Bug#81118: base: Wishlist: High security base system (or separate add-on package)
The stock base system comes with various "traditional security holes"
enabled. It would be nice (and probably very constructive) to have a
brief and simple procedure for how to reconfigure the system so as to
run a reasonably tight ship.
Off the top of my head, I can think of the following:
* Disable telnet; go with ssh instead (but then which ssh?)
* Recommend disabling any non-critical network services entirely
* chroot and otherwise patch up everything that can't be turned off
* Recommend replacing Sendmail with Postfix (or whatever)?
* Recommend replacing regular ftp server with something more robust
I was thinking of maybe collecting this in a "security" package but
I'm not confident in my abilities to create such a package (I'm a dpkg
novice) and anyway, I'm not sure if that is the right approach.
(Yes, I'm considering an upgrade to 2.2r2)
-- System Information
Debian Release: 2.0
Kernel Version: Linux away 2.0.34 #1 Sun Feb 28 21:48:09 EET 1999 i586 unknown