Re: Trusted Debian
On Tue, 22 Apr 2003 21:08, Sebastian Zimmermann wrote:
> what is your opinion on the recently released Trusted Debian
> (http://www.trusteddebian.org/)? It is claimed that it is more secure
> than regular woody, however, there is no security team. I don't want to
> discuss security though, but whether or not an ISP should use it.
I am running an ISP on SE Linux with Brian May's back-port packages and it's
going well. In total I am running four SE Linux machines with full Internet
access 24*7, they all perform well in every way.
The majority of security advisories are not a big deal to me as SE Linux
policy prevents the programs in question from gaining the access needed to
cause problems. So often I don't have to upgrade in a hurry when a security
advisory comes out, I can wait days or weeks to perform an orderly upgrade if
necessary.
I have run a SE Linux test machine at various times on which I give anonymous
root access to the world and challenge people to try and crack it (but no-one
has achieved anything since the 18th of June 2002).
All my SE Linux work is in progress of becoming part of Debian. I have been
packaging the LSM (Linux Security Modules) kernel patches that include SE
Linux for almost two years. The base SE Linux packages are in Debian, and I
hope that by the time Sarge is released the distribution CDs will have enough
packages to make SE Linux usable.
I think that my SE Debian work is making better progress than the Trusted
Debian work.
RSBAC (which Trusted Debian relies on) is not in Debian. I made an initial
set of kernel patch packages which apparently no-one even bothered testing so
I never uploaded them to Debian. Because of this level of apparent
dis-interest RSBAC is not in Debian and it seems that Trusted Debian will
remain separate from Debian.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to:
- References:
- Trusted Debian
- From: Sebastian Zimmermann <S.Zimmermann@tu-harburg.de>