Two more things I remember: 1) IMHO, services/daemons (e.g. apache, ejabberd, etc.) that listen per default on the network (unless loopback only) shouldn't be started per default, after being installed. The usually come only with a default config which may not be hardened enough for the local system, and that short time may already be enough for an attacker to attack. Or default config may be simply pointless for the environment, and starting the service per default is just annoying. It shouldn't be to hard for an admin to configure the appropriate runlevels when he thinks he's finished with configuration. One could handle this different for local only services/daemons. E.g. when I install haveged, I usually want it... and there shouldn't be a security impact when it immediately runs after being installed. 2) No more packages that bypass the package management system and secure apt: a) There are still several (typically non-free) packages which download stuff from the web, install or at least un-tar it somwhere without checking any integrity information that would be hardcoded in that package. b) Another problem are IMHO plugins like Firefox extensions, kinda bypassing APT. I think at least those that are installed via a package, shouldn't be upgradable/overwritable anymore with online versions. Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature