Securing Debian is not very different from securing any other system; in order to do it properly, you must first decide what do you intend to do with it. After this, you will have to consider that the following tasks need to be taken care of if you want a really secure system.
You will find that this manual is written from the bottom up, that is, you will read some information on tasks to do before, during and after the installation of your Debian system is made. The tasks can also be thought of as:
The following manual does not (usually) go into the details on why some issues are considered security risks. However, you might want to have a better background regarding general UNIX and (specific) Linux security. Take some time to read over security related documents in order to take informed decisions when you are encountered with different choices. Debian GNU/Linux is based on the Linux kernel, so much of the information regarding Linux, as well as from other distributions and general UNIX security also apply to it (even if the tools used, or the programs available, differ).
Some useful documents include:
Linux Security HOWTO(also available at
LinuxSecurity) is one of the best references regarding general Linux Security.
Security Quick-Start HOWTO for Linuxis also a very good starting point for novice users (both to Linux and security).
Linux Security Administrator's Guide(provided in Debian through the
lasgpackage) is a complete guide that touches all the issues related to security in Linux, from kernel security to VPNs. It is somewhat obsolete (not updated since 1999) and has been superseded by the
Linux Security Knowledge Base. This documentation is also provided in Debian through the
Securing Linux Step by Step.
Securing and Optimizing Linux: Red Hat Editionyou can find a similar document to this manual but related to Red Hat, some of the issues are not distribution-specific and also apply to Debian.
Securing your Domain HOWTO.
Secure Programs HOWTO.
Firewall HOWTOand the
IPCHAINS HOWTO(for kernels previous to 2.4).
Linux Security RefenceCard
In any case, you have more information regarding the services here explained
(NFS, NIS, SMB...) in many of the HOWTOs of the
Linuxdoc Project, some of these
documents speak on the security side of a given service, so be sure to take a
look there too.
The HOWTO documents from the Linux Documentation Project are available in
Debian GNU/Linux through the installation of the
(text version) or
doc-linux-html (html version). After
installation these documents will be available at the
/usr/share/doc/HOWTO/en-html directories, respectively.
Other recommended Linux books:
Hacking Linux ExposedBy Brian Hatch. McGraw-Hill Higher Education. ISBN 0072127732. April, 2001
Other books (which might be related to general issues regarding UNIX and security and not Linux specific):
Practical Unix and Internet Security (2nd Edition)Garfinkel, Simpson, and Spafford, Gene; O'Reilly Associates; ISBN 0-56592-148-8; 1004pp; 1996.
Some useful Web sites to keep uptodate regarding security:
Security Focusthe server that hosts the Bugtraq vulnerability database and list, and provides general security information, news and reports.
Linux Security. General information regarding Linux security (tools, news...). Most useful is the
Linux firewall and security site. General information regarding Linux firewalls and tools to control and administrate them.
Just so you have a general overview of security in Debian GNU/Linux you should take note of the different issues that Debian tackles in order to provide an overall secure system:
Debian Social Contractstates: We Won't Hide Problems We will keep our entire bug-report database open for public view at all times. Reports that users file on-line will immediately become visible to others. Security issues are discussed openly on the debian-security mailing list. Debian Security Advisories are sent to public mailing lists (both internal an external) and published on the public server.
Bugtraq, on the lookout for packages with security issues that might be included in Debian.
This same document tries to enforce, as well a better distribution security-wise, by publishing security information specific to Debian which complements other information-security documents related to the tools used by Debian or the operating system itself (see Be aware of general security problems, Section 2.2.
Securing Debian Manual2.5 (beta) 29 augusti 2002Sat, 17 Aug 2002 12:23:36 +0200