[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: harden-debian script?

On Wed, Oct 25, 2000 at 01:00:36PM -0700, Scott Bronson wrote:
> Is there such a thing as a harden-debian script?  This would run
> through the file system and change file owers and permissions to
> make the machine quite unfriendly and really secure, rather than
> the very friendly and mostly secure system that we use every day.
> I remember seeing this idea in SuSE 6.2, and liking it.  Post-
> install, what more should I do to harden my machine?

Does really being unfriendly mean being secure? Is removing world read
permissions from config files a fix for misconfigured services?
If something is configured right, then why not show the configuration to the
Debian already has right permissions for files containing sensitive data
(e.g. /etc/shadow).

IMHO security by obscurity isn't a right thing.

Or isn't it what the SuSE's script does?


+--------------------------------+ The reason we come up with new versions
|Marcin Owsiany                  | is not to fix bugs. It's the stupidest
|porridge@pandora.info.bielsko.pl| reason to buy a new version
+--------------------------------+ I ever heard.            - Bill Gates

Reply to: