Re: OS Hardening
"S.Salman Ahmed" escribió:
> [No need to CC: me guys, I read each and every list mail I
> receive. Thanks.]
> >>>>> "BMA" == Bradley M Alexander <firstname.lastname@example.org> writes:
> BMA> The problem with this is that, generally speaking, there are
> BMA> as many configurations as there are sysadmins or users out
> BMA> there. You would run the risk of bogging down in the mire of
> BMA> details and asking questions that the user really has no clue
> BMA> about. In this case, as a security person, the idea of
> BMA> "profiles" in lieu of actual knowledge or familiarity is a
> BMA> dangerous thing.
> BMA> Personally I turn them off and rely on secure shell on my
> BMA> network at home.
> I use SSH on my home network as well.
> You make some good points in your email Bradley. I think that if I were
> to every to install a Linux distro using some kind of install profiles,
> I would still want to know why things were installed a certain way.
> After reading Andres' email about how Mandrake handles and implements
> security profiles, and your email, I am convinced that they aren't the
> best solution to securing a system. Afterall, any Linux installation is
> only as secure as the user/administrator who performed the install and
> tends to the post-install and administration tasks.
> After doing a Debian install, I have my own checklist of things I do to
> *try* and secure the installation.
*Please* post it. It could be really useful for documents like the
Securing-Debian-HOWTO, I have my own checklist and will update the HOWTO with it
So, for all of you.. new thread? : checklist of things to do for a secure
tel;fax:+34-91 806 46 41
tel;work:+34-91 806 46 40
org:SGI-GMV sistemas;Seguridad Lógica
adr:;;Sector Foresta 1;Tres Cantos;Madrid;E-28760;Spain
fn:Javier Fernández-Sanguino Peña