On to, 2011-02-17 at 15:24 +0000, Roger Leigh wrote: > I would argue that a change that /would/ make a real difference, would > be to have (as an example) emblems in Nautilus that flag files and > folders depending on if other people have read or write access. That > would visually show what is (and is not) secure either by intention or > by accident.
I'm with Roger and Ian on the default permissions, but that's not why I am making this thread needlessly longer. I am making it needlessly longer because I had a mildly related idea that I am hoping someone will pick up and implement. It would be really cool if there was an automatic auditor for people to use. Not just showing emblems in Nautilus, but offering to fix things as well. Here's how I imagine it might work. You tell the auditor what kind of system this is. d-i would set up a default. For example, personal laptop, or web server, or mail server. You also tell the auditor how much security you want: normal, a lot, or too much. The auditor then looks for things in the system, and in home directories, which might be problems. For example, if it's meant to be a mail server with a lot of security, having telnetd installed and running would be a problem for it to flag. Likewise, it might flag home directory permissions. It then presents the user with a prioritized report, with most urgent things first. The user can then say "I'm ok with this, don't tell me about it again", or "Fix this now, please", or "I don't know what I'm doing, just do something smart", or "I'm suddenly busy, just tell me about this when I ask for a new report". The automatic fixing might do things like remove or disable services, or fix permissions, or install missing security updates, or, on the "too much" security level, wipe all disks and send an e-mail to the nearest secure destruction service to come and pick up the computer and take to it where it can be melted. (If you like the idea, start hacking! I will not get around to this until some other millennium, when I've finished my backup application. I want my backups done before I request my computer to be destroyed.) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1297957018.22676.40.camel@tacticus
