[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: harden-debian script?

I take it you don't wear your seatbelt then?  If your car is
properly configured and you drive it correctly, then the
seatbelt is just a needless discomfort.  

If ALL I did was remove read permissions from the config files,
that would be security through obscurity.  Since I'm using this
as one step in a larger security plan, it is called prudence.

        - Scott

> On Wed, Oct 25, 2000 at 01:00:36PM -0700, Scott Bronson wrote:
> > Is there such a thing as a harden-debian script?  This would run
> > through the file system and change file owers and permissions to
> > make the machine quite unfriendly and really secure, rather than
> > the very friendly and mostly secure system that we use every day.
> > 
> > I remember seeing this idea in SuSE 6.2, and liking it.  Post-
> > install, what more should I do to harden my machine?
> Does really being unfriendly mean being secure? Is removing world read
> permissions from config files a fix for misconfigured services?
> If something is configured right, then why not show the configuration to the
> users?
> Debian already has right permissions for files containing sensitive data
> (e.g. /etc/shadow).
> IMHO security by obscurity isn't a right thing.
> Or isn't it what the SuSE's script does?
> regards
> Marcin
> -- 
> +--------------------------------+ The reason we come up with new versions
> |Marcin Owsiany                  | is not to fix bugs. It's the stupidest
> |porridge@pandora.info.bielsko.pl| reason to buy a new version
> +--------------------------------+ I ever heard.            - Bill Gates
> --  
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: