[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#81118: base: Wishlist: High security base system (or separate add-on package)

On Wed, Jan 03, 2001 at 10:15:43AM +0200, era eriksson wrote:
> Package: base
> Version: 20010103
> Severity: wishlist
> The stock base system comes with various "traditional security holes"
> enabled. It would be nice (and probably very constructive) to have a
> brief and simple procedure for how to reconfigure the system so as to
> run a reasonably tight ship.
> Off the top of my head, I can think of the following:
>   * Disable telnet; go with ssh instead (but then which ssh?)

apt-get remove telnetd
>   * Recommend disabling any non-critical network services entirely

apt-get remove NETWORK_PACKAGE 
(rwhod, rsh-server, ...)
If you don't know the package name, use: 
	dpkg -S /usr/sbin/server
>   * chroot and otherwise patch up everything that can't be turned off

I can deinstall all network packages without problems
>   * Recommend replacing Sendmail with Postfix (or whatever)?

IMHO sendmail is not the default mail server. It is exim. But only
	apt-get install postfix
and you have postfix on your system...

>   * Recommend replacing regular ftp server with something more robust

	apt-get install MORE-ROBUST-FTP-SERVER
and you get it..

apt-get is a nice package tool, use it. :-)

Michael Bramer  -  a Debian Linux Developer http://www.debian.org
PGP: finger grisu@db.debian.org  -- Linux Sysadmin   -- Use Debian Linux
"Verwende Perl. Shell will man koennen, dann aber nicht verwenden."
                                Kristian Koehntopp, de.comp.os.unix.misc

Attachment: pgpkPKSGvKa3l.pgp
Description: PGP signature

Reply to: