Hi Moritz,
90 percent of the hardening via 'dpkg-buildflags'? That's
a good information. I'd hoped, that the majority of all base
packages and that's security-sensitive will be protected
well. It's really a huge satisfaction.
One more thing - does Debian include something like e.g.
Ubuntu or openSUSE does? I mean a Security Features field.
To mention a few: setuid binaries (kept to minimum),
minimal set of daemons in the default instalation, no open
ports or ptrace scope (via /kernel/yama/ptrace_scope sysctl),
and so on. What about kernel hardening?
Sorry for such question, but all of these issues are important
for a couple of sysadmins. Already mentioned, Ubuntu and
openSUSE, doing a great job.
I think, that now I can perform an upgrade process from
Squeeze to Wheezy, without any uncertainty.
Best regards.