Re: Enhancements/enabled hardening flags in Wheezy pkgs/release.
On Thu, Jan 2, 2014 at 6:36 PM, Daniel Curtis wrote:
>
> Hello everyone,
>
> Michael web site with a statistic I've watching for time to
> time. Also Debian Hardening wiki page I studied a couple of
> time.
>
>> There is a lintian check for setuid binaries (...)
>> There isn't really any group effort tackling or monitoring
>> the assortment of useful hardening features (...)
>
> Are you trying to say, that this problem is almost without
> checking, auditing etc.? You're right - there isn't really any
> group effort tackling to adding/enabling additional Security
> Features. Ubuntu and openSUSE doing perfectly job in this
> arena. Both system using many interesting features, which
> aren't available in Debian.
There simply isn't a cohesive team working on that anymore, but as
upstreams do adopt hardening features, it does eventually get pulled
in. Debian operates on volunteer interest. If there aren't
volunteers, things unfortunately don't get done.
> Anyway, it could be very nice if Debian would start to
> implement AppArmor for serious - put all effort on this
> (yes, there is also SELinux) because it's very simple,
> intuitive, contains many profiles etc. SELinux is also good,
> but is complex. Of course there is openSUSE and Ubuntu
> with AppArmor so everything is even easier.
It's only going to get done if there are volunteers interested in
working on that. You're already interested, so you're in the best
position to make it happen?
Best wishes,
Mike
Reply to: