Package: harden-servers Version: 0.1.31 Severity: wishlist Hi!
I installed the harden-servers package on a workstation/desktop box in order to make sure I do not install excessively insecure daemons by mistake. But unfortunately many GNOME packages (galeon, libgnomevfs2-0, gnome-control-center, gnome-mount, yelp, ...) seem to recommend fam, either directly or indirectly. On its turn, fam depends on portmap, which harden-servers conflicts with. The net result of all this is: I cannot install galeon or contacts (or other GNOME packages), unless I do so with the --without-recommends option of aptitude. See below for an example. Why GNOME packages recommend services (fam) that depend on insecure daemons (portmap)? Cannot I have a secure box with some full-feature GNOME packages installed? Now the question is: what should I do? Purge harden-servers and forget about it for any workstation/desktop box (that is to say: only install it on machines that *only* run servers)? If this is the case, please clarify it in the package description... What follows is a transcript of my attempt at installing galeon: $ aptitude -s install galeon Reading package lists... Building dependency tree... Reading state information... Reading extended state information... Initializing package states... Reading task descriptions... Building tag database... The following packages are BROKEN: harden-servers The following NEW packages will be automatically installed: alacarte avahi-daemon binfmt-support capplets-data cdrdao cli-common cups-pdf cupsys cupsys-client cupsys-common dbus dbus-x11 deskbar-applet desktop-base desktop-file-utils docbook-xml dvd+rw-tools esound-clients esound-common evolution-data-server evolution-data-server-common fam foomatic-db foomatic-db-engine foomatic-filters galeon-common gconf2 gconf2-common genisoimage gksu gnome-about gnome-applets gnome-applets-data gnome-control-center gnome-desktop-data gnome-doc-utils gnome-icon-theme gnome-keyring gnome-media gnome-media-common gnome-menus gnome-mime-data gnome-mount gnome-netstatus-applet gnome-panel gnome-panel-data gnome-session gnome-system-monitor gnome-user-guide gnome-utils gs-esp gstreamer0.10-alsa gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer0.10-x hal hal-info imagemagick iso-codes libaa1 libao2 libapm1 libart-2.0-2 libart2.0-cil libasound2 libaudiofile0 libavahi-client3 libavahi-common-data libavahi-common3 libavahi-compat-libdnssd1 libavahi-core5 libavahi-glib1 libavc1394-0 libbeagle0 libbonobo2-0 libbonobo2-common libbonoboui2-0 libbonoboui2-common libcaca0 libcamel1.2-10 libcdio6 libcdparanoia0 libcpufreq0 libcucul0 libcupsimage2 libdaemon0 libdbus-1-3 libdbus-glib-1-2 libdv4 libebook1.2-9 libecal1.2-7 libedata-book1.2-2 libedata-cal1.2-6 libedataserver1.2-9 libedataserverui1.2-8 libeel2-2.18 libeel2-data libegroupwise1.2-13 libenchant1c2a libesd0 libexif12 libfam0 libflac8 libgail-common libgail18 libgconf2-4 libgconf2.0-cil libgksu2-0 libglade2.0-cil libglib2.0-cil libgmime-2.0-2 libgmime2.2-cil libgnome-desktop-2 libgnome-keyring0 libgnome-media0 libgnome-menu2 libgnome-vfs2.0-cil libgnome-window-settings1 libgnome2-0 libgnome2-common libgnome2.0-cil libgnomecanvas2-0 libgnomecanvas2-common libgnomecups1.0-1 libgnomekbd-common libgnomekbd1 libgnomekbdui1 libgnomeprint2.2-0 libgnomeprint2.2-data libgnomeprintui2.2-0 libgnomeprintui2.2-common libgnomeui-0 libgnomeui-common libgnomevfs2-0 libgnomevfs2-common libgnomevfs2-extra libgstreamer-plugins-base0.10-0 libgstreamer0.10-0 libgtk2.0-cil libgtkhtml2.0-cil libgtkhtml3.8-15 libgtksourceview-common libgtksourceview1.0-0 libgtop2-7 libgtop2-common libgucharmap6 libhal-storage1 libhal1 libhunspell-1.1-0 libidl0 libiec61883-0 libjasper1 liblcms1 libmagick9 libmetacity0 libmono-cairo1.0-cil libmono-corlib1.0-cil libmono-corlib2.0-cil libmono-data-tds2.0-cil libmono-security2.0-cil libmono-sharpzip2.84-cil libmono-system-data2.0-cil libmono-system-web2.0-cil libmono-system1.0-cil libmono-system2.0-cil libmono0 libmono2.0-cil libmozjs0d libnautilus-burn4 libnautilus-extension1 libndesk-dbus-glib1.0-cil libndesk-dbus1.0-cil libnotify1 libnspr4-0d libnss-mdns libnss3-0d libogg0 liboil0.3 liborbit2 libpanel-applet2-0 libpci2 libpoppler1 libraw1394-8 librsvg2.0-cil libscrollkeeper0 libsexy2 libshout3 libslab0 libslp1 libsmbclient libsmbios1 libsoup2.2-8 libspeex1 libstartup-notification0 libsysfs2 libtag1c2a libtheora0 libtotem-plparser1 libtrackerclient0 libvisual-0.4-0 libvisual-0.4-plugins libvorbis0a libvorbisenc2 libvorbisfile3 libwavpack1 libwnck-common libwnck18 libxklavier11 libxml2-utils libxres1 libxslt1.1 libxul-common libxul0d menu-xdg metacity metacity-common mono-common mono-gac mono-jit mono-runtime nautilus nautilus-cd-burner nautilus-data notification-daemon openssl oss-compat pciutils poppler-utils portmap powermgmt-base python-beagle python-cairo python-dbus python-fpconst python-glade2 python-gmenu python-gnome2 python-gnome2-desktop python-gobject python-gtk2 python-gtk2-doc python-libxml2 python-numeric python-pyorbit python-soappy python-support samba-common scrollkeeper sgml-data shared-mime-info smbclient ssl-cert sudo tomboy wodim xsltproc yelp The following NEW packages will be installed: alacarte avahi-daemon binfmt-support capplets-data cdrdao cli-common cups-pdf cupsys cupsys-client cupsys-common dbus dbus-x11 deskbar-applet desktop-base desktop-file-utils docbook-xml dvd+rw-tools esound-clients esound-common evolution-data-server evolution-data-server-common fam foomatic-db foomatic-db-engine foomatic-filters galeon galeon-common gconf2 gconf2-common genisoimage gksu gnome-about gnome-applets gnome-applets-data gnome-control-center gnome-desktop-data gnome-doc-utils gnome-icon-theme gnome-keyring gnome-media gnome-media-common gnome-menus gnome-mime-data gnome-mount gnome-netstatus-applet gnome-panel gnome-panel-data gnome-session gnome-system-monitor gnome-user-guide gnome-utils gs-esp gstreamer0.10-alsa gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer0.10-x hal hal-info imagemagick iso-codes libaa1 libao2 libapm1 libart-2.0-2 libart2.0-cil libasound2 libaudiofile0 libavahi-client3 libavahi-common-data libavahi-common3 libavahi-compat-libdnssd1 libavahi-core5 libavahi-glib1 libavc1394-0 libbeagle0 libbonobo2-0 libbonobo2-common libbonoboui2-0 libbonoboui2-common libcaca0 libcamel1.2-10 libcdio6 libcdparanoia0 libcpufreq0 libcucul0 libcupsimage2 libdaemon0 libdbus-1-3 libdbus-glib-1-2 libdv4 libebook1.2-9 libecal1.2-7 libedata-book1.2-2 libedata-cal1.2-6 libedataserver1.2-9 libedataserverui1.2-8 libeel2-2.18 libeel2-data libegroupwise1.2-13 libenchant1c2a libesd0 libexif12 libfam0 libflac8 libgail-common libgail18 libgconf2-4 libgconf2.0-cil libgksu2-0 libglade2.0-cil libglib2.0-cil libgmime-2.0-2 libgmime2.2-cil libgnome-desktop-2 libgnome-keyring0 libgnome-media0 libgnome-menu2 libgnome-vfs2.0-cil libgnome-window-settings1 libgnome2-0 libgnome2-common libgnome2.0-cil libgnomecanvas2-0 libgnomecanvas2-common libgnomecups1.0-1 libgnomekbd-common libgnomekbd1 libgnomekbdui1 libgnomeprint2.2-0 libgnomeprint2.2-data libgnomeprintui2.2-0 libgnomeprintui2.2-common libgnomeui-0 libgnomeui-common libgnomevfs2-0 libgnomevfs2-common libgnomevfs2-extra libgstreamer-plugins-base0.10-0 libgstreamer0.10-0 libgtk2.0-cil libgtkhtml2.0-cil libgtkhtml3.8-15 libgtksourceview-common libgtksourceview1.0-0 libgtop2-7 libgtop2-common libgucharmap6 libhal-storage1 libhal1 libhunspell-1.1-0 libidl0 libiec61883-0 libjasper1 liblcms1 libmagick9 libmetacity0 libmono-cairo1.0-cil libmono-corlib1.0-cil libmono-corlib2.0-cil libmono-data-tds2.0-cil libmono-security2.0-cil libmono-sharpzip2.84-cil libmono-system-data2.0-cil libmono-system-web2.0-cil libmono-system1.0-cil libmono-system2.0-cil libmono0 libmono2.0-cil libmozjs0d libnautilus-burn4 libnautilus-extension1 libndesk-dbus-glib1.0-cil libndesk-dbus1.0-cil libnotify1 libnspr4-0d libnss-mdns libnss3-0d libogg0 liboil0.3 liborbit2 libpanel-applet2-0 libpci2 libpoppler1 libraw1394-8 librsvg2.0-cil libscrollkeeper0 libsexy2 libshout3 libslab0 libslp1 libsmbclient libsmbios1 libsoup2.2-8 libspeex1 libstartup-notification0 libsysfs2 libtag1c2a libtheora0 libtotem-plparser1 libtrackerclient0 libvisual-0.4-0 libvisual-0.4-plugins libvorbis0a libvorbisenc2 libvorbisfile3 libwavpack1 libwnck-common libwnck18 libxklavier11 libxml2-utils libxres1 libxslt1.1 libxul-common libxul0d menu-xdg metacity metacity-common mono-common mono-gac mono-jit mono-runtime nautilus nautilus-cd-burner nautilus-data notification-daemon openssl oss-compat pciutils poppler-utils portmap powermgmt-base python-beagle python-cairo python-dbus python-fpconst python-glade2 python-gmenu python-gnome2 python-gnome2-desktop python-gobject python-gtk2 python-gtk2-doc python-libxml2 python-numeric python-pyorbit python-soappy python-support samba-common scrollkeeper sgml-data shared-mime-info smbclient ssl-cert sudo tomboy wodim xsltproc yelp 0 packages upgraded, 258 newly installed, 0 to remove and 0 not upgraded. Need to get 139MB of archives. After unpacking 484MB will be used. The following packages have unmet dependencies: harden-servers: Conflicts: portmap but 6.0-4 is to be installed. Resolving dependencies... The following actions will resolve these dependencies: Remove the following packages: harden-servers Score is 121 Accept this solution? [Y/n/q/?] q Abandoning all efforts to resolve these dependencies. Abort. $ aptitude -s install --without-recommends galeon Reading package lists... Building dependency tree... Reading state information... Reading extended state information... Initializing package states... Reading task descriptions... Building tag database... The following NEW packages will be automatically installed: dbus dbus-x11 esound-common galeon-common gconf2 gconf2-common gnome-keyring gnome-mime-data libart-2.0-2 libaudiofile0 libavahi-client3 libavahi-common-data libavahi-common3 libavahi-glib1 libbonobo2-0 libbonobo2-common libbonoboui2-0 libbonoboui2-common libdbus-1-3 libdbus-glib-1-2 libesd0 libfam0 libgconf2-4 libgnome-desktop-2 libgnome-keyring0 libgnome2-0 libgnome2-common libgnomecanvas2-0 libgnomecanvas2-common libgnomeui-0 libgnomeui-common libgnomevfs2-0 libgnomevfs2-common libhal-storage1 libhal1 libidl0 libmozjs0d libnspr4-0d libnss3-0d liborbit2 libstartup-notification0 libxul-common libxul0d shared-mime-info The following NEW packages will be installed: dbus dbus-x11 esound-common galeon galeon-common gconf2 gconf2-common gnome-keyring gnome-mime-data libart-2.0-2 libaudiofile0 libavahi-client3 libavahi-common-data libavahi-common3 libavahi-glib1 libbonobo2-0 libbonobo2-common libbonoboui2-0 libbonoboui2-common libdbus-1-3 libdbus-glib-1-2 libesd0 libfam0 libgconf2-4 libgnome-desktop-2 libgnome-keyring0 libgnome2-0 libgnome2-common libgnomecanvas2-0 libgnomecanvas2-common libgnomeui-0 libgnomeui-common libgnomevfs2-0 libgnomevfs2-common libhal-storage1 libhal1 libidl0 libmozjs0d libnspr4-0d libnss3-0d liborbit2 libstartup-notification0 libxul-common libxul0d shared-mime-info The following packages are RECOMMENDED but will NOT be installed: esound-clients fam gnome-control-center gnome-icon-theme gnome-mount iso-codes libgnomevfs2-extra scrollkeeper yelp 0 packages upgraded, 45 newly installed, 0 to remove and 0 not upgraded. Need to get 23.5MB of archives. After unpacking 82.9MB will be used. Do you want to continue? [Y/n/?] Y Would download/install/remove packages. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.21-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages harden-servers depends on: ii debconf [debconf-2.0] 1.5.14 Debian configuration management sy harden-servers recommends no packages. -- debconf information: harden-servers/vncserver: harden-servers/inetd: harden-servers/plaintext: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
