opensnitch.
https://github.com/evilsocket/opensnitch/releases
Some truly hardening packages:
https://salsa.debian.org/corsac/hardeni ... ter/debian
https://gitlab.com/taggart/lockdown
https://usbguard.github.io/
Security scanners:
https://www.enyo.de/fw/software/debsecan/
https://cisofy.com/lynis/
https://madaidans-insecurities.github.i ... ening.html
My /etc/sysctl.conf
My ufw config is just the default; Deny Incoming Allow Outgoing.
I also have Apparmor setup.https://help.ubuntu.com/community/AppArmor
https://github.com/evilsocket/opensnitch/releases
Some truly hardening packages:
https://salsa.debian.org/corsac/hardeni ... ter/debian
https://gitlab.com/taggart/lockdown
https://usbguard.github.io/
Security scanners:
https://www.enyo.de/fw/software/debsecan/
https://cisofy.com/lynis/
https://madaidans-insecurities.github.i ... ening.html
My /etc/sysctl.conf
Code: Select all
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
# https://madaidans-insecurities.github.io/guides/linux-hardening.html
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
kernel.printk = 3 3 3 3
kernel.unprivileged_bpf_disabled=1
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# protects against IP spoofing
net.ipv4.conf.all.secure_redirects = 0
# Do not send ICMP redirects (we are not a router)
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.all.secure_redirects=0
net.ipv4.conf.default.secure_redirects=0
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.default.accept_redirects=0
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.default.send_redirects=0
# Do not accept IP source route packets (we are not a router)
net.ipv4.conf.all.accept_source_route =0
net.ipv4.conf.default.accept_source_route=0
net.ipv6.conf.all.accept_source_route =0
net.ipv6.conf.default.accept_source_route=0
# Malicious IPv6 router advertisements can result in a man-in-the-middle attack so they should be disabled.
net.ipv6.conf.all.accept_ra= 0
net.ipv6.conf.default.accept_ra=0
# Log Martian Packets
net.ipv4.conf.all.log_martians = 1
# Protect IP Spoofing
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.default.rp_filter=1
# Prevent Clock Fingerprinting
net.ipv4.icmp_echo_ignore_all=1
###################################################################
# Magic system request Key
# 0=disable, 1=enable all, >1 bitmask of sysrq functions
# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html
# for what other values do
#kernel.sysrq=438
###################################################################
# Manual settings - these settings are to optimize for SSD drive
# Ref: https://wiki.archlinux.org/index.php/Solid_State_Drives
vm.swappiness=20
vm.vfs_cache_pressure=50
# Restrict useage of ptrace
# kernel.yama.ptrace_scope=2
# Disble TCP SACK
# net.ipv4.tcp_sack=0
# net.ipv4.tcp_dsack=0
# net.ipv4.tcp_fack=0
# Increase entrop used for mmap ASLR
# vm.mmap_rnd_bits=32
# vm.mmap_rnd_compat_bits=16
# Prevent TOCTOU races
# fs.protected_symlinks=1
# fs.protected_hardlinks=1
# Prevent creating files in potentially attacker-controlled environments
# fs.protected_fifos=2
# fs.protected_regular=2
# File watch for vscode
fs.inotify.max_user_watches=524288
I also have Apparmor setup.https://help.ubuntu.com/community/AppArmor
Raspberry PI 400 Distro: Raspberry Pi OS Base: Debian Sid Kernel: 5.15.69-v8+ aarch64 DE: MATE Ram 4GB
Debian - "If you can't apt install something, it isn't useful or doesn't exist"
My Giant Sources.list
Debian - "If you can't apt install something, it isn't useful or doesn't exist"
My Giant Sources.list
- Hallvor
- Global Moderator
- Posts: 2042
- Joined: 2009-04-16 18:35
- Location: Kristiansand, Norway
- Has thanked: 149 times
- Been thanked: 212 times
Re: Help with install Debian with security in mind.
Don't worry so much. I sense a Windows mindset. 99,99% (=random number pulled out of my arse) of all malware won't run on GNU/Linux. Bad things can still happen, though.
* Install a firewall to block access to inadvertently started (or unconfigured) services.
* Only install services you really need, and then configure them with maximum security in mind. (NOT SSH server on port 22 with "root" as password)
* Use unattended-upgrades to install security upgrades automatically.
* Don't install themes and random applications from outside the repositories.
Can you still get hacked? Yes. However, it is very unlikely.
* Install a firewall to block access to inadvertently started (or unconfigured) services.
* Only install services you really need, and then configure them with maximum security in mind. (NOT SSH server on port 22 with "root" as password)
* Use unattended-upgrades to install security upgrades automatically.
* Don't install themes and random applications from outside the repositories.
Can you still get hacked? Yes. However, it is very unlikely.
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
Re: Help with install Debian with security in mind.
A couple of practical tips. First, install Debian Stable (Bullseye). Use only software you download from the Stable repositories. It is called Stable for a reason. It has been tested for performance and security.
Next, if your router has a built-in firewall set it to the strongest setting. It may not accomplish much but you will feel better.
Harden your browser. This is, in my opinion, the major weak spot. As they come browsers leak your data left, right and centre. If you use Firefox browser or one of the FF clones install the Ublock Origin extension.
Most importantly, stay away from questionable Web sites.
Next, if your router has a built-in firewall set it to the strongest setting. It may not accomplish much but you will feel better.
Harden your browser. This is, in my opinion, the major weak spot. As they come browsers leak your data left, right and centre. If you use Firefox browser or one of the FF clones install the Ublock Origin extension.
Most importantly, stay away from questionable Web sites.
- fabien
- Forum Helper
- Posts: 668
- Joined: 2019-12-03 12:51
- Location: Anarres (Toulouse, France actually)
- Has thanked: 61 times
- Been thanked: 154 times
Re: Help with install Debian with security in mind.
Note that this setting prevents IPv6 address configuration via DHCP (I tested and can confirm, no IPv6 address). A static IPv6 address is of course always possible.craigevil wrote: ↑2022-06-11 17:58My /etc/sysctl.confCode: Select all
[...] # Malicious IPv6 router advertisements can result in a man-in-the-middle attack so they should be disabled. net.ipv6.conf.all.accept_ra= 0 net.ipv6.conf.default.accept_ra=0 [...]
- craigevil
- Posts: 5391
- Joined: 2006-09-17 03:17
- Location: heaven
- Has thanked: 28 times
- Been thanked: 39 times
Re: Help with install Debian with security in mind.
Nice catch! I have commented it and added the blog post as a note.
Raspberry PI 400 Distro: Raspberry Pi OS Base: Debian Sid Kernel: 5.15.69-v8+ aarch64 DE: MATE Ram 4GB
Debian - "If you can't apt install something, it isn't useful or doesn't exist"
My Giant Sources.list
Debian - "If you can't apt install something, it isn't useful or doesn't exist"
My Giant Sources.list
Re: Help with install Debian.. in VirtualBox
Could you, please, advice me your VB setting.
I used both debian-11.3.0-amd64-DVD-1.iso and debian-11.3.0-amd64-netinst.iso for installation and getting the same error:
After -> Choose the sw ti install: Debian desktop, SSH, standard system utilities
-> Installation step failed
Running Debian Pure Blend (GIS edition) with no problems.
I used both debian-11.3.0-amd64-DVD-1.iso and debian-11.3.0-amd64-netinst.iso for installation and getting the same error:
After -> Choose the sw ti install: Debian desktop, SSH, standard system utilities
-> Installation step failed
Running Debian Pure Blend (GIS edition) with no problems.
- Hallvor
- Global Moderator
- Posts: 2042
- Joined: 2009-04-16 18:35
- Location: Kristiansand, Norway
- Has thanked: 149 times
- Been thanked: 212 times
Re: Help with install Debian with security in mind.
Please start your own thread.
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD