Re: Task harden.
On Sun, Apr 01, 2001 at 10:26:08PM +0200, Ola Lundqvist wrote:
> * What packages should be avoided.
> * What packages can imprive security.
bind, uw-imapd (not -ssl)
Conflicting with inetd would not be advisable, since the evil netbase
package depends on it for some reason. And lpr depends on netbase, so
you need inetd to print, even though lpr doesn't support it! (should I
file a bug on lpr?)
The package should reccomend (or force?) the installation of tripwire,
and a stand-alone, statically linked root shell.
> Source: task-harden
> Section: non-US/base
> Priority: optional
> Maintainer: Ola Lundqvist <opal@debian.org>
> Build-Depends: debhelper (>> 3.0.0)
> Standards-Version: 3.5.2
>
> Package: task-harden
> Architecture: any
> Depends:
> Recommends: ssh
> Suggests: sudo
> Conflicts: telnetd, ftpd, talkd, fingerd
> Description: Helps you make the host less easy to crack.
> This package is intended to help the administrator to improve
> the security for the system.
> .
> Some packages should never be installed if you need high security
> so this package conflicts with them.
> And some packages really improves the security of the system so
> it will depend, recommend or suggest them.
> .
> It will also conflict with versions that are known to be buggy to
> force the administrator to upgrade them (and not keep them on hold).
> To make this work I need help with this (send a mail to
> task-harden@packages.debian.org with that information).
> ***
>
> This is of course just a beginning and I need suggestions to make
> this work fine.
>
> Regards,
>
> // Ola
>
> --
> --------------------- Ola Lundqvist ---------------------------
> / opal@debian.org Björnkärrsgatan 5 A.11 \
> | opal@lysator.liu.se 584 36 LINKÖPING |
> | +46 (0)13-17 69 83 +46 (0)70-332 1551 |
> | http://www.opal.dhs.org UIN/icq: 4912500 |
> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
> ---------------------------------------------------------------
Reply to: