Re: harden-debian script?
I take it you don't wear your seatbelt then? If your car is
properly configured and you drive it correctly, then the
seatbelt is just a needless discomfort.
If ALL I did was remove read permissions from the config files,
that would be security through obscurity. Since I'm using this
as one step in a larger security plan, it is called prudence.
- Scott
> On Wed, Oct 25, 2000 at 01:00:36PM -0700, Scott Bronson wrote:
> > Is there such a thing as a harden-debian script? This would run
> > through the file system and change file owers and permissions to
> > make the machine quite unfriendly and really secure, rather than
> > the very friendly and mostly secure system that we use every day.
> >
> > I remember seeing this idea in SuSE 6.2, and liking it. Post-
> > install, what more should I do to harden my machine?
>
> Does really being unfriendly mean being secure? Is removing world read
> permissions from config files a fix for misconfigured services?
> If something is configured right, then why not show the configuration to the
> users?
> Debian already has right permissions for files containing sensitive data
> (e.g. /etc/shadow).
>
> IMHO security by obscurity isn't a right thing.
>
> Or isn't it what the SuSE's script does?
>
> regards
>
> Marcin
> --
> +--------------------------------+ The reason we come up with new versions
> |Marcin Owsiany | is not to fix bugs. It's the stupidest
> |porridge@pandora.info.bielsko.pl| reason to buy a new version
> +--------------------------------+ I ever heard. - Bill Gates
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: