Sent: Saturday, November 16, 2024 at 9:18 PM
From: debianmailinglists.hz...@simplelogin.com
To: "debian-secur...@lists.debian.org" <debian-secur...@lists.debian.org>
Subject: Securing Debian Manual, Out of Date?
From: debianmailinglists.hz...@simplelogin.com
To: "debian-secur...@lists.debian.org" <debian-secur...@lists.debian.org>
Subject: Securing Debian Manual, Out of Date?
To whom it may concern:
I'm not sure if this is appropriate for the "security" team, or if there is a documentation team, but purely out of curiosity today I downloaded the "Securing Debian" manual available in both the "harden-doc" package, and on the Debian website at:
I figured since I recently migrated my home server to a new machine, it might be a good idea to make sure I didn't miss any obvious steps to help keep things secure. Upon reading it however, it appears that certain parts of it haven't been updated in a "very" long time. It makes references to 2.x kernels, uses Debian Sarge in some examples, recommends the ext3 filesystem instead of ext4 and makes no mention of systemd in the section about disabling system services, despite systemd being the default init system for the last several releases. Much of the information obviously still applies, but some of it does not and needs to be updated.
Doing a word search turns up mentions of releases as late as Jessie, so some sections of it may have been touched more recently, but others haven't so I wanted to bring this to your attention.
I have found that debian docs to be complety useless and not only out of date but just down right wrong.
If you want good up to date information/documentation see the Archlinx wiki.
