RFC: A security-base package for Debian
- To: firstname.lastname@example.org
- Cc: Martin Schulze <email@example.com>, Brent Fulgham <firstname.lastname@example.org>, Hamish Moffatt <email@example.com>, "Gregory T . Norris" <firstname.lastname@example.org>, Peter Tobias <email@example.com>, firstname.lastname@example.org
- Subject: RFC: A security-base package for Debian
- From: Christian Hammers <email@example.com>
- Date: Wed, 14 Jul 1999 09:08:01 +0200
- Message-id: <[🔎] 19990714090801.A24204@genesis.westend.com>
- Mail-followup-to: firstname.lastname@example.org, Martin Schulze <email@example.com>, Brent Fulgham <firstname.lastname@example.org>, Hamish Moffatt <email@example.com>, "Gregory T . Norris" <firstname.lastname@example.org>, Peter Tobias <email@example.com>, firstname.lastname@example.org
- In-reply-to: <19990713195528.H13746@finlandia.infodrom.north.de>; from Martin Schulze on Tue, Jul 13, 1999 at 07:55:29PM +0200
- References: <21D757CECBD2D211AD5D00105A2974A7409355@EXCHANGE> <19990713195528.H13746@finlandia.infodrom.north.de>
[I take this discussion over to the devel-l for a broader audience]
After taking over the packaging of the snort portscan detector I
discussed with some other maintainers about a creation of a Debian
security-base package that should be a package with the following
1. Includes many network security related documents, all in some
categories and maybe converted to text and/or html (we must see) and
some short description to read them in a convinient way.
2. The package has dependencies to all security related programs like
port scan detectors, fakebo, tcpdump, nmap etc pp.
3. It will (maybe later) contain some scripts that check the security
of the localhost. No intent to replace SATAN-like tools but simply
telling the user: hey fingerd is not really needed....
BTW: I cc'd this post to the debian-firewall-l. Maybe we should diskuss
there further ?
On Tue, Jul 13, 1999 at 07:55:29PM +0200, Martin Schulze wrote:
> Brent Fulgham wrote:
> > I agree with Hamish, that a dummy package would be preferable to
> > encasing several existing packages in a new package.
> > I wonder if there would be any benefit to creating a script that
> > could evaluate a user's settings for security problems. We
> > all know that many newbie Linux users have all kinds of system
> > services running that they have no intention of every using.
> > For example, someone on a dialup ISP may have a running FTP
> > server, NFS server, etc. These things are not useful if you
> > do not have a local network of some kind, and provide access
> > points for an attacker.
> > I think it might be useful to include some Security HOW-TO type
> > information in the package as part of the documentation.
> That would be appreciated, maybe combined with some more security
> related papers from the internet so the admin who has this package
> installed is able to learn about security without searching the
> net for things he don't even know about.
Christian Hammers WESTEND GmbH Tel 0241/701333-0
email@example.com DPN Verbund-Partner Aachen u. Dueren Fax 0241/911879