Re: Task harden.

To: debian-devel@lists.debian.org
Cc: Ola Lundqvist <opal@debian.org>
Subject: Re: Task harden.
From: Ola Lundqvist <opal@debian.org>
Date: Mon, 2 Apr 2001 00:52:42 +0200
Message-id: <[🔎] 20010402005241.A14337@diamond.opal.dhs.org>
Mail-followup-to: Ola Lundqvist <opal@debian.org>, debian-devel@lists.debian.org
Reply-to: opal@debian.org
In-reply-to: <[🔎] 20010401234101.A11434@emancipation>; from thom@debian.org on Sun, Apr 01, 2001 at 11:41:01PM +0100
References: <[🔎] 20010401222607.A3570@diamond.opal.dhs.org> <[🔎] 20010401234101.A11434@emancipation>

On Sun, Apr 01, 2001 at 11:41:01PM +0100, Thom May wrote:
> Hey Ola,
> * Ola Lundqvist (opal@debian.org) wrote :
> > Hi
> > 
> > I'm now packaging a task-harden package as I said in some other
> > thread. To make this work fine I need some help:
> <snip>
> > * What packages should be avoided.
> I'd have thought that most of the r* daemons should be avoided,
> and secure alternatives where they exist recommended instead.
Ok. My thought too.

> > * What packages must be installed (security related).
> I agree with aaronl that tripwire or some other IDS should be
> installed, and also that a statically linked root shell should
> be provided.

Anyone want to create a statically linked root shell?

> <some snippage> 
> > And now some questions (that can be dicussed).
> > * I intend to conflict with inetd. Do you think that is ok?
> I think if you depend on tcpd - unless any one can think of
> any serious problems with that? - inetd shouldn't be a big hole.
> I may of course be wrong...

Well I'll think about it. The problem is probably the
default config for inetd... But if all packages are
conflicted that should not be a problem. :)
 
> > This is the control file as it is right now.
> > ***
> > Source: task-harden
> > Section: non-US/base
> > Priority: optional
> > Maintainer: Ola Lundqvist <opal@debian.org>
> Set the maintainer as debian-security@l.d.o, or something
> similar?

That is a point. I have thought of it too. But for now I'll
keep it. Until it is somehow stable.

>    .
>    This package will not make your system uncrackable, and it is
>    not intended to do so. Making your system secure involves a
>    lot more than just installing a task. You are recommended to
>    read (some urls) as a start.
Thanks I'll add that part.

Regards,

// Ola

-- 
 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Björnkärrsgatan 5 A.11   \
|  opal@lysator.liu.se                 584 36 LINKÖPING         |
|  +46 (0)13-17 69 83                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------

Reply to:

Follow-Ups:
- Re: Task harden.
  - From: Ethan Benson <erbenson@alaska.net>
- Re: Task harden.
  - From: Arthur Korn <arthur@korn.ch>

References:
- Task harden.
  - From: Ola Lundqvist <opal@debian.org>
- Re: Task harden.
  - From: Thom May <thom@debian.org>

Prev by Date: Re: Task harden.
Next by Date: Re: Task harden.
Previous by thread: Re: Task harden.
Next by thread: Re: Task harden.
Index(es):
- Date
- Thread