This document has yet to be updated based on the latest Debian releases. The default configuration of some packages need to be adapted as they have been modified since this document was written.
Write about remote monitoring tools (to check for system availability) such as
monit,
daemontools and
mon. See
Sysamin Guide.
Consider writing a section on how to build Debian-based network appliances (with information such as the base system, equivs and FAI).
Check if
this site has relevant info not yet covered here.
Add information on how to set up a laptop with Debian,
look here.
Debian GNU/Linux を使ってファイアウォールを構築する方法に ついての情報を加える。ファイアウォールについての章は今のところ 一台だけのシステム向けだ (他のマシンを守るわけではない...)
Add information on setting up a proxy firewall with Debian GNU/Linux stating specifically which packages provide proxy services (like xfwp, ftp-proxy, redir, smtpd, dnrd, jftpgw, oops, pdnsd, perdition, transproxy, tsocks). Should point to the manual for any other info. Note that zorp is now available as a Debian package and is a proxy firewall (they also provide Debian packages upstream).
file-rc でのサービス設定についての情報
参照している URL をすべて調べて、もう有効でないものを削除するなり 修正するなりする
一般的なサーバについて、限定された機能に役立つ (Debian で) 利用可能な代替物に ついての情報を加える。たとえば:
ローカル lpr のかわりに cups (パッケージ)?
リモート lrp のかわりに lpr
bind のかわりに dnrd/maradns
apache のかわりに dhttpd/thttpd/wn (tux?)
exim/sendmail のかわりに ssmtpd/smtpd/postfix
squid のかわりに tinyproxy
ftpd のかわりに oftpd/vsftp
...
Debian のセキュリティ関連のカーネルパッチについて、それを紹介すると ともにそれらのパッチを Debian システムでどう有効にするかを特に述べた情報を さらに多く。
不要なネットワークサービスを切ることの詳細 (inetd のほかに)。 強化過程の一部だがすこし広くできるかも。
ポリシーと密接に関連したパスワード回転についての情報。
ポリシー、そしてユーザに対するポリシー教育。
tcpwrappers についてさらに、そして wrapper 一般?
hosts.equiv
そしてその他のセキュリティホール。
Issues with file sharing servers such as Samba and NFS?
suidmanager/dpkg-statoverrides。
lpr と lprng。
gnome の IP 関連を停止すること。
Talk about programs to make chroot jails. compartment and chrootuid are waiting in incoming. Some others (makejail, jailer) could also be introduced.
More information regarding log analysis software (i.e. logcheck and logcolorise).
'advanced' routing (traffic policing is security related).
limiting ssh
access to running certain commands.
using dpkg-statoverride.
secure ways to share a CD burner among users.
secure ways of providing networked sound in addition to network display capabilities (so that X clients' sounds are played on the X server's sound hardware).
securing web browsers.
setting up ftp over ssh
.
using crypto loopback file systems.
ncrypting the entire file system.
steganographic tools.
setting up a PKA for an organization.
using LDAP to manage users. There is a HOWTO of ldap+kerberos for Debian at
http://www.bayour.com written by Turbo Fredrikson.
How to remove information of reduced utility in production systems such as /usr/share/doc
, /usr/share/man
(yes, security by obscurity).
Add information on running multiple snort
sensors in a given system (check bug reports sent to snort).
Add information on setting up a honeypot (honeyd).
Describe situation wrt to FreeSwan (orphaned) and OpenSwan. VPN section needs to be rewritten.
Add a specific section about databases, current installation defaults and how to secure access.
Add a section about the usefulness of virtual servers (Xen et al).
Explain how to use some integrity checkers (AIDE, integrit or samhain). The basics are simple and could even explain some configuration improvements.