[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#81118: base: Wishlist: High security base system (or separate add-on package)

On Wed, 3 Jan 2001 10:58:37 +0100, Michael Bramer <grisu@debian.org>
 > On Wed, Jan 03, 2001 at 10:15:43AM +0200, era eriksson wrote:
 >> The stock base system comes with various "traditional security holes"
 >> enabled. It would be nice (and probably very constructive) to have a
 >> brief and simple procedure for how to reconfigure the system so as to
 >> run a reasonably tight ship.
 > apt-get remove telnetd
 > apt-get remove NETWORK_PACKAGE 
 > I can deinstall all network packages without problems
 > 	apt-get install postfix
 > 	apt-get install MORE-ROBUST-FTP-SERVER
 > apt-get is a nice package tool, use it. :-)

I'm not saying I can't figure out how to fix these problems; I'm
saying it would be nice if somebody would create a documented and
standard process for doing this, and preferably ship it as an option
with the base system.

Personally, I'm only vaguely security-conscious, so my first problem
is to figure out what more I need to do in order to have a system
which is not trivial to break into. I feel that this information
should be collected and maintained in a place and form where it's
extremely easy to find and use.

I think I like the idea of using one of the available runlevels for
this. Create another runlevel which doesn't start up anything except
the bare essential services for running and administering a "dumb"
server, and update the installation instructions to recommend that you
use this as the base system if you plan to connect your machine to the

Hope this can help clarify what I meant,

/* era */

.signature missing -- creating one on the fly. <http://www.iki.fi/era/>

Reply to: