New security packages available
I have just commited to the incoming queue som new packages I wanted the
security
people in the list to be aware of (and also the security team)
- Bastille for Debian GNU/Linux (see http://www.bastille-linux.org). I
have adapted it so it *works* in Debian and bastions (hardens?) correctly
a Debian system. Somethings are yet lacking (automatically patch security
updates). But my goal was to first fix it and then introduce the measures
I outline in the "Securing Debian Manual" (BTW contributions on these
document are welcome :)
- Tiger for Debian GNU/Linux. Tiger is a pretty old system scanner that
checks for security vulnerabilities in UNIX systems, it was (some years
ago) adapted for RedHat. I have added some new features (md5sums
checking like debsums, checking of files not owned by packages) the
"coolest" is to check for insecure packages. I have made this check
using the information on Debian's WWW (the webml sources) parsing it
with a perl script and making a database of insecure packages that tiger
later on checks against.
- Easy Firewall generation programs: easyfw and firewall-easy
- New integrity checkers (currently tripwire and aide were available):
integrit and samhain
- Security Documentation: The Linux Security Knowledge Base (available at
http://www.securityfocus.com/lksb/) for offline reading.
Also, I sent a new update of the Debian Security Manual the week before
going on vacation (did I mention I did these while on vacation? :)
Best regards
Javier Fernández-Sanguino Peña
PD: Packages are available at
http://www.dat.etsit.upm.es/~jfs/debian/ENVIAR and should (hopefully) be
currently available in Debian too.
Reply to: