Dépots GNU/Linux Debian en HTTPS

By miglayeul, Monday, February 3 2020. Permalink

Lors d'une intervention sur un serveur dans un pays un peu rock'n roll, j'ai remarqué que les mises à jour échouaient systématiquement. La raison : le FAI avait installé un routeur qui "embarquait" (balise "embed") tout les sites http et ajoutait un crypto-mineur au passage. Sympa.

Évidement les mises à jour Debian en http foiraient systématiquement... La FAI a vu disparaître sa passerelle, partie pour expertise. Et il s'est pris une porte quand il a voulu venir voir, ne voyant plus en ligne sa passerelle. Au final déménageant quelques mois plus tard, le FAI n'a pas été repris.

La solution trouvée pour se prémunir de cela ? Passer en HTTPS les sources apt de GNU Linux/Debian. Pas de risque de corruption des paquets en eux même, ceux-ci sont déjà contrôlés (signature OpenPGP des paquets)

Commencez par installer le mode transport https pour apt (ce qui ne semble plus nécessaire à partir de Buster).

# apt update && apt install apt-transport-https ca-certificates

Pour GNU Linux/Debian Buster, modifiez /etc/apt/sources.conf avec vi ou emacs ;) pour y mettre :

deb https://deb.debian.org/debian buster main contrib non-free
deb https://deb.debian.org/debian buster-updates main contrib non-free
# security updates
deb https://deb.debian.org/debian-security buster/updates main contrib non-free
# deb https://deb.debian.org/debian buster-backports main contrib non-free
# Si vous avez un serveur Dell, pour OpenManage
# deb https://linux.dell.com/repo/community/ubuntu jessie openmanage

Ensuite vous pouvez lancer les mises à jour :

# apt-get update && apt-get dist-upgrade && apt-get autoremove && apt-get clean

Pour GNU Linux/Debian Stretch, modifiez /etc/apt/sources.conf avec vi ou emacs ;) pour y mettre :

deb https://deb.debian.org/debian stretch main contrib non-free
deb https://deb.debian.org/debian stretch-updates main contrib non-free
# security updates
deb https://deb.debian.org/debian-security stretch/updates main contrib non-free
# deb https://deb.debian.org/debian stretch-backports main contrib non-free
deb https://linux.dell.com/repo/community/ubuntu jessie openmanage

Ensuite vous pouvez lancer les mises à jour :

# apt-get update && apt-get dist-upgrade && apt-get autoremove && apt-get clean

Cela peut passer pour overkill, mais le HTTPS permet d'empêcher facilement la modification des flux (et cela règle donc mon soucis initial) et de protéger un peu ce que l'on fait avec son serveur.

64 reactions

This post's comments feed

1 From Fuck - 09/04/2024, 03:08

Porn site
2 From Sex - 09/04/2024, 04:30

Porn site
3 From Fuck - 09/04/2024, 18:36

Pornstar
4 From Buy Drugs - 10/04/2024, 06:16

Porn
5 From Phishing - 10/04/2024, 09:49

Buy Drugs
6 From Scam - 10/04/2024, 11:42

Scam
7 From Fuck - 10/04/2024, 13:36

Porn site
8 From Shit - 10/04/2024, 13:45

Porn site
9 From Phishing - 10/04/2024, 15:35

Scam
10 From Buy Drugs - 10/04/2024, 20:53

Sex
11 From Scam - 10/04/2024, 23:36

Buy Drugs
12 From Fuck - 10/04/2024, 23:51

Porn
13 From Buy Drugs - 11/04/2024, 06:00

Buy Drugs
14 From Porn - 11/04/2024, 06:10

Porn site
15 From Buy Drugs - 11/04/2024, 08:39

Sex
16 From Scam - 11/04/2024, 11:19

Porn site
17 From Porn - 11/04/2024, 14:07

Porn site
18 From Fuck - 11/04/2024, 16:41

Sex
19 From Shit - 11/04/2024, 16:56

Sex
20 From Phishing - 11/04/2024, 21:08

Porn site
21 From Buy Drugs - 11/04/2024, 23:49

Scam
22 From Nigger - 12/04/2024, 00:03

Porn
23 From Buy Drugs - 12/04/2024, 02:40

Porn
24 From Buy Drugs - 12/04/2024, 05:17

Porn
25 From Porn - 12/04/2024, 05:26

Buy Drugs
26 From Sex - 12/04/2024, 07:36

Buy Drugs
27 From Scam - 12/04/2024, 07:49

Porn
28 From Drugs - 15/04/2024, 00:15

Buy Drugs
29 From Scam - 15/04/2024, 10:07

Buy Drugs
30 From Phishing - 15/04/2024, 10:22

Porn site
31 From Sex - 15/04/2024, 17:25

Pornstar
32 From squirt - 26/04/2024, 19:02

Keep this going please, great job!
33 From Jame Salomon - 27/04/2024, 06:29

Đừng ngần ngại tham gia và khám phá sự hấp dẫn tại yo88.com ngay hôm nay!
34 From video porno - 27/04/2024, 07:04

Hi there, I desire to subscribe for this webpage to get newest updates, thus
where can i do it please assist.
35 From 강남출장섹스마사지 - 28/04/2024, 09:20

<a href="https://kakaotaxi.dasgno.com/여성...">대전호박나이트</a></br>
36 From Buy Drugs - 02/05/2024, 13:38

Pornstar
37 From Sex - 02/05/2024, 15:23

Porn site
38 From Fuck - 02/05/2024, 15:30

Porn site
39 From Shit - 02/05/2024, 19:38

Porn site
40 From Nigger - 02/05/2024, 20:07

Sex
41 From free porn - 02/05/2024, 22:04

Hello, Neat post. There is an issue together with your site in internet explorer, could test this?
IE nonetheless is the marketplace leader and a big section of other people will pass over your
magnificent writing because of this problem.
42 From Nigger - 03/05/2024, 07:25

Porn
43 From Phishing - 03/05/2024, 07:25

Scam
44 From Scam - 03/05/2024, 07:31

Porn
45 From Porn - 03/05/2024, 07:49

Buy Drugs
46 From Phishing - 03/05/2024, 11:28

Pornstar
47 From Sex - 03/05/2024, 11:36

Sex
48 From Scam - 03/05/2024, 11:57

Scam
49 From Nigger - 03/05/2024, 12:04

Pornstar
50 From Nigger - 03/05/2024, 13:03

Porn site
51 From Phishing - 03/05/2024, 13:11

Porn site
52 From Nigger - 03/05/2024, 13:25

Sex
53 From Nigger - 03/05/2024, 14:15

Pornstar
54 From Shit - 03/05/2024, 14:25

Porn site
55 From Shit - 03/05/2024, 16:29

Sex
56 From Shit - 03/05/2024, 16:37

Pornstar
57 From Nigger - 03/05/2024, 18:04

Porn
58 From Nigger - 03/05/2024, 18:11

Buy Drugs
59 From Phishing - 03/05/2024, 19:47

Buy Drugs
60 From Sex - 03/05/2024, 21:32

Porn
61 From Buy Drugs - 03/05/2024, 21:41

Sex
62 From Porn - 04/05/2024, 08:03

Sex
63 From Sex - 04/05/2024, 11:14

Porn site
64 From Buy Drugs - 04/05/2024, 11:21

Porn site

Add ping

Trackback URL : https://blog.crasse.fr/index.php?trackback/6

64 reactions

Add a comment

Add ping