Bug#81118: base: Wishlist: High security base system (or separate add-on package)
On Wed, 3 Jan 2001 10:58:37 +0100, Michael Bramer <email@example.com>
> On Wed, Jan 03, 2001 at 10:15:43AM +0200, era eriksson wrote:
>> The stock base system comes with various "traditional security holes"
>> enabled. It would be nice (and probably very constructive) to have a
>> brief and simple procedure for how to reconfigure the system so as to
>> run a reasonably tight ship.
> apt-get remove telnetd
> apt-get remove NETWORK_PACKAGE
> I can deinstall all network packages without problems
> apt-get install postfix
> apt-get install MORE-ROBUST-FTP-SERVER
> apt-get is a nice package tool, use it. :-)
I'm not saying I can't figure out how to fix these problems; I'm
saying it would be nice if somebody would create a documented and
standard process for doing this, and preferably ship it as an option
with the base system.
Personally, I'm only vaguely security-conscious, so my first problem
is to figure out what more I need to do in order to have a system
which is not trivial to break into. I feel that this information
should be collected and maintained in a place and form where it's
extremely easy to find and use.
I think I like the idea of using one of the available runlevels for
this. Create another runlevel which doesn't start up anything except
the bare essential services for running and administering a "dumb"
server, and update the installation instructions to recommend that you
use this as the base system if you plan to connect your machine to the
Hope this can help clarify what I meant,
/* era */
.signature missing -- creating one on the fly. <http://www.iki.fi/era/>