RE: OS Hardening
I was looking at it more from the lines of a default installation. Most
experienced UNIX/Linux users know what needs to be running and
what doesn't, and how to turn services on and off. I'm not completely
sure what services are running under Debian in a default installation as
I use dselect to select each individual package on every installation I
do. This way I have complete control of what's installed.
You can't really expect a new user to want to sift through the list of
3000+ packages in dselect, or even to know what most of them are.
Do a stock installation and see if a new user wouldn't need a "hardening
script". At a guess, telnet, ftp, portmapper, nfsd, and the like are probably
running. I can see where a "hardening script" could come into play here,
asking the user if he needs service "x" running, with a default answer of no.
Unless the user specifically states that he wants it running, it won't be.
-jg
-----Original Message-----
From: Wichert Akkerman [SMTP:wichert@cistron.nl]
Sent: Tuesday, December 12, 2000 6:51 PM
To: Jeremy Gaddis
Cc: Ory Segal; debian-security@lists.debian.org
Subject: Re: OS Hardening
Previously Jeremy Gaddis wrote:
> And if you believe that, you're a fool.
I do believe that. It's a matter of knowing what you're doing and
selecting just the package you need.
Wichert.
--
________________________________________________________________
/ Generally uninteresting signature - ignore at your convenience \
| wichert@cistron.nl http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: