[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Trusted Debian

On Tue, 22 Apr 2003 21:08, Sebastian Zimmermann wrote:
> what is your opinion on the recently released Trusted Debian
> (http://www.trusteddebian.org/)? It is claimed that it is more secure
> than regular woody, however, there is no security team. I don't want to
> discuss security though, but whether or not an ISP should use it.

I am running an ISP on SE Linux with Brian May's back-port packages and it's 
going well.  In total I am running four SE Linux machines with full Internet 
access 24*7, they all perform well in every way.

The majority of security advisories are not a big deal to me as SE Linux 
policy prevents the programs in question from gaining the access needed to 
cause problems.  So often I don't have to upgrade in a hurry when a security 
advisory comes out, I can wait days or weeks to perform an orderly upgrade if 

I have run a SE Linux test machine at various times on which I give anonymous 
root access to the world and challenge people to try and crack it (but no-one 
has achieved anything since the 18th of June 2002).

All my SE Linux work is in progress of becoming part of Debian.  I have been 
packaging the LSM (Linux Security Modules) kernel patches that include SE 
Linux for almost two years.  The base SE Linux packages are in Debian, and I 
hope that by the time Sarge is released the distribution CDs will have enough 
packages to make SE Linux usable.

I think that my SE Debian work is making better progress than the Trusted 
Debian work.

RSBAC (which Trusted Debian relies on) is not in Debian.  I made an initial 
set of kernel patch packages which apparently no-one even bothered testing so 
I never uploaded them to Debian.  Because of this level of apparent 
dis-interest RSBAC is not in Debian and it seems that Trusted Debian will 
remain separate from Debian.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: