[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: OS Hardening

I was looking at it more from the lines of a default installation.  Most
experienced UNIX/Linux users know what needs to be running and
what doesn't, and how to turn services on and off.  I'm not completely
sure what services are running under Debian in a default installation as
I use dselect to select each individual package on every installation I
do.  This way I have complete control of what's installed.

You can't really expect a new user to want to sift through the list of
3000+ packages in dselect, or even to know what most of them are.

Do a stock installation and see if a new user wouldn't need a "hardening
script".  At a guess, telnet, ftp, portmapper, nfsd, and the like are probably
running.  I can see where a "hardening script" could come into play here,
asking the user if he needs service "x" running, with a default answer of no.
Unless the user specifically states that he wants it running, it won't be.


-----Original Message-----
From:	Wichert Akkerman [SMTP:wichert@cistron.nl]
Sent:	Tuesday, December 12, 2000 6:51 PM
To:	Jeremy Gaddis
Cc:	Ory Segal; debian-security@lists.debian.org
Subject:	Re: OS Hardening

Previously Jeremy Gaddis wrote:
> And if you believe that, you're a fool.

I do believe that. It's a matter of knowing what you're doing and
selecting just the package you need.


 / Generally uninteresting signature - ignore at your convenience  \
| wichert@cistron.nl                  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: