Re: OS Hardening
"S.Salman Ahmed" escribió:
>
> [No need to CC: me guys, I read each and every list mail I
> receive. Thanks.]
>
> >>>>> "BMA" == Bradley M Alexander <storm@tux.org> writes:
> BMA> The problem with this is that, generally speaking, there are
> BMA> as many configurations as there are sysadmins or users out
> BMA> there. You would run the risk of bogging down in the mire of
> BMA> details and asking questions that the user really has no clue
> BMA> about. In this case, as a security person, the idea of
> BMA> "profiles" in lieu of actual knowledge or familiarity is a
> BMA> dangerous thing.
> [snip]
> BMA>
> BMA> Personally I turn them off and rely on secure shell on my
> BMA> network at home.
> BMA>
>
> I use SSH on my home network as well.
>
> You make some good points in your email Bradley. I think that if I were
> to every to install a Linux distro using some kind of install profiles,
> I would still want to know why things were installed a certain way.
>
> After reading Andres' email about how Mandrake handles and implements
> security profiles, and your email, I am convinced that they aren't the
> best solution to securing a system. Afterall, any Linux installation is
> only as secure as the user/administrator who performed the install and
> tends to the post-install and administration tasks.
>
> After doing a Debian install, I have my own checklist of things I do to
> *try* and secure the installation.
>
*Please* post it. It could be really useful for documents like the
Securing-Debian-HOWTO, I have my own checklist and will update the HOWTO with it
soon.
So, for all of you.. new thread? : checklist of things to do for a secure
setup?
Javi
begin:vcard
n:Fernández-Sanguino Peña;Javier
tel;fax:+34-91 806 46 41
tel;work:+34-91 806 46 40
x-mozilla-html:FALSE
org:SGI-GMV sistemas;Seguridad Lógica
adr:;;Sector Foresta 1;Tres Cantos;Madrid;E-28760;Spain
version:2.1
email;internet:jfernandez@sgi.es
x-mozilla-cpt:;28448
fn:Javier Fernández-Sanguino Peña
end:vcard
Reply to: