On Thu, Sep 25, 2003 at 07:33:00AM -0700, Adam Lydick wrote: > I like that idea, and it sounds fairly simple - packages just check > /etc/secure_level (or something similar) and do the "right thing". The > tricky part is convincing every package maintainer to adopt it ;)
Well, Mandrake packages IIRC do not parse or understand the "security level", there's a wrapper script that makes changes to them (permissions, for example) based on the "security" level selected. The script is called 'msec' (http://www.mandrakeuser.org/docs/mdoc/ref/prog-msec.html). From my pov: msec = (Checksecurity|Tiger) && Bastille > > There are some "hardening" packages available, but I haven't had a > chance to play with them yet. (and I didn't want them breaking my setup > while I didn't have time to fix things) There are several "hardening" packages, basicly two: Bastille and all the harden-* stuff [1] They are, however, lacking in a number of areas and are not as good as doing this in the core system (i.e. in the kernel through kernel patches [2]) Regards Javi [1] http://www.debian.org/doc/manuals/securing-debian-howto/ch6.en.html [2] http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-kernel-patches
pgpprj4tXqz6W.pgp
Description: PGP signature