[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#81118: general: Harden?

On Mon, Aug 09, 2004 at 08:31:26PM +0100, Andrew Ferrier wrote:
> Followup-For: Bug #81118
> Package: general
> Version: N/A; reported 2004-08-09
> It looks to me like the original purpose of this bug is now mostly
> covered by the harden suite of packages; they are in a good position to
> conflict with things like telnet, provide advice on hardening during
> installation, etc. Perhaps this bug should be closed in light of that?
> Or maybe the original submitter would like harden more prominently
> advertised?

Actually the harden packages covers only part of what the original
submitter asked for since the user will not be able to install (and thus
activate) vulnerable network sevices. The Bastille package covers also some
of this, by disabling those network services and providing better (i.e. 
more secure) configurations in some cases. However, there is no documented
and standard process to harden a default installation and Bastille still 
does not cover everything that the "Securing Debian Manual" might suggest 
you to do. 

The current default installation still enables some unnecesary 
services (see #261906) and there is no firewall in the default installation 
(see #212692). Even though we've gone a long way from 2.2 (telnetd is no 
longer installed in most systems, neither is NFS+portmapper) I believe we 
still get to the point that an installation (either by default or by 
choosing) delivers a only-for-paranoids system like OpenBSD.



Attachment: signature.asc
Description: Digital signature

Reply to: