Security through paranoia 2
I'd like to thanx everyone who replied (even those flames I
received directly, with no echo through the list...>/dev/null).
Well.. maybe a new port is too much. Maybe some
task-secure-system (or whatever), kernel-hardened and harden-XXX
XX packages are a better approach (as suggested by some people). What
we have to do is get this to work!!!
Some messages I received told me that some users already have
some of this "paranoid" tools tunned. Could we get this stuff together?
Maybe creating a sub-project or a workgroup to accomplish this? Is there
anything alike already running? If there is, how can I join these
As some users that replied me said: This kind of efford can help
Debian to stablish itself as a secure choice for corporations (and
paranoid users ;) ). Try to see the following scenario: You have to run
some secure project, envolving networks, for your corporation... What
OS would you choose: WinNT (argh!), Win2K (double argh!), Netware or
(I will not discuss the others)In the Linux case, what flavour?
Some choices would be RH/Bastille, selinux, trustix, and immunix. If
Debian were one of the flavours, what would be the advantages?
I answer this way: a distribution with a choice of been very
hardened (task-secure-system, maybe), harden suid tools
(harden-XXXXXX), hardened kernel and libraries, maybe even invisible...
But the best of all: updated automatically with an apt-get entry in the
This would make this project sysadmin's work very much easier. I
tell you: If I were that guy, and have this choice, I'd pickup Debian
for sure!!!! Won't you?
The better of this all: if I were just a regular user choosing
a linux distro, and if I had that same choice, I'd pickup Debian too.
Well... once more, let me know your opinion (reply me directly
or CC it to me, please). BTW, where is the right place to discuss these
issues? Am I right posting to debian-user and debian-devel?