Re: Debians security features: Which are active?

2014-05-17 Thread Jean-Baptiste Boisseau 
 Please, honestly, do you know what every features in this list does, how
 they could be benefit for you and in which way ?

 Or did your choice will *only* be based on the number of
 supported/enabled features ?

Whatever the reason, this question deserves an answer.



 Le 17/05/2014 12:38, herzogbrigit...@t-online.de a écrit :
  Thank you for all your replies.
  I understand that the user is important for security, but it's a
difference whether you start from scratch or you can work with somethink
prebuilt. So, could you tell me, which of the following securit features
are enabled in Debian by default and which I have to activate manually:
 
  Stack Protector
  Heap Protector
  Pointer Obfuscation
  Stack ASLR
  Libs/mmap ASLR
  Exec ASLR
  brk ASLR
  VDSO ASLR
  Built as PIE
  Built with Fortify Source
  Built with RELRO
  Built with BIND_NOW
  Non-Executable Memory
  /proc/$pid/maps protection
  Symlink restrictions
  Hardlink restrictions
  ptrace scope
  0-address protection
  /dev/mem protection
  /dev/kmem disabled
  Block module loading
  Read-only data sections
  Stack protector
  Module RO/NX
  Kernel Address Display Restriction
  Blacklist Rare Protocols
  Syscall Filtering
  Block kexec
 
  For further information go to https://wiki.ubuntu.com/Security/Features
 
 
  Thank you very much!
 
  Brigitte Herzog
 
 
  -Original-Nachricht-
  Betreff: Debians security features in comparison to Ubuntu
  Datum: Fri, 16 May 2014 22:04:07 +0200
  Von: herzogbrigit...@t-online.de herzogbrigit...@t-online.de
  An: debian-security@lists.debian.org
 
  Hello there,
  I'm a new user of the great Debian distro for my Desktop. But when I
talked to a friend and I told him, that I'm using Debian (Wheezy) for my
desktop computer, he told me that I shoudn't use it because it is not
secure. He told me to use Ubuntu instead. He explained that with the fact,
that Ubuntu has more security features enabled than Debian (also more
compiler flags for security) in a fresh install. He gave me a link to the
following site:
  https://wiki.ubuntu.com/Security/Features
 
  So, I'm very happy with Debian but because my friend seems to be an
expert for Linux, I don't know if I can use Debian. Can you tell me which
of the security features promoted by Ubuntu are also enabled in Debian?
 
  Thank you very much!
 
  Brigitte Herzog
 
 
  
  Mit einer kostenlosen E-Mail-Adresse @t-online.de werden Ihre Daten
verschlüsselt übertragen und in Deutschland gespeichert.
  www.t-online.de/email-kostenlos
 
 


 --
 To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
 with a subject of unsubscribe. Trouble? Contact
listmas...@lists.debian.org
 Archive: https://lists.debian.org/53773ec0.50...@ixblue.com

Re: goals for hardening Debian: ideas and help wanted

2014-04-23 Thread Jean-Baptiste Boisseau 
2014-04-24 4:57 GMT+02:00 Paul Wise p...@debian.org:

 Hi all,

 I have written a non-exhaustive list of goals for hardening the Debian
 distribution, the Debian project and computer systems of the Debian
 project, contributors and users.

 https://wiki.debian.org/Hardening/Goals

 If you have more ideas, please add them to the wiki page.

 If you have more information, please add it to the wiki page.

 If you would like to help, please choose an item and start work.

 --
 bye,
 pabs

 http://wiki.debian.org/PaulWise


What about challenging a bit more default packages regarding
security/feature ? We had such a debate about exim but I guess we could
have the same about bind and much more.

-- 
Cordialement,

Jean-Baptiste Boisseau
Eutech SSII
Tel : +33 3 25 81 29 65
Mob: +33 6 63 11 79 40
Fax : +33 9 56 21 06 96