[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

package for security advice

I think it would be good to have a package for improving system security.  It 
could depend on packages like spectre-meltdown-checker and also contain 
scripts that look for ways of improving system security.  For example 
recommend SE Linux or Apparmor (if you don't have one installed), recommend 
lockdown=confidentiality if using kernel 5.4 or greater, and do other similar 
checks and warnings.  For each issue there would ideally be a URL provided 
(maybe to the Debian Wiki, maybe to somewhere else) that describes the issue.  
I'm not saying that everyone should use all these features, just that everyone 
who cares about security should know what the options are and have made an 
informed choice that they can easily review.

For subsystems that are complex and security critical (like Apache and Samba 
for example) you could have other packages providing check scripts that look 
for common configuration choices that might reduce security.  Such scripts 
would be designed to give false positives rather than false negatives.  The 
idea being that if you do something potentially risky then you should be aware 
of it and so should whoever takes over your job in a few years time.  Then at 
relevant times (EG after an upgrade to a new release of Debian) decisions 
about security can be reviewed.

What do you think about this idea?

My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

Reply to: