On Mon, Dec 30, 2002 at 08:09:36PM +0000, Steve Kemp wrote: > > While I think a bastille like hardening system is a good thing I do > want to be clear on what I'm suggesting. I wasn't of course. Suggesting this for 'checksecurity' either. I was just stating what 'msec' does for Mandrake. Which is a mixed behaviour of what Tiger+Bastille does for Debian users ATM. > I'm _not_ talking about adding a 100% fully comprehensive fully tweakable > system of tightening and reporting on every single potential flaw or > compromise into the base system. (There are packages present for that, > tripwire, snort, tiger, etc). You forgot bastille. > > I'm simply trying to work out a good collection of generic, and tweakable > lightweight checks which can be safely included in the base install. > Of course, this is my same idea. > (This means that several desirable features like testing for security > updates may well be present, but have to be disabled by default - modulo > debconf question I guess. It has to be this way because such a test > requires 'net access and we don't know that the user had it). > > I'm very interested at looking at existing systems, as I hope I've > demonstrated - but I don't want to go down the road of adding a > huge behemoth of a system in place of the small, misnamed, checksecurity > script. Neither do I. Even more when we already have it in Debian. The 'behemoth' equivalent is bastille+tiger+snort+aide|tripwire|samhain|integrit+selinux+.... Regards Javi
Attachment:
pgpCFokycUzJN.pgp
Description: PGP signature