Re: debian newbie questions -- security

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: debian newbie questions -- security
From: "Noah L. Meyerhans" <frodo@morgul.net>
Date: Fri, 11 May 2001 12:02:28 -0400
Message-id: <[🔎] 20010511120228.B31708@morgul.net>
In-reply-to: <[🔎] 5823BD992D67D3119F630008C7CF50FC0BCAB137@skylark.mail.ukans.edu>; from cbyoung@ukans.edu on Fri, May 11, 2001 at 10:11:45AM -0500
References: <[🔎] 5823BD992D67D3119F630008C7CF50FC0BCAB137@skylark.mail.ukans.edu>

On Fri, May 11, 2001 at 10:11:45AM -0500, Young, C Bryan wrote:
> informed and preferably unbiased position (hard to come by in forums where
> GNU/Linux or BSD are discussed), I'd MUCH appreciate it.

I use FreeBSD and Debian at work, and am often forced to deal with
security issues on Redhat.  IMHO, Debian's security update model is
best, followed by FreeBSD then Redhat.

> 1)  In a couple of places, I've seen people criticize Debian's security
> because the stable release uses 'out-of-date' packages.  My understanding is
> that Debian developers apply security patches to 'older' packages, while
> leaving the 'bleeding edge' features out.  All other things being equal,
> will RH 7.1 or Debian Potato be more secure?  

The people who criticize Debian's policy (on that basis) don't know what 
they're talking about.  When Debian makes a security release, that *all* 
it is.  We don't add new features or release a package based on a new 
upstream version.  Adding new features in a security release has the 
potential to introduce compatibility issues and confuse users.

> 2)  I've found that it is really easy to find/get help on RH questions --
> i.e., there are a lot of books in print that focus on RH.  Can anyone give
> me titles for essential Debian books?

Most debian documentation is on line.  See http://www.debian.org/doc/.
Also check http://lists.debian.org.  There are mailing lists for just
about every issue with Debian, from security to laptop usage to IPv6
development.  debian-user is great, too.

> time (I'm thinking of something along the lines of Bastille Linux -- but a
> typed out list of things to check for would suffice).

I'm not aware of such a tool.  In debian unstable (not what you want to
run) there are Debian specific hardening tools.  What I would do in this
case is the following: dont' run inetd, don't run nfs related services.
I believe there is a "Securing Debian HOWTO" somewhere, but I haven't
seen it.  It might give you some info.

Subscribe to debian-security and debian-security-annouce for discussions
and announcements relating to Debian security.  Make sure you have the
following line in /etc/apt/sources.list:
deb http://security.debian.org/ potato/updates main contrib non-free 

HTH,
noah

-- 
 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html

Attachment: pgpe3GTbNco3s.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: debian newbie questions -- security
  - From: Willi Dyck <flateric@tekilla.homeip.net>

References:
- debian newbie questions -- security
  - From: "Young, C Bryan" <cbyoung@ukans.edu>

Prev by Date: Re: Where are the rules for IPChains ?
Next by Date: Aliasing an IP address? [semi-OT]
Previous by thread: debian newbie questions -- security
Next by thread: Re: debian newbie questions -- security
Index(es):
- Date
- Thread