On Mon, Aug 09, 2004 at 08:31:26PM +0100, Andrew Ferrier wrote: > Followup-For: Bug #81118 > Package: general > Version: N/A; reported 2004-08-09 > > It looks to me like the original purpose of this bug is now mostly > covered by the harden suite of packages; they are in a good position to > conflict with things like telnet, provide advice on hardening during > installation, etc. Perhaps this bug should be closed in light of that? > Or maybe the original submitter would like harden more prominently > advertised? Actually the harden packages covers only part of what the original submitter asked for since the user will not be able to install (and thus activate) vulnerable network sevices. The Bastille package covers also some of this, by disabling those network services and providing better (i.e. more secure) configurations in some cases. However, there is no documented and standard process to harden a default installation and Bastille still does not cover everything that the "Securing Debian Manual" might suggest you to do. The current default installation still enables some unnecesary services (see #261906) and there is no firewall in the default installation (see #212692). Even though we've gone a long way from 2.2 (telnetd is no longer installed in most systems, neither is NFS+portmapper) I believe we still get to the point that an installation (either by default or by choosing) delivers a only-for-paranoids system like OpenBSD. Regards Javier
Attachment:
signature.asc
Description: Digital signature