Re: Task harden.

To: Ola Lundqvist <opal@debian.org>, debian-devel@lists.debian.org
Subject: Re: Task harden.
From: Thom May <thom@debian.org>
Date: Sun, 1 Apr 2001 23:41:01 +0100
Message-id: <[🔎] 20010401234101.A11434@emancipation>
Mail-followup-to: Ola Lundqvist <opal@debian.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20010401222607.A3570@diamond.opal.dhs.org>; from opal@debian.org on Sun, Apr 01, 2001 at 10:26:08PM +0200
References: <[🔎] 20010401222607.A3570@diamond.opal.dhs.org>

Hey Ola,
* Ola Lundqvist (opal@debian.org) wrote :
> Hi
> 
> I'm now packaging a task-harden package as I said in some other
> thread. To make this work fine I need some help:
<snip>
> * What packages should be avoided.
I'd have thought that most of the r* daemons should be avoided,
and secure alternatives where they exist recommended instead.
> * What packages must be installed (security related).
I agree with aaronl that tripwire or some other IDS should be
installed, and also that a statically linked root shell should
be provided.

<some snippage> 
> And now some questions (that can be dicussed).
> * I intend to conflict with inetd. Do you think that is ok?
I think if you depend on tcpd - unless any one can think of
any serious problems with that? - inetd shouldn't be a big hole.
I may of course be wrong...

> This is the control file as it is right now.
> ***
> Source: task-harden
> Section: non-US/base
> Priority: optional
> Maintainer: Ola Lundqvist <opal@debian.org>
Set the maintainer as debian-security@l.d.o, or something
similar?
> Build-Depends: debhelper (>> 3.0.0)
> Standards-Version: 3.5.2
> 
...
> Description: Helps you make the host less easy to crack.
>  This package is intended to help the administrator to improve
>  the security for the system.
>  .
>  Some packages should never be installed if you need high security
>  so this package conflicts with them.
>  And some packages really improves the security of the system so
>  it will depend, recommend or suggest them.
>  .
>  It will also conflict with versions that are known to be buggy to
>  force the administrator to upgrade them (and not keep them on hold).
>  To make this work I need help with this (send a mail to
>  task-harden@packages.debian.org with that information).
   .
   This package will not make your system uncrackable, and it is
   not intended to do so. Making your system secure involves a
   lot more than just installing a task. You are recommended to
   read (some urls) as a start.
> ***

> This is of course just a beginning and I need suggestions to make
> this work fine.
> 
> Regards,
> 
> // Ola
> 
Cheers,
-Thom

Attachment: pgphsR0aIkOmu.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Task harden.
  - From: Ola Lundqvist <opal@debian.org>

References:
- Task harden.
  - From: Ola Lundqvist <opal@debian.org>

Prev by Date: Re: Task harden.
Next by Date: Re: Task harden.
Previous by thread: Re: Global secure install requested flag(Re: Task harden.)
Next by thread: Re: Task harden.
Index(es):
- Date
- Thread