[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#81118: marked as done (High security base system (or separate add-on package))

Your message dated Fri, 5 Sep 2008 00:58:48 +0200
with message-id <200809050058.56650.holger@layer-acht.org>
and subject line security is a process, not a product
has caused the Debian Bug report #81118,
regarding High security base system (or separate add-on package)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

81118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=81118
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: base
Version: 20010103
Severity: wishlist

The stock base system comes with various "traditional security holes"
enabled. It would be nice (and probably very constructive) to have a
brief and simple procedure for how to reconfigure the system so as to
run a reasonably tight ship.

Off the top of my head, I can think of the following:

  * Disable telnet; go with ssh instead (but then which ssh?)

  * Recommend disabling any non-critical network services entirely

  * chroot and otherwise patch up everything that can't be turned off

  * Recommend replacing Sendmail with Postfix (or whatever)?

  * Recommend replacing regular ftp server with something more robust

I was thinking of maybe collecting this in a "security" package but
I'm not confident in my abilities to create such a package (I'm a dpkg
novice) and anyway, I'm not sure if that is the right approach.

(Yes, I'm considering an upgrade to 2.2r2)

-- System Information
Debian Release: 2.0
Kernel Version: Linux away 2.0.34 #1 Sun Feb 28 21:48:09 EET 1999 i586 unknown

--- End Message ---
--- Begin Message ---

even in etch I get:

$ apt-cache search harden
bastille - Security hardening tool
harden - Makes your system hardened
harden-clients - Avoid clients that are known to be insecure
harden-development - Development tools for creating more secure programs
harden-doc - Useful documentation to secure a Debian system
harden-environment - Hardened system environment
harden-nids - Harden a system by using a network intrusion detection system
harden-remoteaudit - Audit your remote systems from this host
harden-servers - Avoid servers that are known to be insecure
harden-surveillance - Check services and/or servers automatically
harden-tools - Tools to enhance or analyze the security of the local system
mrb - Manage incremental data snapshots with make/rsync
php4-suhosin - advanced protection module for php4
php5-suhosin - advanced protection module for php5

Also there is this selinux thingie.

Thus closing this bug report. 

Also it's an illusion to create a secure system. Security is a process, not a 


Attachment: pgpIzQX7uMMT8.pgp
Description: PGP signature

--- End Message ---

Reply to: