Agree about some hardening only are usefull in certain use case. But
some of them should be set as default i guess because they are usefull
for most of the case and case not include require skills and in this
skill are include change an option in some not all the day open conf
file. Maybe i’m wrong. I think about kernel conf for ie. And or maybe
provide a way to choose some preset conf maybe in package.
Without any troll there is more and more non ready users on GNU\linux,
and debian, they can’t do real choices, do they really want ? I’m
agree it’s bad. But we don’t offer real way to help users to
understand. Maybe gnome have now some pretty first start tutorial ? I
don’t use it.
What threat i want to be protect against :
- hardware & physical attack
- network attack (including vulnerable world open app)
- compromise user attack
What want to protect : multi purpose server and laptop.
And by the way i love doing this kind of stuff. It’s like a problem to
solve. And more automate it can be better it is (for each use case
Why automatisation instead of just make snapshot ? because it (my
point of view) permit to also test the setup step and keep the doc up
Sry for my really bad english. I need to sleep.
Thx for all your messages.
Le mar. 4 déc. 2018 à 19:44, Jonathan Hutchins
<firstname.lastname@example.org> a écrit :
> On 2018-12-03 05:10, Jérôme Bardot wrote:
> > Why debian is not more harden by default ?
> Debian's hardening is adequate for most users, who are typically behind
> some sort of protection such as a router/firewall.
> If you actually need a hardened system, it's far better for you to do
> the hardening yourself to address the specific threats you feel
> vulnerable to. That way you have a better understanding of what has
> been done, why, and how. Unlike Windows, where users typically allow
> Microsoft to make all of the decisions for them, Linux in general and
> Debian specifically put user choice ahead of cookie-cutter solutions.