One of the hardest things about writing security documents is that every case is unique. Two things you have to pay attention to are the threat environment and the security needs of the individual site, host or network. For instance, the security needs of a home user are completely different from a network in a bank. While the primary threat a home user needs to face is the script kiddie type of cracker, a bank network has to worry about directed attacks. Additionally, the bank has to protect their customer's data with arithmetic precision. In short, every user has to consider the tradeoff between usability and security/paranoia.
Note that this HOWTO only covers issues relating to software. The best software in the world can't protect you if someone can physically access the machine. You can place it under your desk, or you can place it in a hardened bunker with an army in front of it. Nevertheless the desktop computer can be much more secure (from a software point of view) than a physically protected one if the desktop is configured properly and the software on the protected machine is full of security holes. Obviously, you must consider both issues. In addition this document just gives a overview of what you can do to increase the security of your Debian GNU/Linux installation. Many parts of this HOWTO can be transferred to other distributions.
If you have comments, additions or suggestions, mail them to the author and they will incorporated into this HOWTO.
1.1 Disclaimer & License
This document is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.
It is (C) 2000 by Alexander Reelsen, however it is distributed under the terms of the GNU free documentation license.
1.2 Download the HOWTO
You can download or view the newest version of the Securing Debian HOWTO in the following formats:
1.3 Organizational Notes/Feedback
Now to the official part. At the moment I wrote most paragraphs of this HOWTO, but in my opinion this should not stay the case. I grew up and live with free software, it is part of my everyday use and I guess yours, too. I encourage everybody to send me feedback, hints additions or any other suggestions, you might have.
If you think, you can maintain a certain section or paragraph better than me, then write this to me and you are welcome to do it. Especially if you find a section marked as FIXME, what means I did not have the time yet or the needed knowledge about the topic, drop me a mail immediately.
The topic of this HOWTO makes is quite clear, that it is important to keep uptodate, and you can help to keep the quality of this HOWTO up, so do it.
1.4 Prior knowledge
The installation of Debian GNU/Linux is not very difficult and you should have been able to install it. If you already have some knowledge about Linux or other Unices and you are a bit familiar with basic security, it will be easier to understand this HOWTO, as it is impossible to explain every little detail of a feature (otherwise this would have been a book instead of a HOWTO).
1.5 TODO
- suidmanager/dpkg-statoverrides
- lpr and lprng
- Switching off the gnome IP things
- LKM, linux kernel modules, bad and good ones
- Encrypted filesystems
1.6 Changelog
1.2
- Lots of grammar corrections by James Treacy, new XDM paragraph
1.1
- Typo fixes, miscellaneous additions
1.0
- Initial release
1.7 Credits
- Robert van der Meulen with the quota paragraphas and many good ideas
- Ethan Benson corrected the PAM paragraph and had some good ideas
- All the folks who encouraged me to write this HOWTO
- The whole Debian project