[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ A ] [ B ] [ C ] [ D ] [ E ] [ F ] [ next ]

Securing Debian Manual
Chapter 1 - Introduction


One of the hardest things about writing security documents is that every case is unique. Two things you have to pay attention to are the threat environment and the security needs of the individual site, host, or network. For instance, the security needs of a home user are completely different from a network in a bank. While the primary threat a home user needs to face is the script kiddie type of cracker, a bank network has to worry about directed attacks. Additionally, the bank has to protect their customer's data with arithmetic precision. In short, every user has to consider the tradeoff between usability and security/paranoia.

Note that this manual only covers issues relating to software. The best software in the world can't protect you if someone can physically access the machine. You can place it under your desk, or you can place it in a hardened bunker with an army in front of it. Nevertheless the desktop computer can be much more secure (from a software point of view) than a physically protected one if the desktop is configured properly and the software on the protected machine is full of security holes. Obviously, you must consider both issues.

This document just gives an overview of what you can do to increase the security of your Debian GNU/Linux system. If you have read other documents regarding Linux security, you will find that there are common issues which might overlap with this document. However, this document does not try to be the ultimate source of information you will be using, it only tries to adapt this same information so that it is meaningful to a Debian GNU/Linux system. Different distributions do some things in different ways (startup of daemons is an usual example); here, you will find material which is appropriate for Debian's procedures and tools.

If you have comments, additions or suggestions, please mail them to Javier Fernández-Sanguino (alternate address: jfs@debian.org) and they will be incorporated into this manual.


1.1 Download the manual

You can download or view the newest version of the Securing Debian Manual from the Debian Documentation Project. Feel free to check out the version control system through its CVS server.

You can download also a text version from the Debian Documentation's Project site. Other formats, like PDF, are not (yet) provided. However, you can download or install the harden-doc package which provides this same document in HTML, txt and PDF formats.


1.2 Organizational Notes/Feedback

Now to the official part. At the moment I (Alexander Reelsen) wrote most paragraphs of this manual, but in my opinion this should not stay the case. I grew up and live with free software, it is part of my everyday use and I guess yours, too. I encourage everybody to send me feedback, hints additions or any other suggestions, you might have.

If you think, you can maintain a certain section or paragraph better, then write to the document maintainer and you are welcome to do it. Especially if you find a section marked as FIXME, that means the authors did not have the time yet or the needed knowledge about the topic, drop them a mail immediately.

The topic of this manual makes it quite clear that it is important to keep it up to date, and you can do your part. Please contribute.


1.3 Prior knowledge

The installation of Debian GNU/Linux is not very difficult and you should have been able to install it. If you already have some knowledge about Linux or other Unices and you are a bit familiar with basic security, it will be easier to understand this manual, as this document cannot explain every little detail of a feature (otherwise this would have been a book instead of a manual). If you are not that familiar, however, you might want to take a look at Be aware of general security problems, Section 2.2 for where to find more in-depth information.


1.4 Things that need to be written (FIXME/TODO)


1.5 Changelog/History


1.5.1 Version 2.5 (august 2002)

Changes by Javier Fernández-Sanguino Peña (me). There were many things waiting on my inbox (as far back as february) to be included, so I'm going to tag this the back from honeymoon release :)


1.5.2 Version 2.4

Changes by Javier Fernández-Sanguino Peña.


1.5.3 Version 2.3

Changes by Javier Fernández-Sanguino Peña.


1.5.4 Version 2.3

Changes by Javier Fernández-Sanguino Peña.


1.5.5 Version 2.2

Changes by Javier Fernández-Sanguino Peña.


1.5.6 Version 2.1

Changes by Javier Fernández-Sanguino Peña.


1.5.7 Version 2.0

Changes by Javier Fernández-Sanguino Peña. I wanted to change to 2.0 when all the FIXMEs were, er, fixed but I run out of 1.9X numbers :(


1.5.8 Version 1.99

Changes by Javier Fernández-Sanguino Peña.


1.5.9 Version 1.98

Changes by Javier Fernández-Sanguino Peña.


1.5.10 Version 1.97

Changes by Javier Fernández-Sanguino Peña.


1.5.11 Version 1.96

Changes by Javier Fernández-Sanguino Peña.


1.5.12 Version 1.95

Changes by Javier Fernández-Sanguino Peña.


1.5.13 Version 1.94

Changes by Javier Fernández-Sanguino Peña.


1.5.14 Version 1.93

Changes by Javier Fernández-Sanguino Peña.


1.5.15 Version 1.92

Changes by Javier Fernández-Sanguino Peña.


1.5.16 Version 1.91

Changes by Javier Fernández-Sanguino Peña.


1.5.17 Version 1.9

Changes by Javier Fernández-Sanguino Peña.


1.5.18 Version 1.8

Changes by Javier Fernández-Sanguino Peña.


1.5.19 Version 1.7

Changes by Era Eriksson.

Changes by Javier Fernández-Sanguino Peña.


1.5.20 Version 1.6

Changes by Javier Fernández-Sanguino Peña.


1.5.21 Version 1.5

Changes by Josip Rodin and Javier Fernández-Sanguino Peña.


1.5.22 Version 1.4


1.5.23 Version 1.3


1.5.24 Version 1.2


1.5.25 Version 1.1


1.5.26 Version 1.0


1.6 Credits and Thanks!


[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ A ] [ B ] [ C ] [ D ] [ E ] [ F ] [ next ]

Securing Debian Manual

2.5 (beta) 29 augusti 2002Sat, 17 Aug 2002 12:23:36 +0200
Javier Fernández-Sanguino Peña jfs@computer.org