Date: Wed, 2 Jun 1999 22:22:10 +0200 (CEST) From: Rik van Riel <riel@nl.linux.org> To: securelinux@reseau.nl Subject: [Secure Linux] distribution goals Hi, After a few days of discussion I think we can distill a general feeling of where we want the distribution to go and how we'd like to get there. I have made a short list of thinks I think are important and other things I've seen on the list. I'd really like some comments on this list, and after we're done with that we should start working. (things I just made up are marked with +, they can be removed at will :-) Distribution goals: - create a secure distribution for server systems + integrate (web) server functionality that isn't in other (end-user) systems yet - make sure even moderately advanced admins are able to keep the system both secure and functional Methods: - use a more secure kernel (Solar Designer's patches, maybe rsbac) - remove unsafe system parts - start from a minimal distribution (minimal Debian??) - use strong cryptography where needed - signed packages + use stackguard bounds-checking compiler - secure replacements for unsafe system programs (postfix vs sendmail) - carefully weigh security against fuctionality + include documentation to educate our users of the risks involved in every step they take :) If I forgot anything, or if you'd like one of these points removed, please tell us quickly. We probably should start working on the distribution RSN... regards, Rik -- Open Source: you deserve to be in control of your data. +-------------------------------------------------------------------+ | Le Reseau netwerksystemen BV: http://www.reseau.nl/ | | Linux Memory Management site: http://www.linux.eu.org/Linux-MM/ | | Nederlandse Linux documentatie: http://www.nl.linux.org/ | +-------------------------------------------------------------------+