Re: OS Hardening
I believe he was talking about a hardening script, which would
imply some sort of automated script that removes setuid bits,
permissions, etc, throughout the filesystem. To this end, I agree
with Wichert; it's not needed in debian. Very few binaries are
setuid root, and permissions are generally well thought out,
and/or give you a choice (user home directories, for example,
and the new debconf question of whether to make them
The HOWTO, on the other hand, falls under the
category of know-what-you're-doing-and-do-it-safely. About
the only things I can see being put into a script from that
HOWTO is setting logfile permissions and using md5 with passwords.
Most of the rest of the HOWTO depends heavily on your needs,
preferences, and configuration.
On Tue, Dec 12, 2000 at 05:18:10PM -0500, Jeremy Gaddis wrote:
> And if you believe that, you're a fool.
> -----Original Message-----
> From: Wichert Akkerman [SMTP:email@example.com]
> Sent: Tuesday, December 12, 2000 11:52 AM
> To: Ory Segal
> Cc: firstname.lastname@example.org
> Subject: Re: OS Hardening
> Previously Ory Segal wrote:
> > Are there any Debian-Oriented security hardening scripts out there ?
> We don't need them :).
> / Nothing is fool-proof to a sufficiently talented fool \
> | email@example.com http://www.liacs.nl/~wichert/ |
> | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
"... being a Linux user is sort of like living in a house inhabited
by a large family of carpenters and architects. Every morning when
you wake up, the house is a little different. Maybe there is a new
turret, or some walls have moved. Or perhaps someone has temporarily
removed the floor under your bed." - Unix for Dummies, 2nd Edition
-- found in the .sig of Rob Riggs, firstname.lastname@example.org