Re: Task harden.
Ola Lundqvist <opal@debian.org> writes:
> On Sun, Apr 01, 2001 at 06:17:53PM -0400, Dan Christensen wrote:
> > Ola Lundqvist <opal@debian.org> writes:
> >
> > > I'm now packaging a task-harden package as I said in some other
> > > thread.
> >
> > I think you're trying to do too much with one package. It won't
> > be flexible enough. For example, what if I absolutely need to
> Not flexible in what sense?
Conflicts are too strong.
> > have a certain insecure package installed, but I want my machine
> > to be as secure as possible subject to that constraint. I
> > wouldn't be able to use task-harden for this if it conflicts
> > with that package.
>
> No that is true. But this is a task-foo package and is just used
> to help you out. But to make this useful at all it has to
> conflict something.
>
> Well how du you suggest that I should do?
I suggest a script that provides warnings about packages that are
installed and which might be security problems. This should include
pointers to more information. This would be easy to write. Also, as
people come up with more ideas, more things could be checked by this
script. The package containing this script could drop something in
/etc/apt/apt.conf.d so that the script is run during every installation.
This is much more flexible than what you propose. I may want to make
use of your package, but might want to have telnetd installed with tcp
wrappers allowing access from just one local machine, or something
like that. Conflicts are too strong.
I want the advice and knowledge that a group of people compile
about the security of Debian and my machine. But I don't want
to be forced to accept their decisions.
Dan
--
Dan Christensen
jdc@uwo.ca
Reply to: