Re: Task harden.
On Sun, Apr 01, 2001 at 11:41:01PM +0100, Thom May wrote:
> Hey Ola,
> * Ola Lundqvist (opal@debian.org) wrote :
> > Hi
> >
> > I'm now packaging a task-harden package as I said in some other
> > thread. To make this work fine I need some help:
> <snip>
> > * What packages should be avoided.
> I'd have thought that most of the r* daemons should be avoided,
> and secure alternatives where they exist recommended instead.
Ok. My thought too.
> > * What packages must be installed (security related).
> I agree with aaronl that tripwire or some other IDS should be
> installed, and also that a statically linked root shell should
> be provided.
Anyone want to create a statically linked root shell?
> <some snippage>
> > And now some questions (that can be dicussed).
> > * I intend to conflict with inetd. Do you think that is ok?
> I think if you depend on tcpd - unless any one can think of
> any serious problems with that? - inetd shouldn't be a big hole.
> I may of course be wrong...
Well I'll think about it. The problem is probably the
default config for inetd... But if all packages are
conflicted that should not be a problem. :)
> > This is the control file as it is right now.
> > ***
> > Source: task-harden
> > Section: non-US/base
> > Priority: optional
> > Maintainer: Ola Lundqvist <opal@debian.org>
> Set the maintainer as debian-security@l.d.o, or something
> similar?
That is a point. I have thought of it too. But for now I'll
keep it. Until it is somehow stable.
> .
> This package will not make your system uncrackable, and it is
> not intended to do so. Making your system secure involves a
> lot more than just installing a task. You are recommended to
> read (some urls) as a start.
Thanks I'll add that part.
Regards,
// Ola
--
--------------------- Ola Lundqvist ---------------------------
/ opal@debian.org Björnkärrsgatan 5 A.11 \
| opal@lysator.liu.se 584 36 LINKÖPING |
| +46 (0)13-17 69 83 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
Reply to: