[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OS Hardening

On Tue, Dec 12, 2000 at 07:27:32PM -0500, S.Salman Ahmed wrote:
> >>>>> "AS" == Andres Salomon <dilinger@mp3revolution.net> writes:
>     AS> 
>     AS> The HOWTO, on the other hand, falls under the category of
>     AS> know-what-you're-doing-and-do-it-safely.  About the only things
>     AS> I can see being put into a script from that HOWTO is setting
>     AS> logfile permissions and using md5 with passwords.  Most of the
>     AS> rest of the HOWTO depends heavily on your needs, preferences,
>     AS> and configuration.
>     AS> 
> It would be _nice_, however, if the Debian installer/scripts could setup
> some of the things mentioned in the HOWTO at installation time or at
> least give the user the option to select some additional
> security-related tasks to be done.
> -- 
> Salman Ahmed
> ssahmed AT pathcom DOT com

Oh, I totally agree; this would have to be on a per-package basis,
however.  Hence, it would rely on each maintainers willingness
to do so.  For example, a chrooted bind (running as user nobody
or something) would be nice, but the bind maintainer has refused
(at least until bind 9.1 is released.. see bug #50013).  A debconf
option would be ideal here; the trick is to convince the maintainer
to add it.

> X-Disclaimer: I didn't do it, little green aliens wrote this email
^^ hehe :)

Reply to: