<!-- CVS revision of this document "$Revision: 1.74 $"  -->

<chapt>Introduction
<p>
One of the hardest things about writing security documents is that every case
is unique. Two things you have to pay attention to are the threat environment
and the security needs of the individual site, host, or network. For instance,
the security needs of a home user are completely different from a network in a
bank. While the primary threat a home user needs to face is the script kiddie
type of cracker, a bank network has to worry about directed attacks. 
Additionally, the bank has to protect their customer's data with arithmetic 
precision. In short, every user has to consider the trade-off between
usability and security/paranoia.
<!-- Is this metaphor really appropriate? Sounds like rounding errors to me, 
era -->
<p>
Note that this manual only covers issues relating to software. 
The best software in the world can't protect you if someone can physically
access the machine. You can place it under your desk, or you can place
it in a hardened bunker with an army in front of it. Nevertheless the
desktop computer can be much more secure (from a software point of view)
than a physically protected one if the desktop is configured properly and
the software on the protected machine is full of security holes.
Obviously, you must consider both issues.

<p>This document just gives an overview of what you can do 
to increase the security of your Debian GNU/Linux
system. If you have read other documents regarding Linux security, you
will find that there are common issues which might overlap with this
document. However, this document does not try to be the ultimate source
of information you will be using, it only tries to adapt this same
information so that it is meaningful to a Debian GNU/Linux system.
Different distributions do some things in different ways (startup of
daemons is one example); here, you will find material which is
appropriate for Debian's procedures and tools.
<!-- 
# Does this approximate the intent of the original author? (FIXME: check)
# Original text said: "you will find here [sic] a different approach,
# using Debian's tools, regarding security." era
-->
<!-- IMHO yes, jfs -->

<sect id="authors">Authors

<p>The current maintainer of this document is <url name="Javier
Fernndez-Sanguino Pea" id="mailto:jfs@debian.org">. Please forward him
any comments, additions or suggestions, and they will be
considered for inclusion in future releases of this manual.

<p>This manual was started as a <em>HOWTO</em> by <url name="Alexander
Reelsen" id="mailto:ar@rhwd.de">. After it was published on the
Internet, <url name="Javier Fernndez-Sanguino Pea"
id="mailto:jfs@debian.org"> incorporated it into the <url name="Debian
Documentation Project" id="http://www.debian.org/doc">. A number of
people have contributed to this manual (all contributions are listed
in the changelog) but the following deserve special mention since they
have provided significant contributions (full sections, chapters or
appendices):

<list>
<item>Stefano Canepa
<item>Era Eriksson
<item>Carlo Perassi
<item>Alexandre Ratti
<item>Jaime Robles
<item>Yotam Rubin
<item>Frederic Schutz
<item>Pedro Zorzenon Neto
<item>Oohara Yuuma
<item>Davor Ocelic
</list>

<sect>Where to get the manual (and available formats)
<p>
You can download or view the latest version of the Securing Debian
Manual from the <url name="Debian Documentation Project"
id="http://www.debian.org/doc/manuals/securing-debian-howto/">. 
If you are reading a copy from another site, please check
the primary copy in case it provides new information. If you are reading
a translation, please review the version the translation refers to to
the latest version available. If you find that the version is behind
please consider using the original copy or review the
<ref id="changelog"> to see what has changed.

<!-- Note to translators: adjust the en.txt to XX.txt where XX is your 
     language code -->
<p>If you want a full copy of the manual you can either download the <url
id="http://www.debian.org/doc/manuals/securing-debian-howto/securing-debian-howto.en.txt"
name="text version"> 
or the <url id="http://www.debian.org/doc/manuals/securing-debian-howto/securing-debian-howto.en.pdf"
name="PDF version"> from the Debian Documentation Project's site. These versions might
be more useful if you intend to copy the document over to a portable device for
offline reading or you want to print it out. Be forewarned, the manual is over
two hundred pages long and some of the code fragments, due to the formatting
tools used, are not wrapped in the PDF version and might be printed incomplete.

<p>The document is also provided in text, html and PDF formats in the
<url id="http://packages.debian.org/harden-doc" name="harden-doc"> package.
Notice, however, that the package maybe not be completely up to date with the
document provided on the Debian site (but you can always use the source
package to build an updated version yourself).

<p>You can also check out the changes introduced in the document by
reviewing its version control logs through its <url
name="CVS server"
id="http://cvs.debian.org/ddp/manuals.sgml/securing-howto/?cvsroot=debian-doc">.


<sect>Organizational notes/feedback
<p>
Now to the official part. At the moment I (Alexander Reelsen) wrote
most paragraphs of this manual, but in my opinion this should not stay
the case. I grew up and live with free software, it is part of my
everyday use and I guess yours, too. I encourage everybody to send me
feedback, hints, additions or any other suggestions you might have.

<p>
If you think, you can maintain a certain section or paragraph better,
then write to the document maintainer and you are welcome to do it.
Especially if you find a section marked as FIXME, that means the
authors did not have the time yet or the needed knowledge about the
topic. Drop them a mail immediately.

<p>
The topic of this manual makes it quite clear that it is important to
keep it up to date, and you can do your part. Please contribute.

<sect>Prior knowledge
<p>
The installation of Debian GNU/Linux is not very difficult and you
should have been able to install it. If you already have some
knowledge about Linux or other Unices and you are a bit familiar with
basic security, it will be easier to understand this manual, as this
document cannot explain every little detail of a feature (otherwise
this would have been a book instead of a manual). If you are not that
familiar, however, you might want to take a look at <ref
id="references"> for where to find more in-depth information.


<sect>Things that need to be written (FIXME/TODO)

<p>This section describes all the things that need to be fixed in this
manual. Some paragraphs include <em>FIXME</em> or <em>TODO</em> tags
describing what content is missing (or what kind of work needs to be
done). The purpose of this section is to describe all the things that
could be included in the future in the manual, or enhancements that
need to be done (or would be interesting to add).

<p>If you feel you can provide help in contributing content fixing any
element of this list (or the inline annotations), contact the main
author (<ref id="authors">).


<list>

<item>Expand the incident response information, maybe add some ideas
derived from Red Hat's Security Guide's
<url id="http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/security-guide/ch-response.html" name="chapter on incident response">.

<item>Write about remote monitoring tools (to check for system
availability) such as <package>monit</package>, <package>daemontools</package>
and <package>mon</package>. See <url
id="http://linux.oreillynet.com/pub/a/linux/2002/05/09/sysadminguide.html">.

<item>Consider writing a section on how to build Debian-based network
appliances (with information such as the base system,
<package>equivs</package> and FAI).

<item>Check if 
<url id="http://www.giac.org/practical/gsec/Chris_Koutras_GSEC.pdf"> has
relevant info not yet covered here.

<item>Add information on how to set up a laptop with Debian
<url id="http://www.giac.org/practical/gcux/Stephanie_Thomas_GCUX.pdf">.

<item>Add information on how to set up a firewall using Debian
GNU/Linux. The section regarding firewalling is oriented currently
towards a single system (not protecting others...) also talk on how
to test the setup.

<item>Add information on setting up a proxy firewall with Debian GNU/Linux 
stating specifically which packages provide proxy services (like 
<package>xfwp</package>, 
<package>ftp-proxy</package>, <package>redir</package>, 
<package>smtpd</package>,
<package>dnrd</package>, <package>jftpgw</package>, <package>oops</package>, 
<package>pdnsd</package>, <package>perdition</package>, 
<package>transproxy</package>, <package>tsocks</package>). Should point to the 
manual for any other info. Note that <package>zorp</package> is now 
available as a Debian package and <em>is</em> a proxy firewall 
(they also provide Debian packages upstream).

<item>Information on service configuration with file-rc.

<item>Check all the reference URLs and remove/fix those no longer available.

<item>Add information on available replacements (in Debian) for common
servers which are useful for limited functionality. Examples: 
<list>
<item>local lpr with cups (package)?
<item>remote lrp with lpr
<item>bind with dnrd/maradns
<item>apache with dhttpd/thttpd/wn (tux?)
<item>exim/sendmail with ssmtpd/smtpd/postfix
<item>squid with tinyproxy
<item>ftpd with oftpd/vsftp
<item>...
</list>

<item>More information regarding security-related kernel patches in
Debian, including the ones shown above and
specific information on how to enable these patches in a Debian system.
<list>
<item>Linux Intrusion Detection (<package>kernel-patch-2.4-lids</package>)
<item>Linux Trustees (in package <package>trustees</package>)
<item><url name="NSA Enhanced Linux" id="http://wiki.debian.org/SELinux">
<item><package>linux-patch-openswan</package>
</list>

<item>Details of turning off unnecessary network services (besides 
<prgn>inetd</prgn>), it is partly in the hardening procedure but could be 
broadened a bit.

<item>Information regarding password rotation which is closely related
to policy.

<item>Policy, and educating users about policy.

<item>More about tcpwrappers, and wrappers in general?

<item><file>hosts.equiv</file> and other major security holes.

<item>Issues with file sharing servers such as Samba and NFS? 

<item>suidmanager/dpkg-statoverrides.

<item>lpr and lprng.

<item>Switching off the GNOME IP things.

<item>Talk about pam_chroot (see <url id="http://lists.debian.org/debian-security/2002/debian-security-200205/msg00011.html">)
and its usefulness to limit users. Introduce information related to
<url id="http://online.securityfocus.com/infocus/1575">.
<package>pdmenu</package>, for example is available in Debian (whereas
flash is not).

<item>Talk about chrooting services, some more info on
<url id="http://www.linuxfocus.org/English/January2002/article225.shtml">.
<!-- no longer available
<url id="http://www.nuclearelephant.com/papers/chroot.html">,  and
<url id="http://www.linuxsecurity.com/feature_stories/feature_story-99.html">.
                             -->

<item>Talk about programs to make chroot jails. <package>compartment</package>
and <package>chrootuid</package> are waiting in incoming. Some others
(makejail, jailer) could also be introduced.

<!-- FIXME: No longer available in that URL
<item>Add information provided by Karl Hegbloom regarding chrooting 
Bind 9, see <url id="http://people.pdxlinux.org/~karlheg/Secure_Bind9_uHOWTO/Secure_Bind_9_uHOWTO.xhtml">.
-->

<!-- No longer relevant
<item>Add information provided by Pedro Zornenon to chrooting Bind 8 only for 
potato though :(, see 
<url id="http://people.debian.org/~pzn/howto/chroot-bind.sh.txt"> (include the 
whole script?).
-->

<item>More information regarding log analysis software (i.e. logcheck
and logcolorise).

<item>'advanced' routing (traffic policing is security related).

<item>limiting <prgn>ssh</prgn> access to running certain commands.

<item>using dpkg-statoverride.

<item>secure ways to share a CD burner among users.

<item>secure ways of providing networked sound in addition to network
display capabilities (so that X clients' sounds are played on the X
server's sound hardware).

<item>securing web browsers.

<item>setting up ftp over <prgn>ssh</prgn>.

<item>using crypto loopback file systems.

<item>encrypting the entire file system.

<item>steganographic tools.

<item>setting up a PKA for an organization.

<item>using LDAP to manage users. There is a HOWTO of ldap+kerberos
for Debian at <url id="http://www.bayour.com"> written by Turbo Fredrikson.

<item>How to remove information of reduced utility in production systems
such as <file>/usr/share/doc</file>, <file>/usr/share/man</file> (yes, security by obscurity).

<item>More information on lcap based on the packages README file
(well, not there yet, see
<url id="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=169465"
name="Bug #169465">) and from the article from LWN:
<url id="http://lwn.net/1999/1202/kernel.php3"
name="Kernel development">.

<item>Add Colin's article on how to setup a chroot environment for a full 
sid system (<url id="http://people.debian.org/~walters/chroot.html">).

<item>Add information on running multiple <prgn>snort</prgn> sensors in a given
system (check bug reports sent to <package>snort</package>).

<item>Add information on setting up a honeypot (<package>honeyd</package>).

<item>Describe situation wrt to FreeSwan (orphaned) and OpenSwan.
VPN section needs to be rewritten.

<item>Add a specific section about databases, current installation defaults
and how to secure access.

<item>Add a section about the usefulness of virtual servers (Xen et al).

<item>Explain how to use some integrity checkers (AIDE, integrit or samhain).
The basics are simple and could even explain some configuration improvements.


</list>

<sect id="changelog">Changelog/History

<sect1>Version 3.14 (March 2009)

<p>Changes by Javier Fernndez-Sanguino Pea.

<list>

<item>Change the section related to choosing a filesystem: note that ext3 is
now the default.

<item>Change the name of the packages related to enigmail to reflect naming
changes introduced in Debian.

</list>

<sect1>Version 3.13 (Februrary 2008)

<p>Changes by Javier Fernndez-Sanguino Pea.

<list>

<item>Change URLs pointing to Bastille Linux since the domain has been 
<url id="http://www.bastille-unix.org/press-release-newname.html" name="purchased by a cybersquatter">.

<item>Fix pointers to Linux Ramen and Lion worms.

<item>Use linux-image in the examples instead of the (old) kernel-image packages.

<item>Fix typos spotted by Francesco Poli.

</list>

<sect1>Version 3.12 (August 2007)

<p>Changes by Javier Fernndez-Sanguino Pea.

<list>

<item>Update the information related to security updates. Drop the text talking
about Tiger and include information on the update-notifier and adept tools (for Desktops) as well as debsecan. Also include some pointers to other tools
available.

<item>Divide the firewall applications based on target users and add fireflier to the Desktop firewall applications list.

<item>Remove references to libsafe, it's not in the archive any longer (was
removed January 2006).

<item>Fix the location of syslog's configuration, thanks to John Talbut.

</list>

<sect1>Version 3.11 (January 2007)

<p>Changes by Javier Fernndez-Sanguino Pea. Thanks go to Francesco Poli for
his extensive review of the document.

<list>

<item>Remove most references to the woody release as it is no longer available
(in the archive) and security support for it is no longer available.

<item>Describe how to restrict users so that they can only do file transfers.
<item>Added a note regarding the debian-private declasiffication decision.
<item>Updated link of incident handling guides.
<item>Added a note saying that development tools (compilers, etc.) are not 
installed now in the default 'etch' installation.
<item>Fix references to the master security server.
<item>Add pointers to additional APT-secure documentation.
<item>Improve the description of APT signatures.
<item>Comment out some things which are not yet final related to the mirror's
official public keys.
<item>Fixed name of the Debian Testing Security Team.
<item>Remove reference to sarge in an example.
<item>Update the antivirus section, clamav is now available on the release.
      Also mention the f-prot installer.
<item>Removes all references to freeswan as it is obsolete.
<item>Describe issues related to ruleset changes to the firewall if done
    remotely and provide some tips (in footnotes).
<item>Update the information related to the IDS installation, mention BASE
      and the need to setup a logging database.
<item>Rewrite the "running bind as a non-root user" section as this no longer
      applies to Bind9. Also remove the reference to the init.d script since
      the changes need to be done through /etc/default.
<item>Remove the obsolete way to setup iptables rulesets as woody is no longer
      supported.
<item>Revert the advice regarding LOG_UNKFAIL_ENAB it should be set to
      'no' (as per default).
<item>Added more information related to updating the system with desktop
      tools (including update-notifier) and describe aptitude usage to update
      the system. Also note that dselect is deprecated.
<item>Updated the contents of the FAQ and remove redundant paragraphs.
<item>Review and update the section related to forensic analysis of
      malware.
<item>Remove or fix some dead links.
<item>Fix many typos and gramatical errors reported by Francesco Poli.

</list>

<sect1>Version 3.10 (November 2006)
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>

<item>Provide examples using apt-cache's rdepends as suggested by Ozer Sarilar.

<item>Fix location of Squid's user's manual because of its relocation as notified
by Oskar Pearson (its maintainer).

<item>Fix information regarding umask, it's logins.defs (and not limits.conf)
where this can be configured for all login connections. Also state what
is Debian's default and what would be a more restrictive value for both
users and root. Thanks to Reinhard Tartler for spotting the bug.

</list>

<sect1>Version 3.9 (October 2006)
<p>Changes by Javier Fernndez-Sanguino Pea.

<list>

<item>Add information on how to track security vulnerabilities and add
references to the Debian Testing Security Tracker.

<item>Add more information on the security support for testing.

<item>Fix a large number of typos with a patch provided by Simon Brandmair.

<item>Added section on how to disable root prompt on initramfs provided by Max
Attems.

<item>Remove references to queso.

<item>Note that testing is now security-supported in the introduction.

</list>

<sect1>Version 3.8 (July 2006)
<p>Changes by Javier Fernndez-Sanguino Pea.

<list>

<item>Rewrote the information on how to setup ssh chroots to clarify the
different options available, thank to Bruce Park for bringing up the
different mistakes in this appendix.

<item>Fix lsof call as suggested by Christophe Sahut.

<item>Include patches for typo fixes from Uwe Hermann.

<item>Fix typo in reference spotted by Moritz Naumann.

</list>

<sect1>Version 3.7 (April 2006)
<p>Changes by Javier Fernndez-Sanguino Pea.

<list>
<item>Add a section on Debian Developer's best practices for security.

<item>Ammended firewall script with comments from WhiteGhost.

</list>

<sect1>Version 3.6 (March 2006)
<p>Changes by Javier Fernndez-Sanguino Pea.

<list>
<item>Included a patch from Thomas Sjgren which describes that <tt>noexec</tt> works 
as expected with "new" kernels, adds information regarding tempfile handling, and
some new pointers to external documentation.

<item>Add a pointer to Dan Farmer's and Wietse Venema's forensic discovery web
site, as suggested by Freek Dijkstra, and expanded a little bit the forensic
analysis section with more pointers.

<item>Fixed URL of Italy's CERT, thanks to Christoph Auer.

<item>Reuse Joey Hess' information at the wiki on secure apt and introduce it
in the infrastructure section.

<item>Review sections referring to old versions (woody or potato).

<item>Fix some cosmetic issues with patch from Simon Brandmair.

<item>Included patches from Carlo Perassi: acl patches are obsolete,
openwall patches are obsolete too, removed fixme notes about 2.2 and 2.4 series
kernels, hap is obsolete (and not present in WNPP), remove references
to Immunix (StackGuard is now in Novell's hands), and fix a FIXME
about the use of bsign or elfsign.

<item>Updated references to SElinux web pages to point to the Wiki (currently
the most up to date source of information).

<item>Include file tags and make a more consistent use of "MD5 sum" with a patch
from Jens Seidel.

<item>Patch from Joost van Baal improving the information on the firewall section
(pointing to the wiki instead of listing all firewall packages available) (Closes: #339865).

<item>Review the FAQ section on vulnerability stats, thanks to Carlos Galisteo de Cabo
for pointing out that it was out of date.

<item>Use the quote from the Social Contract 1.1 instead of 1.0 as suggested by
Francesco Poli.

</list>

</sect1>

<sect1>Version 3.5 (November 2005)
<p>Changes by Javier Fernndez-Sanguino Pea.

<list>
<item>Note on the SSH section that the chroot will not work if using the nodev option
in the partition and point to the latest ssh packages with the chroot patch, thanks
to Lutz Broedel for pointing these issues out.

<item>Fix typo spotted by Marcos Roberto Greiner (md5sum should be sha1sum in code snippet).

<item>Included Jens Seidel's patch fixing a number of package names and typos.

<item>Slightly update of the tools section, removed tools no longer available and
added some new ones.

<item>Rewrite parts of the section related to where to find this document and
what formats are available (the website does provide a PDF version). Also note
that copies on other sites and translations might be obsolete (many of the
Google hits for the manual in other sites are actually out of date).

</list>

<sect1>Version 3.4 (August-September 2005)
<p>Changes by Javier Fernndez-Sanguino Pea.

<list>

<item>Improved the after installation security enhancements related to
kernel configuration for network level protection with a sysctl.conf
file provided by Will Moy.

<item>Improved the gdm section, thanks to Simon Brandmair.

<item>Typo fixes from Frdric Bothamy and Simon Brandmair.

<item>Improvements in the after installation sections related to
how to generate the MD5 (or SHA-1) sums of binaries for periodic review.

<item>Updated the after installation sections regarding checksecurity
configuration (was out of date).

</list>

<sect1>Version 3.3 (June 2005)
<p>Changes by Javier Fernndez-Sanguino Pea.

<list>

<item>Added a code snippet to use grep-available to generate the list
of packages depending on Perl. As requested in #302470.

<item>Rewrite of the section on network services (which ones are
installed and how to disable them).

<item>Added more information to the honeypot deployment section
mentioning useful Debian packages.

</list>

<sect1>Version 3.2 (March 2005)
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Expanded the PAM configuration limits section. 
<item>Added information on how to use pam_chroot for openssh (based on
pam_chroot's README).
<item>Fixed some minor issues reported by Dan Jacobson.
<item>Updated the kernel patches information partially based on a patch
from Carlo Perassi and also by adding deprecation notes and new kernel
patches available (adamantix).
<item>Included patch from Simon Brandmair that fixes a sentence related
to login failures in terminal.
<item>Added Mozilla/Thunderbird to the valid GPG agents as suggested by
Kapolnai Richard.
<item>Expanded the section on security updates mentioning library and
kernel updates and how to detect when services need to be restarted.
<item>Rewrote the firewall section, moved the information that applies
to woody down and expand the other sections including some information
on how to manually set the firewall (with a sample script) and how
to test the firewall configuration.
<item>Added some information preparing for the 3.1 release.
<item>Added more detailed information on kernel upgrades, specifically
targeted at those that used the old installation system.
<item>Added a small section on the experimental apt 0.6 release which
provides package signing checks. Moved old content to the section
and also added a pointer to changes made in aptitude.
<item>Typo fixes spotted by Frdric Bothamy.
</list>

<sect1>Version 3.1 (January 2005)
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Added clarification to ro /usr with patch from Joost van Baal.
<item>Apply patch from Jens Seidel fixing many typos.
<item>FreeSWAN is dead, long live OpenSWAN.
<item>Added information on restricting access to RPC services (when
they cannot be disabled) also included patch provided by Aarre Laakso.
<item>Update aj's apt-check-sigs script.
<item>Apply patch Carlo Perassi fixing URLs.
<item>Apply patch from Davor Ocelic fixing many errors, typos, urls, grammar
and FIXMEs. Also adds some additional information to some sections.
<item>Rewrote the section on user auditing, highlight the usage of script
which does not have some of the issues associated to shell history.
</list>

<sect1>Version 3.0 (December 2004)
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Rewrote the user-auditing information and include examples on how
to use script.
</list>

<sect1>Version 2.99 (March 2004)

<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Added information on references in DSAs and CVE-Compatibility.
<item>Added information on apt 0.6 (apt-secure merge in experimental).
<item>Fixed location of Chroot daemons HOWTO as suggested by Shuying Wang.
<item>Changed APACHECTL line in the Apache chroot example (even if its
not used at all) as suggested by Leonard Norrgard.
<item>Added a footnote regarding hardlink attacks if partitions are
not setup properly.
<item>Added some missing steps in order to run bind as named as
provided by Jeffrey Prosa.
<item>Added notes about Nessus and Snort out-of-dateness in woody
 and availability of backported packages.
<item>Added a chapter regarding periodic integrity test checks.
<item>Clarified the status of testing regarding security updates
(Debian bug 233955).
<item>Added more information regarding expected contents in securetty
(since it's kernel specific).
<item> Added pointer to snoopylogger (Debian bug 179409).
<item> Added reference to guarddog (Debian bug 170710).
<item> <prgn>apt-ftparchive</prgn> is in <package>apt-utils</package>, not in <package>apt</package> (thanks to 
Emmanuel Chantreau for pointing this out).
<item>Removed jvirus from AV list.
</list>
</sect1>

<sect1>Version 2.98 (December 2003)
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Fixed URL as suggested by Frank Lichtenheld.
<item>Fixed PermitRootLogin typo as suggested by  Stefan Lindenau.
</list>

</sect1>
<sect1>Version 2.97 (September 2003)
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>

<item>Added those that have made the most significant contributions to
this manual (please mail me if you think you should be in the list and
are not).

<item>Added some blurb about FIXME/TODOs.

<item>Moved the information on security updates to the beginning of
the section as suggested by Elliott Mitchell.

<item>Added grsecurity to the list of kernel-patches for security but
added a footnote on the current issues with it as suggested by Elliott
Mitchell.

<item>Removed loops (echo to 'all') in the kernel's network security
script as suggested by Elliott Mitchell.

<item>Added more (up-to-date) information in the antivirus section.

<item>Rewrote the buffer overflow protection section and added more
information on patches to the compiler to enable this kind of
protection.

</list>


<sect1>Version 2.96 (August 2003)
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Removed (and then re-added) appendix on chrooting Apache. The appendix
is now dual-licensed.
</list>

<sect1>Version 2.95 (June 2003)
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Fixed typos spotted by Leonard Norrgard.
<item>Added a section on how to contact CERT for incident handling
(<url id="#after-compromise">).
<item>More information on setting up a Squid proxy.
<item>Added a pointer and removed a FIXME thanks to Helge H. F.
<item>Fixed a typo (save_inactive) spotted by  Philippe Faes.
<item>Fixed several typos spotted by Jaime Robles.
</list>

<sect1>Version 2.94 (April 2003)
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Following Maciej Stachura's suggestions I've expanded the section on
limiting users.
<item>Fixed typo spotted by Wolfgang Nolte.
<item>Fixed links with patch contributed by Ruben Leote Mendes.
<item>Added a link to David Wheeler's excellent document on the footnote
about counting security vulnerabilities.
</list>

<sect1>Version 2.93 (March 2003)
<p>Changes made by  Frdric Schtz.
<list>
<item>rewrote entirely the section of ext2 attributes
(lsattr/chattr).
</list>

<sect1>Version 2.92 (February 2003)
<p>Changes by Javier Fernndez-Sanguino Pea and
Frdric Schtz.
<list>
<item>Merge section 9.3 ("useful kernel patches") into section 4.13 ("Adding
   kernel patches"), and added some content.
<item>Added a few more TODOs.
<item>Added information on how to manually check for updates and also about
cron-apt. That way Tiger is not perceived as the only way to do automatic
update checks.
<item>Slightly rewrite of the section on executing a security updates due
to Jean-Marc Ranger comments.
<item>Added a note on Debian's installation (which will suggest the user
to execute a security update right after installation).
</list>

<sect1>Version 2.91 (January/February 2003)
<p>Changes by Javier Fernndez-Sanguino Pea (me).
<list>
<item>Added a patch contributed by Frdric Schtz.
<item>Added a few more references on capabilities thanks to Frdric.
<item>Slight changes in the bind section adding a reference to BIND's 9
online documentation and proper references in the first area (Hi Pedro!).
<item>Fixed the changelog date - new year :-).
<item>Added a reference to Colin's articles for the TODOs.
<item>Removed reference to old ssh+chroot patches.
<item>More patches from Carlo Perassi.
<item>Typo fixes (recursive in Bind is recursion), pointed out by 
Maik Holtkamp.
</list>

<sect1>Version 2.9 (December 2002)
<p>Changes by Javier Fernndez-Sanguino Pea (me).
<list>
<item>Reorganized the information on chroot (merged two sections, it
didn't make much sense to have them separated).
<item>Added the notes on chrooting Apache provided by Alexandre Ratti.
<item>Applied patches contributed by Guillermo Jover.
</list>

<sect1>Version 2.8 (November 2002)
<p>Changes by Javier Fernndez-Sanguino Pea (me).
<list>
<item>Applied patches from Carlo Perassi, fixes include: re-wrapping the
lines, URL fixes, and fixed some FIXMEs.
<item>Updated the contents of the Debian security team FAQ.
<item>Added a link to the Debian security team FAQ and the Debian Developer's
reference, the duplicated sections might (just might) be removed in the future.
<item>Fixed the hand-made auditing section with comments from Michal Zielinski.
<item>Added links to wordlists (contributed by Carlo Perassi).
<item>Fixed some typos (still many around).
<item>Fixed TDP links as suggested by John Summerfield.
</list>

<sect1>Version 2.7 (October 2002)
<p>Changes by Javier Fernndez-Sanguino Pea (me).  Note: I still
have a lot of pending changes in my mailbox (which is currently
about 5 Mbs in size).
<list>
<item>Some typo fixes contributed by Tuyen Dinh, Bartek Golenko and 
Daniel K. Gebhart.
<item>Note regarding /dev/kmem rootkits contributed by Laurent Bonnaud.
<item>Fixed typos and FIXMEs contributed by Carlo Perassi.
</list>

<sect1>Version 2.6 (September 2002)
<p>Changes by Chris Tillman, tillman@voicetrak.com. 
<list>
<item>Changed around to improve grammar/spelling.
<item>s/host.deny/hosts.deny/ (1 place).
<item>Applied Larry Holish's patch (quite big, fixes a lot of FIXMEs).
</list>

<sect1>Version 2.5 (September 2002)
<p>Changes by Javier Fernndez-Sanguino Pea (me). 
<list>
<item>Fixed minor typos submitted by Thiemo Nagel.
<item>Added a footnote suggested by Thiemo Nagel.
<item>Fixed an URL link.
</list>

<sect1>Version 2.5 (August 2002)

<p>Changes by Javier Fernndez-Sanguino Pea (me). There were many
things waiting on my inbox (as far back as February) to be included,
so I'm going to tag this the <em>back from honeymoon</em> release :).

<list>

<item>Applied a patch contributed by Philipe Gaspar regarding the
Squid which also kills a FIXME.

<item>Yet another FAQ item regarding service banners taken from the
debian-security mailing list (thread "Telnet information" started 26th
July 2002).

<item>Added a note regarding use of CVE cross references in the
<em>How much time does the Debian security team...</em> FAQ item.


<item>Added a new section regarding ARP attacks contributed by Arnaud
"Arhuman" Assad.

<item>New FAQ item regarding dmesg and console login by the kernel. 

<item>Small tidbits of information to the signature-checking issues in
packages (it seems to not have gotten past beta release).

<item>New FAQ item regarding vulnerability assessment tools false
positives.

<item>Added new sections to the chapter that contains information on
package signatures and reorganized it as a new <em>Debian Security
Infrastructure</em> chapter.

<item>New FAQ item regarding Debian vs. other Linux distributions.

<item>New section on mail user agents with GPG/PGP functionality in the
security tools chapter.

<item>Clarified how to enable MD5 passwords in woody, added a pointer
to PAM as well as a note regarding the max definition in PAM.

<item>Added a new appendix on how to create chroot environments (after
fiddling a bit with makejail and fixing, as well, some of its bugs),
integrated duplicate information in all the appendix. 

<item>Added some more information regarding <PRGN>SSH</PRGN> chrooting and its
impact on secure file transfers.  Some information has been retrieved
from the debian-security mailing list (June 2002 thread: <em>secure
file transfers</em>).

<item>New sections on how to do automatic updates on Debian systems as
well as the caveats of using testing or unstable regarding security updates.

<item>New section regarding keeping up to date with security patches
in the <em>Before compromise</em> section as well as a new section
about the debian-security-announce mailing list.

<item>Added information on how to automatically generate strong passwords.

<item>New section regarding login of idle users.

<item>Reorganized the securing mail server section based on the
<em>Secure/hardened/minimal Debian (or "Why is the base system the way
it is?")</em> thread on the debian-security mailing list (May 2002).

<item>Reorganized the section on kernel network parameters, with
information provided in the debian-security mailing list (May 2002,
<em>syn flood attacked?</em> thread) and added a new FAQ item as well.

<item>New section on how to check users passwords and which packages
to install for this.

<item>New section on PPTP encryption with Microsoft clients discussed
in the debian-security mailing list (April 2002).

<item>Added a new section describing what problems are there when binding any 
given service to a specific IP address, this information was written based on 
the Bugtraq mailing list in the thread: <em>Linux kernel 2.4 "weak end host" 
issue (previously discussed on debian-security as "arp problem")</em> (started 
on May 9th 2002 by Felix von Leitner).

<item>Added information on <prgn>ssh</prgn> protocol version 2.

<item>Added two subsections related to Apache secure configuration
(the things specific to Debian, that is).

<item>Added a new FAQ related to raw sockets, one related to /root, an
item related to users' groups and another one related to log and
configuration files permissions.

<item>Added a pointer to a bug in libpam-cracklib that might still be
open... (need to check).

<item>Added more information regarding forensics analysis (pending more 
information on packet inspection tools such as <prgn>tcpflow</prgn>).

<item>Changed the "what should I do regarding compromise" into a bullet
list and included some more stuff.

<item>Added some information on how to set up the Xscreensaver to lock
the screen automatically after the configured timeout.

<item>Added a note related to the utilities you should not install in
the system. Included a note regarding Perl and why it cannot be
easily removed in Debian. The idea came after reading Intersect's
documents regarding Linux hardening.

<item>Added information on lvm and journalling file systems, ext3
recommended. The information there might be too generic, however. 

<item>Added a link to the online text version (check).

<item>Added some more stuff to the information on firewalling the
local system, triggered by a comment made by Hubert Chan in the mailing list.

<item>Added more information on PAM limits and pointers to Kurt
Seifried's documents (related to a post by him to Bugtraq on April 4th
2002 answering a person that had ``discovered'' a vulnerability in
Debian GNU/Linux related to resource starvation).

<item>As suggested by Julin Muoz, provided more information on the
default Debian umask and what a user can access if he has been given a
shell in the system (scary, huh?).

<item>Included a note in the BIOS password section due to a comment
from Andreas Wohlfeld.

<item>Included patches provided by Alfred E. Heggestad fixing many of
the typos still present in the document.

<item>Added a pointer to the changelog in the Credits section since
most people who contribute are listed here (and not there).

<item>Added a few more notes to the chattr section and a new section
after installation talking about system snapshots. Both ideas were
contributed by Kurt Pomeroy.

<item>Added a new section after installation just to remind users to
change the boot-up sequence.

<item>Added some more TODO items provided by Korn Andras.

<item>Added a pointer to the NIST's guidelines on how to secure DNS
provided by Daniel Quinlan.

<item>Added a small paragraph regarding Debian's SSL certificates
infrastructure.

<item>Added Daniel Quinlan's suggestions regarding <prgn>ssh</prgn> 
authentication and exim's relay configuration.

<item>Added more information regarding securing bind including changes
suggested by Daniel Quinlan and an appendix with a script to make some of the
changes commented on in that section.

<item>Added a pointer to another item regarding Bind chrooting (needs to be 
merged).

<item>Added a one liner contributed by Cristian Ionescu-Idbohrn to
retrieve packages with tcpwrappers support.

<item>Added a little bit more info on Debian's default PAM setup.

<item>Included a FAQ question about using PAM to provide services without
shell accounts.

<item>Moved two FAQ items to another section and added a new FAQ
regarding attack detection (and compromised systems).

<item>Included information on how to set up a bridge firewall
(including a sample Appendix). Thanks to Francois Bayart who sent
this to me in March.

<item>Added a FAQ regarding the syslogd's <em>MARK</em>
<em>heartbeat</em> from a question answered by Noah Meyerhans and
Alain Tesio in December 2001.

<item>Included information on buffer overflow protection as well as
some information on kernel patches.

<item>Added more information (and reorganized) the firewall
section. Updated the information regarding the iptables package and
the firewall generators available.

<item>Reorganized the information regarding log checking, moved
logcheck information from host intrusion detection to that section.

<item>Added some information on how to prepare a static package for
bind for chrooting (untested).

<item>Added a FAQ item regarding some specific servers/services 
(could be expanded with some of the
recommendations from the debian-security list).

<item>Added some information on RPC services (and when it's necessary).

<item>Added some more information on capabilities (and what lcap does). 
Is there any good documentation on this? I haven't found any documentation on 
my 2.4 kernel.

<item>Fixed some typos.

</list>

<sect1>Version 2.4
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Rewritten part of the BIOS section.
</list>

<sect1>Version 2.3
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Wrapped most file locations with the file tag.
<item>Fixed typo noticed by Edi Stojicevi.
<item>Slightly changed the remote audit tools section.
<item>Added some todo items.
<item>Added more information regarding printers and cups config file
(taken from a thread on debian-security).
<item>Added a patch submitted by Jesus Climent regarding access of
valid system users to Proftpd when configured as anonymous server.
<item>Small change on partition schemes for the special case of mail
servers.
<item>Added Hacking Linux Exposed to the books section.
<item>Fixed directory typo noticed by Eduardo Prez Ureta.
<item>Fixed /etc/ssh typo in checklist noticed by Edi Stojicevi.
</list>
<sect1>Version 2.3
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Fixed location of dpkg conffile.
<item>Remove Alexander from contact information.
<item>Added alternate mail address.
<item>Fixed Alexander mail address (even if commented out).
<item>Fixed location of release keys (thanks to Pedro Zorzenon for pointing 
this out).
</list>
<sect1>Version 2.2
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Fixed typos, thanks to Jamin W. Collins.
<item>Added a reference to apt-extracttemplate manpage
(documents the APT::ExtractTemplate config).
<item>Added section about restricted SSH. Information based on that
posted by  Mark Janssen, Christian G. Warden and Emmanuel Lacour on
the debian-security mailing list.
<item>Added information on antivirus software.
<item>Added a FAQ: su logs due to the cron running as root.
</list>
<sect1>Version 2.1
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Changed FIXME from lshell thanks to Oohara Yuuma.
<item>Added package to sXid and removed comment since it *is* available.
<item>Fixed a number of typos discovered by Oohara Yuuma.
<item>ACID is now available in Debian (in the acidlab package)
 thanks to Oohara Yuuma for noticing.
<item>Fixed LinuxSecurity links (thanks to Dave Wreski for telling).
</list>
<sect1>Version 2.0
<p>Changes by Javier Fernndez-Sanguino Pea. I wanted to 
change to 2.0 when all the FIXMEs were fixed but I ran out
of 1.9X numbers :(.
<list>
<item>Converted the HOWTO into a Manual (now I can properly say RTFM).

<item>Added more information regarding tcp wrappers and Debian (now
many services are compiled with support for them so it's no longer
an <prgn>inetd</prgn> issue).

<item>Clarified the information on disabling services to make it more
consistent (rpc info still referred to update-rc.d).

<item>Added small note on lprng.

<item>Added some more info on compromised servers (still very rough).

<item>Fixed typos reported by Mark Bucciarelli.

<item>Added some more steps in password recovery to cover the cases
when the admin has set paranoid-mode=on.

<item>Added some information to set paranoid-mode=on when login in
console.

<item>New paragraph to introduce service configuration.

<item>Reorganized the <em>After installation</em> section so it is
more broken up into several issues and it's easier to read.

<item>Wrote information on how to set up firewalls with the standard
Debian 3.0 setup (iptables package).

<item>Small paragraph explaining why installing connected to the
Internet is not a good idea and how to avoid this using Debian tools.

<item>Small paragraph on timely patching referencing to IEEE paper.

<item>Appendix on how to set up a Debian snort box, based on what Vladimir
sent to the debian-security mailing list (September 3rd 2001).

<item>Information on how logcheck is set up in Debian and how it can be
used to set up HIDS.

<item>Information on user accounting and profile analysis.

<item>Included apt.conf configuration for read-only /usr copied from Olaf
Meeuwissen's post to the debian-security mailing list.

<item>New section on VPN with some pointers and the packages available
in Debian (needs content on how to set up the VPNs and Debian-specific
issues), based on Jaroslaw Tabor's and Samuli Suonpaa's post to
debian-security.

<item>Small note regarding some programs to automatically build chroot jails.

<item>New FAQ item regarding identd based on a discussion in the
debian-security mailing list (February 2002, started by Johannes Weiss).

<item>New FAQ item regarding <prgn>inetd</prgn> based on a discussion in the
debian-security mailing list (February 2002).

<item>Introduced note on rcconf in the "disabling services" section.

<item>Varied the approach regarding LKM, thanks to Philipe Gaspar.

<item>Added pointers to CERT documents and Counterpane resources.
</list>

<sect1>Version 1.99
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Added a new FAQ item regarding time to fix security vulnerabilities.
<item>Reorganized FAQ sections.
<item>Started writing a section regarding firewalling in Debian GNU/Linux
(could be broadened a bit).
<item>Fixed typos sent by Matt Kraai.
<item>Fixed DNS information.
<item>Added information on whisker and nbtscan to the auditing section.
<item>Fixed some wrong URLs.
</list>
<sect1>Version 1.98
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Added a new section regarding auditing using Debian GNU/Linux.
<item>Added info regarding finger daemon taken from the security mailing list.
</list>
<sect1>Version 1.97
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Fixed link for Linux Trustees.
<item>Fixed typos (patches from Oohara Yuuma and Pedro Zorzenon).
</list>

<sect1>Version 1.96
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>

<item>Reorganized service installation and removal and added some new notes.

<item>Added some notes regarding using integrity checkers as intrusion
detection tools.

<item>Added a chapter regarding package signatures.

</list>

<sect1>Version 1.95
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>

<item>Added notes regarding Squid security sent by Philipe Gaspar.

<item>Fixed rootkit links thanks to Philipe Gaspar.

</list>

<sect1>Version 1.94
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>

<item>Added some notes regarding Apache and Lpr/lpng.

<item>Added some information regarding noexec and read-only partitions.

<item>Rewrote how users can help in Debian security issues (FAQ item).
</list>

<sect1>Version 1.93
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>

<item>Fixed location of mail program.

<item>Added some new items to the FAQ.
</list>

<sect1>Version 1.92
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>

<item>Added a small section on how Debian handles security.

<item>Clarified MD5 passwords (thanks to `rocky').

<item>Added some more information regarding harden-X from Stephen van Egmond.

<item>Added some new items to the FAQ.

</list>

<sect1>Version 1.91
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>

<item>Added some forensics information sent by Yotam Rubin.

<item>Added information on how to build a honeynet using Debian GNU/Linux.

<item>Added some more TODOS.

<item>Fixed more typos (thanks Yotam!).

</list>

<sect1>Version 1.9
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>

<item>Added patch to fix misspellings and some new information (contributed
by Yotam Rubin).

<item>Added references to other online (and offline) documentation both in a 
section (see <ref id="references">) by itself and inline in some sections.

<item>Added some information on configuring Bind options to restrict
access to the DNS server.

<item>Added information on how to automatically harden a Debian system
(regarding the harden package and bastille).

<item>Removed some done TODOs and added some new ones.

</list>

<sect1>Version 1.8
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>

<item>Added the default user/group list provided by Joey Hess to the
debian-security mailing list.

<item>Added information on LKM root-kits (<ref id="LKM">)
 contributed by Philipe Gaspar.

<item>Added information on Proftp contributed by Emmanuel Lacour. 

<item>Recovered the checklist Appendix from Era Eriksson.

<item>Added some new TODO items and removed other fixed ones.

<item>Manually included Era's patches since they were not all included in 
the previous version.

</list>
<sect1>Version 1.7
<p>Changes by Era Eriksson.
<list>
<item>Typo fixes and wording changes.
</list>
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Minor changes to tags in order to keep on removing the tt tags
and substitute prgn/package tags for them.
</list>

<sect1>Version 1.6 
<p>Changes by Javier Fernndez-Sanguino Pea.
<list>
<item>Added pointer to document as published in the DDP (should
supersede the original in the near future).
<item>Started a mini-FAQ
(should be expanded) with some questions recovered from my mailbox.
<item>Added general information to consider while securing.
<item>Added a paragraph regarding local (incoming) mail delivery.
<item>Added some pointers to more information.  
<item>Added information regarding the printing service.  
<item>Added a security hardening checklist.  
<item>Reorganized NIS and RPC information.
<item>Added some notes taken while reading this document on my new
Visor :).
<item>Fixed some badly formatted lines.  
<item>Fixed some typos.  
<item>Added a Genius/Paranoia idea contributed by Gaby
Schilders.
</list>
<sect1>Version 1.5 

<p>Changes by Josip Rodin and Javier Fernndez-Sanguino Pea.

<list>
<item>Added paragraphs related to BIND and some FIXMEs.  <!-- Removed
this because I found no evidence for it in the diffs. // era Rewrote
style in order to make it more formal.  -->
</list>
<sect1>Version 1.4
<p>
<list>
<item>Small setuid check paragraph <item>Various minor cleanups.
<item>Found out how to use <tt>sgml2txt -f</tt> for the txt
version.
</list>

<sect1>Version 1.3
<p>
<list>
<item>Added a security update after installation paragraph.
<item>Added a proftpd paragraph.
<item>This time really wrote something about XDM, sorry for last time.
</list>

<sect1>Version 1.2
<p>
<list>
<item>Lots of grammar corrections by James Treacy, new XDM
paragraph.
</list>

<sect1>Version 1.1
<p>
<list>
<item>Typo fixes, miscellaneous additions.
</list>

<sect1>Version 1.0
<p>
<list>
<item>Initial release.
</list>

<sect id="credits">Credits and thanks!
<p>
<list>
<item>Alexander Reelsen wrote the original document. 

<item>Javier Fernndez-Sanguino added more info to the original doc.

<item>Robert van der Meulen provided the quota paragraphs and many good ideas.

<item>Ethan Benson corrected the PAM paragraph and had some good ideas.

<item>Dariusz Puchalak contributed some information to several
chapters.

<item>Gaby Schilders contributed a nice Genius/Paranoia idea.

<item>Era Eriksson smoothed out the language in a lot of
places and contributed the checklist appendix.

<item>Philipe Gaspar wrote the LKM information.

<item>Yotam Rubin contributed fixes for many typos as well
as information regarding bind versions and MD5 passwords.

<item>Francois Bayart provided the appendix describing how to set up a bridge
firewall.

<item>Joey Hess wrote the section describing how Secure Apt works on the <url
id="http://wiki.debian.org/SecureApt" name="Debian Wiki">.

<item>Martin F. Krafft wrote some information on his blog regarding fingerprint
verification which was also reused for the Secure Apt section.

<item>Francesco Poli did an extensive review of the manual and provided quite a
lot of bug reports and typo fixes which improved and helped update  the
document.

<item>All the people who made suggestions for improvements that
(eventually) were included here (see <ref id="changelog">).

<item>(Alexander) All the folks who encouraged me to write this HOWTO
(which was later turned into a manual).

<item>The whole Debian project.
</list>