Task harden.

To: debian-devel@lists.debian.org
Subject: Task harden.
From: Ola Lundqvist <opal@debian.org>
Date: Sun, 1 Apr 2001 22:26:08 +0200
Message-id: <[🔎] 20010401222607.A3570@diamond.opal.dhs.org>
Mail-followup-to: Ola Lundqvist <opal@debian.org>, debian-devel@lists.debian.org
Reply-to: opal@debian.org

Hi

I'm now packaging a task-harden package as I said in some other
thread. To make this work fine I need some help:
* What insecure versions of software that should be avoided.
  So upgrading this package can indicate if you have problems
  with a package. Yes this will create a _large_ conflicts line... :)
  Maybe I will split this to a separate package if it gets too
  complicated. But not yet...
* What packages should be avoided.
* What packages must be installed (security related).
* What packages should be installed.
* What packages can imprive security.

And now some questions (that can be dicussed).
* I intend to conflict with inetd. Do you think that is ok?
* I will recommend ssh but then this package have go to
  non-US, right? And will it work as a task package then?

This is the control file as it is right now.
***
Source: task-harden
Section: non-US/base
Priority: optional
Maintainer: Ola Lundqvist <opal@debian.org>
Build-Depends: debhelper (>> 3.0.0)
Standards-Version: 3.5.2

Package: task-harden
Architecture: any
Depends: 
Recommends: ssh
Suggests: sudo
Conflicts: telnetd, ftpd, talkd, fingerd
Description: Helps you make the host less easy to crack.
 This package is intended to help the administrator to improve
 the security for the system.
 .
 Some packages should never be installed if you need high security
 so this package conflicts with them.
 And some packages really improves the security of the system so
 it will depend, recommend or suggest them.
 .
 It will also conflict with versions that are known to be buggy to
 force the administrator to upgrade them (and not keep them on hold).
 To make this work I need help with this (send a mail to
 task-harden@packages.debian.org with that information).
***

This is of course just a beginning and I need suggestions to make
this work fine.

Regards,

// Ola

-- 
 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Björnkärrsgatan 5 A.11   \
|  opal@lysator.liu.se                 584 36 LINKÖPING         |
|  +46 (0)13-17 69 83                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------

Attachment: pgpOgVRpJwSDR.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Task harden.
  - From: Aaron Lehmann <aaronl@vitelus.com>
- Re: Task harden.
  - From: Dan Christensen <jdc@uwo.ca>
- Re: Task harden.
  - From: Thom May <thom@debian.org>
- Re: Task harden.
  - From: Ola Lundqvist <opal@debian.org>
- Re: Task harden.
  - From: Ethan Benson <erbenson@alaska.net>
- Re: Task harden.
  - From: "John H. Robinson, IV" <jhriv@ucsd.edu>

Prev by Date: Re: Installing nano-tiny in /bin [was Bug#92003]
Next by Date: Re: Preparing 2.2r3
Previous by thread: Re: A problem with Build-Depends
Next by thread: Re: Task harden.
Index(es):
- Date
- Thread