Hi Paul,
On Sun, Jun 08, 2014 at 10:13:27AM +0800, Paul Wise wrote:
We kind-of already support that; Debian Live is essentially that. What
would official support for read-only root look like to you? Option in
the installer?
Probably fix the last bits of details that makes a read-only install
On Thu, Apr 24, 2014 at 10:57:39AM +0800, Paul Wise wrote:
I have written a non-exhaustive list of goals for hardening the Debian
distribution, the Debian project and computer systems of the Debian
project, contributors and users.
If you have more ideas, please add them to the wiki page.
On Sat, Jun 7, 2014 at 9:31 PM, Xavier Roche wrote:
Would a read-only root filesystem goal be feasible ?
We kind-of already support that; Debian Live is essentially that. What
would official support for read-only root look like to you? Option in
the installer?
On Sat, Jun 7, 2014 at 11:07 AM, Tom Dial wrote:
I suggest resumption of maintenance for OVAL to support OpenSCAP.
www.debian.org/security/oval/ seems not to have been maintained since
some time in late 2010 or early 2011.
Please refer to https://bugs.debian.org/738199
If you would like to
Hi,
Giacomo Mulas wrote (24 Apr 2014 16:49:20 GMT) :
Good to know, actually I had tried apparmor quite some time ago and did not
try again. I will give it another spin as soon as I can.
https://wiki.debian.org/AppArmor/HowTo :)
However, I do not agree that I should file bugs against apparmor
I suggest resumption of maintenance for OVAL to support OpenSCAP.
www.debian.org/security/oval/ seems not to have been maintained since
some time in late 2010 or early 2011.
Tom Dial
On 04/23/2014 08:57 PM, Paul Wise wrote:
Hi all,
I have written a non-exhaustive list of goals for
On Tue, Apr 29, 2014 at 11:35:26AM +0800, Paul Wise wrote:
On Tue, Apr 29, 2014 at 8:07 AM, Marko Randjelovic wrote:
- security patches should be clearly marked as such in every *.patch
file
That sounds like a good idea, could you add it to the wiki page?
It's not always easy to say
On Tue, 29 Apr 2014 11:35:26 +0800
Paul Wise p...@debian.org wrote:
On Tue, Apr 29, 2014 at 8:07 AM, Marko Randjelovic wrote:
- security patches should be clearly marked as such in every *.patch
file
That sounds like a good idea, could you add it to the wiki page?
I added this:
Marko Randjelovic:
I was thinking about some kind
of wizard:
- create a chroot if doesn't already exist
- create a launcher for your DE
- create a shell script to run a program from terminal or a simple WM
hint: chroot $CHROOT_PATH su - $USER -c $command_with_args
chroot is not a
chroot is not a security feature?
As far I understand, chroots in Debian/Fedora aren't jails.
Source:
https://securityblog.redhat.com/2013/03/27/is-chroot-a-security-feature/
In deed a Linux chroot - environment is not a jail.
You could use sth. like grsecurity to harden Linux chroot
On Tue, 29 Apr 2014 11:52:14 +
Patrick Schleizer adrela...@riseup.net wrote:
Marko Randjelovic:
I was thinking about some kind
of wizard:
- create a chroot if doesn't already exist
- create a launcher for your DE
- create a shell script to run a program from terminal or a simple
Marko Randjelovic:
On Tue, 29 Apr 2014 11:52:14 +
Patrick Schleizer adrela...@riseup.net wrote:
Marko Randjelovic:
I was thinking about some kind
of wizard:
- create a chroot if doesn't already exist
- create a launcher for your DE
- create a shell script to run a program from
On 24 Apr 2014 10:58, Andrew McGlashan
andrew.mcglas...@affinityvision.com.au wrote:
On 24/04/2014 5:49 PM, Lesley Binks wrote:
Apologies for the top posting, I'm writing this from my phone.
I get a 403 when trying to access via Orbot/Orweb on Android 4.1 phone.
Amusing.
It works for me
On Thu, 24 Apr 2014 10:57:39 +0800
Paul Wise p...@debian.org wrote:
Hi all,
I have written a non-exhaustive list of goals for hardening the Debian
distribution, the Debian project and computer systems of the Debian
project, contributors and users.
https://wiki.debian.org/Hardening/Goals
On Tue, Apr 29, 2014 at 8:07 AM, Marko Randjelovic wrote:
- security patches should be clearly marked as such in every *.patch
file
That sounds like a good idea, could you add it to the wiki page?
- easy create and run programs from chroot and alternate users
Could you detail what you
On Thu, Apr 24, 2014 at 9:49 AM, Giacomo Mulas
giacomo.mula...@gmail.com wrote:
On Thu, 24 Apr 2014, Steve Langasek wrote:
The apparmor policies in Debian apply a principle of minimal harm,
confining
only those services for which someone has taken the time to verify the
correct profile.
Apologies for the top posting, I'm writing this from my phone.
I get a 403 when trying to access via Orbot/Orweb on Android 4.1 phone.
Amusing.
Lesley
On 24 Apr 2014 03:58, Paul Wise p...@debian.org wrote:
Hi all,
I have written a non-exhaustive list of goals for hardening the Debian
On 10:57 Thu 24 Apr 2014, Paul Wise wrote:
..[snip]..
https://wiki.debian.org/Hardening/Goals
Regarding the line (at that page):
Refuse to install packages that are known to have X number of unplugged
exploits (i.e. X number of open security bugs in the bug tracker) unless
e.g.
I suggest it might be better if exploits were each given a quick/approximate
ranking in terms of severity (and if the severity is unknown it could be
assigned a default median ranking), so that the algorithm you mention wouldn't
just add number of unplugged exploits, but add them by weight
On 24/04/2014 5:49 PM, Lesley Binks wrote:
Apologies for the top posting, I'm writing this from my phone.
I get a 403 when trying to access via Orbot/Orweb on Android 4.1 phone.
Amusing.
It works for me [Orbot/Orweb -- 4.3 on both i9300 and i9505], did you
get the case right?
Strangely though
On Thu, 24 Apr 2014, Paul Wise wrote:
On Thu, 2014-04-24 at 02:53 -0007, Cameron Norman wrote:
Would the inclusion of more AppArmor profiles be applicable?
Thanks, added along with SELinux/etc.
I second that. Actually, some time ago I tried using both AppArmor and
SELinux, but gave up
On 24. huhtikuuta 2014 12.57.45 EEST, Andrew McGlashan
andrew.mcglas...@affinityvision.com.au wrote:
It works for me [Orbot/Orweb -- 4.3 on both i9300 and i9505], did you
get the case right?
wiki.d.o seems to be blocking at least some Tor exit nodes. IMHO it should not
do that, at least for
On Thu, Apr 24, 2014 at 11:45:46AM +0200, Giacomo Mulas wrote:
On Thu, 24 Apr 2014, Paul Wise wrote:
Would the inclusion of more AppArmor profiles be applicable?
Thanks, added along with SELinux/etc.
I second that. Actually, some time ago I tried using both AppArmor and
SELinux, but gave up
On Thu, 24 Apr 2014, Steve Langasek wrote:
The apparmor policies in Debian apply a principle of minimal harm, confining
only those services for which someone has taken the time to verify the
correct profile. There are obviously pros and cons to each approach to MAC,
which I'm not interested in
Hi all,
I have written a non-exhaustive list of goals for hardening the Debian
distribution, the Debian project and computer systems of the Debian
project, contributors and users.
https://wiki.debian.org/Hardening/Goals
If you have more ideas, please add them to the wiki page.
If you have more
On Thu, 2014-04-24 at 02:53 -0007, Cameron Norman wrote:
Would the inclusion of more AppArmor profiles be applicable?
Thanks, added along with SELinux/etc.
--
bye,
pabs
http://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
El Wed, 23 de Apr 2014 a las 7:57 PM, Paul Wise p...@debian.org
escribió:
Hi all,
I have written a non-exhaustive list of goals for hardening the Debian
distribution, the Debian project and computer systems of the Debian
project, contributors and users.
https://wiki.debian.org/Hardening/Goals
2014-04-24 4:57 GMT+02:00 Paul Wise p...@debian.org:
Hi all,
I have written a non-exhaustive list of goals for hardening the Debian
distribution, the Debian project and computer systems of the Debian
project, contributors and users.
https://wiki.debian.org/Hardening/Goals
If you have
28 matches
Mail list logo