On Tue, Dec 12, 2000 at 08:41:30PM -0500, S.Salman Ahmed wrote: > >>>>> "AS" == Andres Salomon <dilinger@mp3revolution.net> writes: > AS> Oh, I totally agree; this would have to be on a per-package > AS> basis, however. Hence, it would rely on each maintainers > AS> willingness to do so. For example, a chrooted bind (running as > AS> user nobody or something) would be nice, but the bind maintainer > AS> has refused (at least until bind 9.1 is released.. see bug > AS> #50013). A debconf option would be ideal here; the trick is to > AS> convince the maintainer to add it. > AS> > > I was thinking more along the lines of install time profiles. Something > along the lines of how Manrake supposedly does it (never tried it, > probably should one of these days) where the user is given the choice of > selecting a security profile from a predefined set. > > If it was done on a per-package basis, that would be nice too. The problem with this is that, generally speaking, there are as many configurations as there are sysadmins or users out there. You would run the risk of bogging down in the mire of details and asking questions that the user really has no clue about. In this case, as a security person, the idea of "profiles" in lieu of actual knowledge or familiarity is a dangerous thing. If I understand, you are thinking about, for instance, a "workstation" profile that would set certain parameters, and a "fileserver" profile that would set them differently, and a "firewall" and so forth. The problem you run into here is that, for insance, most people leave ftp and telnet open so they can get around. Personally I turn them off and rely on secure shell on my network at home. So do you go for the lower security and leave these on, or do you close down security and open yourself to the "why can't I telnet into the box?" type of question and frustration? Another good case is servers. On my home network, I have a firewall, a DHCP server, a mail server, and a DNS server. Each requires different ports etc to be open/enabled. Are you going to have a mailerver profile? A DNS profile? A DHCP profile? Are they going to be mutually exclusive? Unfortunately, security times usability tend to be a constant, and profiles are a good way to promote a false sense of security...Not to mention a nightmare to set up and maintain. It is much better for a user to go to Barnes and Noble or read online and get familiar with security. These are decisions that should be made with some forthought, not trusted to an arbitrary profile. Now some distributions other than Debian *need* something like Bastille, which is an aftermarket product that spends a good percentage of its cycles cleaning up mistakes coming out of the factory. The reason Debian doesn't need a script like this because forethought and coordination and attention to detail do their best to eliminate these very problems prior to release. Just my $0.02. -- --Brad ============================================================================ Bradley M. Alexander, CISSP | Co-Chairman, Beowulf System Admin/Security Specialist | NoVALUG/DCLUG Security SIG Winstar Telecom | balexander@winstar.com (703) 889-1049 | storm@tux.org ============================================================================ A 'good' landing is one from which you can walk away. A 'great' landing is one after which they can use the plane again. --Rules of the Air, #8
Attachment:
pgpw3CPHv_ChN.pgp
Description: PGP signature