Hi Cristoph I'll think about your comments. The problem is that there are other software packages that do similar things. I'm not so sure that this should be the scope of harden-servers, even though I think it is a very good thing.
Best regards, // Ola On Sun, Feb 01, 2009 at 03:54:22AM +0100, Christoph Anton Mitterer wrote: > Hi Ola. > > Sorry for that ultra long delay. > > > On Tue, 2009-01-20 at 07:23 +0100, Ola Lundqvist wrote: > > Yes I know that this one is annoying and I know that you can configure > > things in a proper way. However the intention with the harden-* suite is > > that > > you will get a more hardened system without the need to make special > > configurations manually. > My idea is the following: > Even on servers it is nowadays not so uncommon that you have fam running > and on desktops anyway. > A user probably have set up portmap correctly, but still cannot install > harden-servers. > While portmap will stay in secure/loopback-only mode, harden-servers > will stay uninstalled. > And thus the user might easily install one of the other packages that > harden-servers conflicts with, and which is really an "evil" package. > > You see both ways have their disadvantage, but personally I'd consider > it better not to conflict with portmap and let the user install it in > order to "secure" him from the other packages and solve the portmap > problem like described below: > > > > However I appriciate your feedback on this and if I or someone else find a > > very good solution to this, I will happily apply a good patch. > Well the only way I can think of right now is, that package adds some > test to debconf that checks whether portmap is bound to the loopback > device. > Such a test might be even added as cronjob (perhaps weekly or even > daily) in order to notify the user when he installs portmap after > harden-servers or later changes the portmap config. > If that cronjob finds a non-loopback setting it might even deactivate > portmap. > > > > Thanks, > Chris. -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Annebergsslingan 37 \ | o...@debian.org 654 65 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --------------------------------------------------------------- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
