Re: making Debian secure by default
On Thu, Mar 28, 2024 at 1:28 PM tomas wrote:
>
> On Thu, Mar 28, 2024 at 12:22:57PM -0400, Lee wrote:
> > On Thu, Mar 28, 2024 at 1:11 AM tomas wrote:
>
> [...]
>
> > > Security means first and foremost understanding the threat.
> >
> > Which I don't. Hence the request for 'secure by default' instructions
> > for Debian. Even better would be a secure by default installation
> > option.
>
> This makes little sense. No threat analysis -- no security. Security
> is always a relative (to the threat model) term, "security by default"
> suggests something absolute. This ain't going to work.
I disagree. I don't think I'm qualified to make an adequate threat
analysis for a Debian system and yet
$ sudo aa-status
apparmor module is loaded.
21 profiles are loaded.
19 profiles are in enforce mode.
...
6 processes are in enforce mode.
so apparently somebody else has done a threat analysis and decided
apparmor is the appropriate mitigation strategy?
I'm coming to the realization that more is wishful thinking, but
still.. it would be nice if I didn't feel like I was facing such an
overwhelmingly steep learning curve.
Regards,
Lee
Reply to: