I have just commited to the incoming queue som new packages I wanted the security people in the list to be aware of (and also the security team)
- Bastille for Debian GNU/Linux (see http://www.bastille-linux.org). I have adapted it so it *works* in Debian and bastions (hardens?) correctly a Debian system. Somethings are yet lacking (automatically patch security updates). But my goal was to first fix it and then introduce the measures I outline in the "Securing Debian Manual" (BTW contributions on these document are welcome :) - Tiger for Debian GNU/Linux. Tiger is a pretty old system scanner that checks for security vulnerabilities in UNIX systems, it was (some years ago) adapted for RedHat. I have added some new features (md5sums checking like debsums, checking of files not owned by packages) the "coolest" is to check for insecure packages. I have made this check using the information on Debian's WWW (the webml sources) parsing it with a perl script and making a database of insecure packages that tiger later on checks against. - Easy Firewall generation programs: easyfw and firewall-easy - New integrity checkers (currently tripwire and aide were available): integrit and samhain - Security Documentation: The Linux Security Knowledge Base (available at http://www.securityfocus.com/lksb/) for offline reading. Also, I sent a new update of the Debian Security Manual the week before going on vacation (did I mention I did these while on vacation? :) Best regards Javier Fernández-Sanguino Peña PD: Packages are available at http://www.dat.etsit.upm.es/~jfs/debian/ENVIAR and should (hopefully) be currently available in Debian too.
