You could also check out the packages 'harden' and 'bastille'. But I always deselect everything in the package selection menu during the Debian setup ( http://www.linuxjournal.com/ufiles/debian_netinstall.png ). And then I install some basic things like: 'module-assistant apt-listbugs preload update-inetd ntp deborphan ntpdate reportbug'
And after that I install what I want to use, that way you don't have to harden. Because you've installed only the things you need. You can always disable services with 'update-inetd' in case you installed some services you didn't want. Check out the man page here: http://man.he.net/man8/update-inetd Grtz. Kees On Wed, Nov 24, 2010 at 10:05, Michiel Klaver <mich...@klaver.it> wrote: > At 24-11-2010 00:48, Daniel Hood wrote: > >> Does anyone have a good checklist or script to harden a vanilla debian >> box after installation? >> >> Dan >> >> > Some quick notes for basic checks, not a full security guide: > > http://klaver.it/linux/debian-security.txt > > > > -- > To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: http://lists.debian.org/4cecd557.3070...@klaver.it > > -- Met vriendelijke groet, Kees de Jong * * *De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde(n). Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. -- The information contained in this message may be confidential and is intended to be exclusively for the addressee(s). Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail.*
