Re: Debians security features: Which are active?

2014-05-17 Thread Jean-Baptiste Boisseau 
> Please, honestly, do you know what every features in this list does, how
> they could be benefit for you and in which way ?
>
> Or did your choice will *only* be based on the number of
> supported/enabled features ?

Whatever the reason, this question deserves an answer.

>
>
> Le 17/05/2014 12:38, herzogbrigit...@t-online.de a écrit :
> > Thank you for all your replies.
> > I understand that the user is important for security, but it's a
difference whether you start from scratch or you can work with somethink
prebuilt. So, could you tell me, which of the following securit features
are enabled in Debian by default and which I have to activate manually:
> >
> > Stack Protector
> > Heap Protector
> > Pointer Obfuscation
> > Stack ASLR
> > Libs/mmap ASLR
> > Exec ASLR
> > brk ASLR
> > VDSO ASLR
> > Built as PIE
> > Built with Fortify Source
> > Built with RELRO
> > Built with BIND_NOW
> > Non-Executable Memory
> > /proc/$pid/maps protection
> > Symlink restrictions
> > Hardlink restrictions
> > ptrace scope
> > 0-address protection
> > /dev/mem protection
> > /dev/kmem disabled
> > Block module loading
> > Read-only data sections
> > Stack protector
> > Module RO/NX
> > Kernel Address Display Restriction
> > Blacklist Rare Protocols
> > Syscall Filtering
> > Block kexec
> >
> > For further information go to https://wiki.ubuntu.com/Security/Features
> >
> >
> > Thank you very much!
> >
> > Brigitte Herzog
> >
> >
> > -Original-Nachricht-
> > Betreff: Debians security features in comparison to Ubuntu
> > Datum: Fri, 16 May 2014 22:04:07 +0200
> > Von: "herzogbrigit...@t-online.de" 
> > An: debian-security@lists.debian.org
> >
> > Hello there,
> > I'm a new user of the great Debian distro for my Desktop. But when I
talked to a friend and I told him, that I'm using Debian (Wheezy) for my
desktop computer, he told me that I shoudn't use it because it is not
secure. He told me to use Ubuntu instead. He explained that with the fact,
that Ubuntu has more security features enabled than Debian (also more
compiler flags for security) in a fresh install. He gave me a link to the
following site:
> > https://wiki.ubuntu.com/Security/Features
> >
> > So, I'm very happy with Debian but because my friend seems to be an
expert for Linux, I don't know if I can use Debian. Can you tell me which
of the security features promoted by Ubuntu are also enabled in Debian?
> >
> > Thank you very much!
> >
> > Brigitte Herzog
> >
> >
> > 
> > Mit einer kostenlosen E-Mail-Adresse @t-online.de werden Ihre Daten
verschlüsselt übertragen und in Deutschland gespeichert.
> > www.t-online.de/email-kostenlos
> >
> >
>
>
> --
> To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmas...@lists.debian.org
> Archive: https://lists.debian.org/53773ec0.50...@ixblue.com
>

Re: goals for hardening Debian: ideas and help wanted

2014-04-23 Thread Jean-Baptiste Boisseau 
2014-04-24 4:57 GMT+02:00 Paul Wise :

> Hi all,
>
> I have written a non-exhaustive list of goals for hardening the Debian
> distribution, the Debian project and computer systems of the Debian
> project, contributors and users.
>
> https://wiki.debian.org/Hardening/Goals
>
> If you have more ideas, please add them to the wiki page.
>
> If you have more information, please add it to the wiki page.
>
> If you would like to help, please choose an item and start work.
>
> --
> bye,
> pabs
>
> http://wiki.debian.org/PaulWise
>

What about challenging a bit more default packages regarding
security/feature ? We had such a debate about exim but I guess we could
have the same about bind and much more.

-- 
Cordialement,

Jean-Baptiste Boisseau
Eutech SSII
Tel : +33 3 25 81 29 65
Mob: +33 6 63 11 79 40
Fax : +33 9 56 21 06 96