[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#81118: base: Wishlist: High security base system (or separate add-on package)

Package: base
Version: 20010103
Severity: wishlist

The stock base system comes with various "traditional security holes"
enabled. It would be nice (and probably very constructive) to have a
brief and simple procedure for how to reconfigure the system so as to
run a reasonably tight ship.

Off the top of my head, I can think of the following:

  * Disable telnet; go with ssh instead (but then which ssh?)

  * Recommend disabling any non-critical network services entirely

  * chroot and otherwise patch up everything that can't be turned off

  * Recommend replacing Sendmail with Postfix (or whatever)?

  * Recommend replacing regular ftp server with something more robust

I was thinking of maybe collecting this in a "security" package but
I'm not confident in my abilities to create such a package (I'm a dpkg
novice) and anyway, I'm not sure if that is the right approach.

(Yes, I'm considering an upgrade to 2.2r2)

-- System Information
Debian Release: 2.0
Kernel Version: Linux away 2.0.34 #1 Sun Feb 28 21:48:09 EET 1999 i586 unknown

Reply to: