[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debians security features: Which are active?

Hash: SHA512

It would however be useful for Debian administrators interested in
security to know somehow what these features do, under what
circumstances they would be useful, and how to enable them in Debian. I
found the Hardening Debian guides on the wiki (linked to earlier)
difficult to understand and apply in this regard.


Cédric Lemarchand wrote:
> Please, honestly, do you know what every features in this list does,
> how they could be benefit for you and in which way ?
> Or did your choice will *only* be based on the number of 
> supported/enabled features ?
> Le 17/05/2014 12:38, herzogbrigitte1@t-online.de a écrit :
>> Thank you for all your replies. I understand that the user is
>> important for security, but it's a difference whether you start
>> from scratch or you can work with somethink prebuilt. So, could you
>> tell me, which of the following securit features are enabled in
>> Debian by default and which I have to activate manually:
>> Stack Protector Heap Protector Pointer Obfuscation Stack ASLR 
>> Libs/mmap ASLR Exec ASLR brk ASLR VDSO ASLR Built as PIE Built with
>> Fortify Source Built with RELRO Built with BIND_NOW Non-Executable
>> Memory /proc/$pid/maps protection Symlink restrictions Hardlink
>> restrictions ptrace scope 0-address protection /dev/mem protection 
>> /dev/kmem disabled Block module loading Read-only data sections 
>> Stack protector Module RO/NX Kernel Address Display Restriction 
>> Blacklist Rare Protocols Syscall Filtering Block kexec
>> For further information go to
>> https://wiki.ubuntu.com/Security/Features
>> Thank you very much!
>> Brigitte Herzog
>> -----Original-Nachricht----- Betreff: Debians security features in
>> comparison to Ubuntu Datum: Fri, 16 May 2014 22:04:07 +0200 Von:
>> "herzogbrigitte1@t-online.de" <herzogbrigitte1@t-online.de> An:
>> debian-security@lists.debian.org
>> Hello there, I'm a new user of the great Debian distro for my
>> Desktop. But when I talked to a friend and I told him, that I'm
>> using Debian (Wheezy) for my desktop computer, he told me that I
>> shoudn't use it because it is not secure. He told me to use Ubuntu
>> instead. He explained that with the fact, that Ubuntu has more
>> security features enabled than Debian (also more compiler flags for
>> security) in a fresh install. He gave me a link to the following
>> site: https://wiki.ubuntu.com/Security/Features
>> So, I'm very happy with Debian but because my friend seems to be an
>> expert for Linux, I don't know if I can use Debian. Can you tell me
>> which of the security features promoted by Ubuntu are also enabled
>> in Debian?
>> Thank you very much!
>> Brigitte Herzog
>> ---------------------------------------------------------------- 
>> Mit einer kostenlosen E-Mail-Adresse @t-online.de werden Ihre Daten
>> verschlüsselt übertragen und in Deutschland gespeichert. 
>> www.t-online.de/email-kostenlos
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


Reply to: