Re: OS Hardening
>>>>> "AS" == Andres Salomon <firstname.lastname@example.org> writes:
AS> Oh, I totally agree; this would have to be on a per-package
AS> basis, however. Hence, it would rely on each maintainers
AS> willingness to do so. For example, a chrooted bind (running as
AS> user nobody or something) would be nice, but the bind maintainer
AS> has refused (at least until bind 9.1 is released.. see bug
AS> #50013). A debconf option would be ideal here; the trick is to
AS> convince the maintainer to add it.
I was thinking more along the lines of install time profiles. Something
along the lines of how Manrake supposedly does it (never tried it,
probably should one of these days) where the user is given the choice of
selecting a security profile from a predefined set.
If it was done on a per-package basis, that would be nice too.
ssahmed AT pathcom DOT com