Re: my thoughts on the Vancouver Prospectus
Wouter Verhelst <wouter@debian.org> writes:
[snip]
> A buildd host does not need much to work safely, so writing a security
> standard should be possible. How about a security standard like the
> following:
>
> * A buildd host must not have any port open, except for one SSH port
> (preferably port 22, but may be nonstandard).
> * It must run OpenSSH of at least version <version without security
> issues in stable> or <version without security issues in unstable>
> * It must run a kernel from the list of <list of kernel packages in all
> distributions that are safe>
> * It must not have PermitRootLogin enabled
> * It must not have PasswordAuthentication enabled
> * It must not have any tunneling enabled, except for scp
> * It must not have any enabled accounts except for root and the admin
> user(s)
> * ... possibly something more?
>
> Then DSA could set up a cronjob that would run every x days, check
> whether the requirements are being met, and would scream like hell if
> one of the hosts was insecure?
Even better - use cfengine to automagically check that the config files
were accurate. Plus, it would make a good example cfengine file for the
documentation package.
cheers, Rich.
--
rich walker | Shadow Robot Company | rw@shadow.org.uk
technical director 251 Liverpool Road |
need a Hand? London N1 1LX | +UK 20 7700 2487
www.shadow.org.uk/products/newhand.shtml
Reply to: