Michael web site with a statistic I've watching for time to
time. Also Debian Hardening wiki page I studied a couple of
time.
>There is a lintian check for setuid binaries (...) > There isn't really any group effort tackling or monitoring > the assortment of useful hardening features (...)
Are you trying to say, that this problem is almost without
checking, auditing etc.? You're right - there isn't really any group effort tackling to adding/enabling additional Security
Features. Ubuntu and openSUSE doing perfectly job in this
arena. Both system using many interesting features, which
aren't available in Debian.
Moritz that's a full list of packages with a DSA over past years? If so, it means that there almost every pkg's is
protected. Or maybe it's just an example. I wish I could help, but I'm not right person for this type of things.
This is very interesting, that only one hour is enough to make changes. @intrigeri
I would like to thank you because of
submitted patch!
Anyway, it could be very nice if Debian would start to implement AppArmor for serious - put all effort on this (yes, there is also SELinux) because it's very simple,
intuitive, contains many profiles etc. SELinux is also good, but is complex. Of course there is openSUSE and Ubuntu
with AppArmor so everything is even easier.
In my opinion it's time to include more and more Security
Features into Debian. According to this I've a one question;
is there a possibility to releasing Debian with already
complied grSec/PAX kernel? If I remember correctly, sometime ago there was similar project. Of course I mean