Re: OS Hardening
On Tue, Dec 12, 2000 at 07:27:32PM -0500, S.Salman Ahmed wrote:
> >>>>> "AS" == Andres Salomon <email@example.com> writes:
> AS> The HOWTO, on the other hand, falls under the category of
> AS> know-what-you're-doing-and-do-it-safely. About the only things
> AS> I can see being put into a script from that HOWTO is setting
> AS> logfile permissions and using md5 with passwords. Most of the
> AS> rest of the HOWTO depends heavily on your needs, preferences,
> AS> and configuration.
> It would be _nice_, however, if the Debian installer/scripts could setup
> some of the things mentioned in the HOWTO at installation time or at
> least give the user the option to select some additional
> security-related tasks to be done.
> Salman Ahmed
> ssahmed AT pathcom DOT com
Oh, I totally agree; this would have to be on a per-package basis,
however. Hence, it would rely on each maintainers willingness
to do so. For example, a chrooted bind (running as user nobody
or something) would be nice, but the bind maintainer has refused
(at least until bind 9.1 is released.. see bug #50013). A debconf
option would be ideal here; the trick is to convince the maintainer
to add it.
> X-Disclaimer: I didn't do it, little green aliens wrote this email
^^ hehe :)