[buug] Linux Security Site

Tom DeSot tomd at sacefcu.org
Mon Feb 14 14:22:22 PST 2000


It sounds to me as though you are talking about OpenBSD.  Most of what you
have described is inherent in the install.

-----Original Message-----
From: Rick Moen [mailto:rick at linuxmafia.com]
Sent: Monday, February 14, 2000 5:02 PM
To: ezekielk at iname.com
Cc: BUUG mailing list
Subject: Re: [buug] Linux Security Site


Quoting ezekielk at iname.com (ezekielk at iname.com):

[Linux distributions tend to default to an insecure state]

> That is too bad, considering how many computer users would *like to
> dump Windoze, and switch to Linux w/minimal hassle. But once I master
> Linux, I can get some of these folks running their own Linux box with
> solid security.

Unfortunately, they have to do this in the name of market acceptance.
Why?  Because security is inconvenient.

Imagine a Linux distribution that installs by default in a fairly
locked-down fashion:  All network daemons are turned off initially.
All lines in /etc/inetd.conf are initially commented out.  There are
no CGI scripts in the system cgi-bin directory.  /etc/hosts.deny has
everything disabled, and /etc/hosts.allow initially allows localhost
only.  Most services that require suid-root binaries aren't even
installed.  Even root-owned libraries aren't installed unless crucially
needed.

The system forces all users to change passwords monthly, and doesn't
allow selection of passwords that fail quality tests.  A cron job mails 
a daily report on security-sensitive system activity, and the system
doesn't allow directing that mail to a "root" account whose may not get
read.

There's no NIS or NFS.  (They're security weak points.)  The network
daemons installed -- even though initially disabled -- are chosen for
their minimal, conservative nature, rather than for full functionality:
E.g., you have exim or postfix instead of sendmail, pftpd instead of 
wuftpd or proftpd, and boa instead of Apache.

The system installation forces the user to compile a new kernel from
recent kernel revisions, and (somehow) forces the user to compile a 
monolithic kernel instead of a modular one.

The installer also forces installation and configuration of AIDE
(Tripwire's successor), OpenSSH, GNUPG, and COPS.  COPS is run monthly
by cron job.  "telnetd" is present only as a symlink to sshd.

This distribution would default to a fairly secure state, but (1) would
be a pain in the ass for non-paranoid sysadmins to deal with, and (2) 
would appear to trail the competition in any checklist comparison of 
features.

So, the distributions don't do this because they can't afford to.
That's why they ship with over-featured network daemons like wuftpd and
proftpd instead of more-modest, more-secure alternatives, and why they
make it easy to shoot system security in the foot -- because to do
otherwise would be to deprive people of what they think they want.

-- 
Cheers,                Linux:  It is now safe to turn on your computer.
Rick Moen
rick (at) linuxmafia.com

_______________________________________________
Buug mailing list
Buug at weak.org
http://www.weak.org/mailman/listinfo/buug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://buug.org/pipermail/buug/attachments/20000214/9f066222/attachment.html>


More information about the buug mailing list