Re: Trusted Debian

To: Sebastian Zimmermann <S.Zimmermann@tu-harburg.de>, debian-isp <debian-isp@lists.debian.org>
Subject: Re: Trusted Debian
From: Russell Coker <russell@coker.com.au>
Date: Tue, 22 Apr 2003 22:44:53 +1000
Message-id: <[🔎] 200304222244.53200.russell@coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 1051009701.8520.46.camel@antares.et6.tu-harburg.de>
References: <[🔎] 1051009701.8520.46.camel@antares.et6.tu-harburg.de>

On Tue, 22 Apr 2003 21:08, Sebastian Zimmermann wrote:
> what is your opinion on the recently released Trusted Debian
> (http://www.trusteddebian.org/)? It is claimed that it is more secure
> than regular woody, however, there is no security team. I don't want to
> discuss security though, but whether or not an ISP should use it.

I am running an ISP on SE Linux with Brian May's back-port packages and it's 
going well.  In total I am running four SE Linux machines with full Internet 
access 24*7, they all perform well in every way.

The majority of security advisories are not a big deal to me as SE Linux 
policy prevents the programs in question from gaining the access needed to 
cause problems.  So often I don't have to upgrade in a hurry when a security 
advisory comes out, I can wait days or weeks to perform an orderly upgrade if 
necessary.

I have run a SE Linux test machine at various times on which I give anonymous 
root access to the world and challenge people to try and crack it (but no-one 
has achieved anything since the 18th of June 2002).

All my SE Linux work is in progress of becoming part of Debian.  I have been 
packaging the LSM (Linux Security Modules) kernel patches that include SE 
Linux for almost two years.  The base SE Linux packages are in Debian, and I 
hope that by the time Sarge is released the distribution CDs will have enough 
packages to make SE Linux usable.

I think that my SE Debian work is making better progress than the Trusted 
Debian work.

RSBAC (which Trusted Debian relies on) is not in Debian.  I made an initial 
set of kernel patch packages which apparently no-one even bothered testing so 
I never uploaded them to Debian.  Because of this level of apparent 
dis-interest RSBAC is not in Debian and it seems that Trusted Debian will 
remain separate from Debian.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

References:
- Trusted Debian
  - From: Sebastian Zimmermann <S.Zimmermann@tu-harburg.de>

Prev by Date: Re: Authenticate when SSL is activeted only?
Next by Date: linux-igd
Previous by thread: Trusted Debian
Next by thread: Re: Trusted Debian
Index(es):
- Date
- Thread