Re: goals for hardening Debian: ideas and help wanted
On Sat, Jun 7, 2014 at 11:07 AM, Tom Dial wrote: > I suggest resumption of maintenance for OVAL to support OpenSCAP. > www.debian.org/security/oval/ seems not to have been maintained since > some time in late 2010 or early 2011. Please refer to https://bugs.debian.org/738199 If you would like to help out with fixing this, you can find the script in CVS: https://anonscm.debian.org/viewvc/webwml/webwml/english/security/oval/ -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caktje6e9z02cdt0srkw4usqhh4fgu4veoomswilxzaozirn...@mail.gmail.com
Re: goals for hardening Debian: ideas and help wanted
On Sat, Jun 7, 2014 at 9:31 PM, Xavier Roche wrote: > Would a read-only root filesystem goal be feasible ? We kind-of already support that; Debian Live is essentially that. What would official support for read-only root look like to you? Option in the installer? > https://wiki.debian.org/ReadonlyRoot That page needs updating, some of the bugs/issues are fixed. Since you are familiar with the use-case, could you do that? > the only annoying thing is the 'mount: / is busy' issue Have you reported this bug? -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAKTje6Ew50tcJdREB9tn=yosowmankkjc8mju3lz9yxyc9f...@mail.gmail.com
Re: goals for hardening Debian: ideas and help wanted
On Thu, Apr 24, 2014 at 10:57:39AM +0800, Paul Wise wrote: > I have written a non-exhaustive list of goals for hardening the Debian > distribution, the Debian project and computer systems of the Debian > project, contributors and users. > If you have more ideas, please add them to the wiki page. Would a read-only root filesystem goal be feasible ? Might not be by default, but this helps a bit, and it may even prevent root from breaking things by accident. I don't know if this can be considered a security feature, though, but probably in some way. https://wiki.debian.org/ReadonlyRoot I have been using my main debian server for few years with a read-only /, and the only annoying thing is the 'mount: / is busy' issue after an apt-get update phase, but otherwise things are fine. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140607133147.GA16674@proliant.localnet
