Your message dated Fri, 5 Sep 2008 00:58:48 +0200 with message-id <200809050058.56650.holger@layer-acht.org> and subject line security is a process, not a product has caused the Debian Bug report #81118, regarding High security base system (or separate add-on package) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 81118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=81118 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: base: Wishlist: High security base system (or separate add-on package)
- From: era eriksson <era@iki.fi>
- Date: Wed, 3 Jan 2001 10:15:43 +0200
- Message-id: <200101030815.f038Fhb02014@away.lingsoft.fi>
Package: base Version: 20010103 Severity: wishlist The stock base system comes with various "traditional security holes" enabled. It would be nice (and probably very constructive) to have a brief and simple procedure for how to reconfigure the system so as to run a reasonably tight ship. Off the top of my head, I can think of the following: * Disable telnet; go with ssh instead (but then which ssh?) * Recommend disabling any non-critical network services entirely * chroot and otherwise patch up everything that can't be turned off * Recommend replacing Sendmail with Postfix (or whatever)? * Recommend replacing regular ftp server with something more robust I was thinking of maybe collecting this in a "security" package but I'm not confident in my abilities to create such a package (I'm a dpkg novice) and anyway, I'm not sure if that is the right approach. (Yes, I'm considering an upgrade to 2.2r2) -- System Information Debian Release: 2.0 Kernel Version: Linux away 2.0.34 #1 Sun Feb 28 21:48:09 EET 1999 i586 unknown
--- End Message ---
--- Begin Message ---
- To: 81118-done@bugs.debian.org
- Subject: security is a process, not a product
- From: Holger Levsen <holger@layer-acht.org>
- Date: Fri, 5 Sep 2008 00:58:48 +0200
- Message-id: <200809050058.56650.holger@layer-acht.org>
Hi, even in etch I get: $ apt-cache search harden bastille - Security hardening tool harden - Makes your system hardened harden-clients - Avoid clients that are known to be insecure harden-development - Development tools for creating more secure programs harden-doc - Useful documentation to secure a Debian system harden-environment - Hardened system environment harden-nids - Harden a system by using a network intrusion detection system harden-remoteaudit - Audit your remote systems from this host harden-servers - Avoid servers that are known to be insecure harden-surveillance - Check services and/or servers automatically harden-tools - Tools to enhance or analyze the security of the local system mrb - Manage incremental data snapshots with make/rsync php4-suhosin - advanced protection module for php4 php5-suhosin - advanced protection module for php5 Also there is this selinux thingie. Thus closing this bug report. Also it's an illusion to create a secure system. Security is a process, not a product. regards, HolgerAttachment: pgpIzQX7uMMT8.pgp
Description: PGP signature
--- End Message ---