previously on this list Paul Wise contributed: > I have written a non-exhaustive list of goals for hardening the Debian > distribution, the Debian project and computer systems of the Debian > project, contributors and users. > > https://wiki.debian.org/Hardening/Goals > > If you have more ideas, please add them to the wiki page.
Though it will take some guts, the best way I see for a distro to help users secure their machines is to provide sudoers entries disabled by default and enabled either manually through requests during various package installs or a sudoers-policies package or in sudoers.d by default. I've read a story about sudoers being packaged by distro's at one time but mistakes meaning they stopped doing so. I expect that's a myth and silly if not. I find little about it but hearsay and whilst I know sudo's maintainer prefers rules not to be enabled by default as that encourages general policies and so an insecure default. I am not sure he minds commented policies that are easily enabled. If I ever have any time I intend to create a sudoers policy site if no-one beats me to it and more searches don't find one but a project like debian may be better suited to the task. Sudo is undoubtedly more secure than polkit when used correctly and easily modified by users. If things like synaptic had an option to use sudo, users could very easily and intuitively modify the default policy to only allow a certain list of packages to be installed and synaptic would be none the wiser and work very securely with whatever exact permissions the user decides and that apt-get provides the control for. This empowers users and the more correct way of doing things. Any security related tools and settings should have a high quality man page. All security configuration should be insisted on being in /etc if it isn't already. A default polkit configuration for example should be easily found and edited and not be allowed to exist in /usr or need to be copied from anywhere to anywhere. That is simply irresponsible. sysctl.conf could perhaps have more commented entries If a doc exists in /usr/share then perhaps a man page should atleast point to it and be found via apropos in many cases as understanding is the first step to securing. You could port the privledge seperation patches for X11 from OpenBSD so that only a small part for handling device files etc. runs as root. tcpdump is more secure but for more risky things like wireshark it could be made to die perhaps by a wrapper if run as root and dumpcap be suid group wireshark mode 750 and users add themselves to that group to use it. http://marc.info/?l=openbsd-misc&m=139694935227588&w=2 More use of chrooting by default would be good too. Some comments on the existing content on the page follows. Tor provides privacy and more likely lowers security so which threat against contributors or contributor actions is the Tor policy aimed to protect? Asking contributor's to boot debian where possible without listening services from dedicated usb/hdd with a vpn or ssh to avoid router resident attackers maybe seen as a bit draconian but I would suggest is a better practice to aim for. If grsec is coming RBAC deserves mentioning under MACs Routers, you could simplify their usage so you are using a subset of the firmware risk. So use bridge mode and a pppoe client on a debian or an OpenBSD box where I can contest pppoe setup is dead easy and in kernel. Though the bastille debian box and VPN two paragraphs up is probably easier for most with wireless etc. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________ I have no idea why RTFM is used so aggressively on LINUX mailing lists because whilst 'apropos' is traditionally the most powerful command on Unix-like systems it's 'modern' replacement 'apropos' on Linux is a tool to help psychopaths learn to control their anger. (Kevin Chadwick) _______________________________________________________________________ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/246269.70707...@smtp101.mail.ir2.yahoo.com