Re: OS Hardening

[S.Salman Ahmed <ssahmed@pathcom.com>]

>>>>> "AS" == Andres Salomon <dilinger@mp3revolution.net> writes:
    AS>  Oh, I totally agree; this would have to be on a per-package
    AS> basis, however.  Hence, it would rely on each maintainers
    AS> willingness to do so.  For example, a chrooted bind (running as
    AS> user nobody or something) would be nice, but the bind maintainer
    AS> has refused (at least until bind 9.1 is released.. see bug
    AS> #50013).  A debconf option would be ideal here; the trick is to
    AS> convince the maintainer to add it.
    AS> 

I was thinking more along the lines of install time profiles. Something
along the lines of how Manrake supposedly does it (never tried it,
probably should one of these days) where the user is given the choice of
selecting a security profile from a predefined set.

If it was done on a per-package basis, that would be nice too.

-- 
Salman Ahmed
ssahmed AT pathcom DOT com