[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: making Debian secure by default

On Thu, Mar 28, 2024 at 1:28 PM tomas wrote:
>
> On Thu, Mar 28, 2024 at 12:22:57PM -0400, Lee wrote:
> > On Thu, Mar 28, 2024 at 1:11 AM tomas wrote:
>
> [...]
>
> > > Security means first and foremost understanding the threat.
> >
> > Which I don't.  Hence the request for 'secure by default' instructions
> > for Debian.  Even better would be a secure by default installation
> > option.
>
> This makes little sense. No threat analysis -- no security. Security
> is always a relative (to the threat model) term, "security by default"
> suggests something absolute. This ain't going to work.

I disagree.  I don't think I'm qualified to make an adequate threat
analysis for a Debian system and yet
  $ sudo aa-status
  apparmor module is loaded.
  21 profiles are loaded.
  19 profiles are in enforce mode.
     ...
  6 processes are in enforce mode.

so apparently somebody else has done a threat analysis and decided
apparmor is the appropriate mitigation strategy?

I'm coming to the realization that more is wishful thinking, but
still.. it would be nice if I didn't feel like I was facing such an
overwhelmingly steep learning curve.

Regards,
Lee
Reply to: