Bug#81118: general: Harden?
On 2004-08-26 at 13:17 +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
> On Mon, Aug 09, 2004 at 08:31:26PM +0100, Andrew Ferrier wrote:
> > Followup-For: Bug #81118
> > Package: general
> > Version: N/A; reported 2004-08-09
> >
> > It looks to me like the original purpose of this bug is now mostly
> > covered by the harden suite of packages; they are in a good position to
> > conflict with things like telnet, provide advice on hardening during
> > installation, etc. Perhaps this bug should be closed in light of that?
> > Or maybe the original submitter would like harden more prominently
> > advertised?
>
> Actually the harden packages covers only part of what the original
> submitter asked for since the user will not be able to install (and thus
> activate) vulnerable network sevices. The Bastille package covers also some
> of this, by disabling those network services and providing better (i.e.
> more secure) configurations in some cases. However, there is no documented
> and standard process to harden a default installation and Bastille still
> does not cover everything that the "Securing Debian Manual" might suggest
> you to do.
>
> The current default installation still enables some unnecesary
> services (see #261906) and there is no firewall in the default installation
> (see #212692). Even though we've gone a long way from 2.2 (telnetd is no
> longer installed in most systems, neither is NFS+portmapper) I believe we
> still get to the point that an installation (either by default or by
> choosing) delivers a only-for-paranoids system like OpenBSD.
OK, fair enough. Was trying to help clear up some old bug reports. Seems
like Debian is getting there with this bug though!
Cheers,
Andrew.
--
Andrew Ferrier
email: andrew@new-destiny.co.uk
Reply to: