Bug#81118: base: Wishlist: High security base system (or separate add-on package)

To: submit@bugs.debian.org
Subject: Bug#81118: base: Wishlist: High security base system (or separate add-on package)
From: era eriksson <era@iki.fi>
Date: Wed, 3 Jan 2001 10:15:43 +0200
Message-id: <200101030815.f038Fhb02014@away.lingsoft.fi>
Reply-to: era eriksson <era@iki.fi>, 81118@bugs.debian.org

Package: base
Version: 20010103
Severity: wishlist

The stock base system comes with various "traditional security holes"
enabled. It would be nice (and probably very constructive) to have a
brief and simple procedure for how to reconfigure the system so as to
run a reasonably tight ship.

Off the top of my head, I can think of the following:

  * Disable telnet; go with ssh instead (but then which ssh?)

  * Recommend disabling any non-critical network services entirely

  * chroot and otherwise patch up everything that can't be turned off

  * Recommend replacing Sendmail with Postfix (or whatever)?

  * Recommend replacing regular ftp server with something more robust

I was thinking of maybe collecting this in a "security" package but
I'm not confident in my abilities to create such a package (I'm a dpkg
novice) and anyway, I'm not sure if that is the right approach.

(Yes, I'm considering an upgrade to 2.2r2)

-- System Information
Debian Release: 2.0
Kernel Version: Linux away 2.0.34 #1 Sun Feb 28 21:48:09 EET 1999 i586 unknown

Reply to:

Follow-Ups:
- Bug#81118: base: Wishlist: High security base system (or separate add-on package)
  - From: Michael Bramer <grisu@debian.org>

Prev by Date: Re: disposition of boot-floppies in woody
Next by Date: boot-floppies on Toshiba Tecra 8100
Previous by thread: Re: disposition of boot-floppies in woody
Next by thread: Bug#81118: base: Wishlist: High security base system (or separate add-on package)
Index(es):
- Date
- Thread