Hey Ola, * Ola Lundqvist (opal@debian.org) wrote : > Hi > > I'm now packaging a task-harden package as I said in some other > thread. To make this work fine I need some help: <snip> > * What packages should be avoided. I'd have thought that most of the r* daemons should be avoided, and secure alternatives where they exist recommended instead. > * What packages must be installed (security related). I agree with aaronl that tripwire or some other IDS should be installed, and also that a statically linked root shell should be provided. <some snippage> > And now some questions (that can be dicussed). > * I intend to conflict with inetd. Do you think that is ok? I think if you depend on tcpd - unless any one can think of any serious problems with that? - inetd shouldn't be a big hole. I may of course be wrong... > This is the control file as it is right now. > *** > Source: task-harden > Section: non-US/base > Priority: optional > Maintainer: Ola Lundqvist <opal@debian.org> Set the maintainer as debian-security@l.d.o, or something similar? > Build-Depends: debhelper (>> 3.0.0) > Standards-Version: 3.5.2 > ... > Description: Helps you make the host less easy to crack. > This package is intended to help the administrator to improve > the security for the system. > . > Some packages should never be installed if you need high security > so this package conflicts with them. > And some packages really improves the security of the system so > it will depend, recommend or suggest them. > . > It will also conflict with versions that are known to be buggy to > force the administrator to upgrade them (and not keep them on hold). > To make this work I need help with this (send a mail to > task-harden@packages.debian.org with that information). . This package will not make your system uncrackable, and it is not intended to do so. Making your system secure involves a lot more than just installing a task. You are recommended to read (some urls) as a start. > *** > This is of course just a beginning and I need suggestions to make > this work fine. > > Regards, > > // Ola > Cheers, -Thom
Attachment:
pgphsR0aIkOmu.pgp
Description: PGP signature