On 25 Apr 2002 at 17:24, Philip S Tellis wrote: > Read the security howtos and FAQ. You may also want to read a document > I hacked together from various sources at > http://www.ncst.ernet.in/~philip/writings/Linux-Security.txt > > And hey, while you're at it, suggest any changes that may need to be > made.
It's a pretty nice document. But I have a comment to make about defaul installations of distributions. First of all, mainstream linux distros. have come long way for defaults, showing a quick learning curve. Like all services installed and running policy in RHL6.2 to pretty secure defaults these days. Secondly they do allow to harden the system while installing which is of course great. Next point is how do you define security in practical life? Live life on wire being unrooted or making sure that there is not a vulnarability in your system, not even a possible one. I would say any distro. with a day or so to setup, should be pretty secure install for all practical purposes. What say? And besides you didn't mentioned immunix which has all the packages compiled with patched gcc, not to allow any execution on stack. So buffer overflows are nearly impossible to exploit. Of course you should patch the system but it gives additional breathing space. You can at least hope that you don't get r00ted before a patch is released. Also there are some other common tweaks for security. Like compiling kernel without loadable module support, mounting data partitions with noexec, providing separate tmp dir. for each application, chrooting/jailing every possible daemon on your machine etc. I think couple of lines on each of these would add to overall weight.. Shridhar _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
