> ---------- > From: Thomas Guettler[SMTP:[EMAIL PROTECTED] > Reply To: Thomas Guettler > Sent: Wednesday, August 30, 2000 8:47 AM > To: debian-user@lists.debian.org > Cc: [EMAIL PROTECTED] > Subject: Re: Debian 2.2 and security - SecurityPortal article > > On Wed, Aug 30, 2000 at 11:55:57AM +0200, Leszek Gerwatowski wrote: > > On SecurityPortal there is an article about Debian 2.2 security: > > > > http://www.securityportal.com/closet/closet20000830.html > > > > Just read it and tell me what you think about it. > > The Author (Kurt Seifried) makes the newbie believe Debian2.2 > is not secure, but you should look at it more close. > > > quote: "The next default that really ticks me off is the password > encryption scheme - > the default is to use crypt. " > > A half year ago I installed debian-potato and I newer heard of MD5 before, > > but the displayed text informed me very well on what to choose. If you are > too lazy to read these lines, you shouldn't try to set up a secure system. > BTW, potato stores passwords in /etc/shadow, so that you need to be root > to read the encrypted passwords (except you use NIS) > > > quote: "Discard, daytime, time, shell, login, and exec (r services) are > all > enabled by default" > > The first three are enabled, but I think that is no security problem. > But shell, login, exec are not enabled on my system, at least on my > system. > Has someone a fresh installation to tell us what the default is? > I did an install a few days ago. The "r" utilities were not even installed. You have to go after them specifically to get them. If you install them, they are enabled... I forget which profile I used. I'm not sure if the "r" utilities are in any of them. Debian strongly suggests ssh instead...
jim > gnuplot and exim paragraph can be ignored. > > > dpkg && pgp: Can say something about this. > > > Home-directories by default world-readable: I have nothing to hide. > If I would have something to hide I would use encryption and not > chmod. I work together with the other users, I want them to see my > work and I want to see theirs. > > > LILO-problem: If you have physical access to the machine, you can > boot from a rescue disk and get root everytime. (Except you use > a encrypted filesystem). > > > Complain about old Apache, ProFTP: If you always want the latest > fixes, you need to get the stuff from the sources (Eg www.apache.org) > > quote: > "Debian's goal of a bug free-release hasn't been met. > But to be fair, it's not like any software vendor will ever release > bug-free software. Debian has done a particularly bad job in my opinion, > shipping out-of-date software and > especially publicly available network daemons that have root hacks in > them." > > Bug-free can mean both: Security-bug-free and Stability-bug-free. > Install OpenBSD if you are paranoid about security. > > > > -- > Thomas Guettler > Office: <guettli_NoSpam_interface-business.de> www.interface-business.de > Private:<guettli_NoSpam_gmx.de> http://yi.org/guettli > (Replace _NoSpam_ with @) > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < > /dev/null >
