[ Abstract ] [ Copyright Notice ] [ Contents ] [ next ]

Securing Debian HOWTO
Chapter 1 Introduction

One of the hardest things about writing security documents is that every case is unique. Two things you have to pay attention to are the threat environment and the security needs of the individual site, host, or network. For instance, the security needs of a home user are completely different from a network in a bank. While the primary threat a home user needs to face is the script kiddie type of cracker, a bank network has to worry about directed attacks. Additionally, the bank has to protect their customer's data with arithmetic precision. In short, every user has to consider the tradeoff between usability and security/paranoia.

Note that this HOWTO only covers issues relating to software. The best software in the world can't protect you if someone can physically access the machine. You can place it under your desk, or you can place it in a hardened bunker with an army in front of it. Nevertheless the desktop computer can be much more secure (from a software point of view) than a physically protected one if the desktop is configured properly and the software on the protected machine is full of security holes. Obviously, you must consider both issues.

This document just gives an overview of what you can do to increase the security of your Debian GNU/Linux system. If you have read other documents regarding Linux security, you will find that there are common issues which might overlap with this document. However, this document does not try to be the ultimate source of information you will be using, it only tries to adapt this same information so that it is meaningful to a Debian GNU/Linux system. Different distributions do some things in different ways (startup of daemons is an usual example); here, you will find material which is appropriate for Debian's procedures and tools.

If you have comments, additions or suggestions, please mail them to Alexander Reelsen and Javier Fernández-Sanguino and they will be incorporated into this HOWTO.

1.1 Download the HOWTO

You can download or view the newest version of the Securing Debian HOWTO from the Debian Documentation Project. Feel free to check out the version control system through its CVS server.

1.2 Organizational Notes/Feedback

Now to the official part. At the moment I (Alexander Reelsen) wrote most paragraphs of this HOWTO, but in my opinion this should not stay the case. I grew up and live with free software, it is part of my everyday use and I guess yours, too. I encourage everybody to send me feedback, hints additions or any other suggestions, you might have.

If you think, you can maintain a certain section or paragraph better, then write to the document maintainer and you are welcome to do it. Especially if you find a section marked as FIXME, that means the authors did not have the time yet or the needed knowledge about the topic, drop them a mail immediately.

The topic of this HOWTO makes it quite clear that it is important to keep it up to date, and you can do your part. Please contribute.

1.3 Prior knowledge

The installation of Debian GNU/Linux is not very difficult and you should have been able to install it. If you already have some knowledge about Linux or other Unices and you are a bit familiar with basic security, it will be easier to understand this HOWTO, as this document cannot explain every little detail of a feature (otherwise this would have been a book instead of a HOWTO). If you are not that familiar, however, you might want to take a look at Be aware of general security problems, Section 2.2 for where to find more in-depth information.

1.4 Things that need to be written (TODO)

1.5 Changelog

1.5.1 Version 1.93

Changes by Javier Fernández-Sanguino Peña.

1.5.2 Version 1.92

Changes by Javier Fernández-Sanguino Peña.

1.5.3 Version 1.91

Changes by Javier Fernández-Sanguino Peña.

1.5.4 Version 1.9

Changes by Javier Fernández-Sanguino Peña.

1.5.5 Version 1.8

Changes by Javier Fernández-Sanguino Peña.

1.5.6 Version 1.7

Changes by Era Eriksson.

Changes by Javier Fernández-Sanguino Peña.

1.5.7 Version 1.6

Changes by Javier Fernández-Sanguino Peña.

1.5.8 Version 1.5

Changes by Josip Rodin and Javier Fernández-Sanguino Peña.

1.5.9 Version 1.4

1.5.10 Version 1.3

1.5.11 Version 1.2

1.5.12 Version 1.1

1.5.13 Version 1.0

1.6 Credits

[ Abstract ] [ Copyright Notice ] [ Contents ] [ next ]
Securing Debian HOWTO
v1.93 20 November 2001Tue, 13 Nov 2001 15:54:35 +0100
Javier Fernández-Sanguino Peña jfs@computer.org