Source: harden
Section: admin
Priority: extra
Maintainer: Ola Lundqvist <opal@debian.org>
Build-Depends-Indep: perl
Build-Depends: debhelper (>> 4.1.16), po-debconf
Standards-Version: 3.7.2

Package: harden
Architecture: all
Depends: harden-environment, harden-servers, ${misc:Depends}, debconf (>= 1.2.0)
Recommends: harden-tools
Suggests: sudo, harden-clients, harden-nids, harden-remoteaudit, harden-surveillance, harden-doc
Description: Makes your system hardened
 This package is intended to help the administrator to improve the security
 of the system, or at least make the host less susceptible.
 .
 NOTE! This package will not make your system uncrackable, and it is not
 intended to do so. Making your system secure involves a LOT more than just
 installing a package. You are recommended to read at least some documents
 in addition to installing this package.
 .
 There is a LOT of information available on making your system more secure.
 A good place to start is with the harden-doc package or at
 http://www.debian.org/doc/manuals/securing-debian-howto/

Package: harden-servers
Architecture: all
Depends: ${misc:Depends}, debconf (>= 1.2.0)
Conflicts: ${harden:Conflicts}
Description: Avoid servers that are known to be insecure
 Harden-servers gives the administrator an easy way to avoid servers that are
 insecure in some sense. It conflicts with: servers that need passwords in
 plaintext, packages that can give someone access to the local host without
 permission, and packages that give system information to remote users.
 .
 NOTE! This package will not make your system uncrackable, and it is
 not intended to do so. Making your system secure involves a LOT
 more than just installing a package.
 .
 For more information on how to secure your system see:
 http://www.debian.org/doc/manuals/securing-debian-howto/

Package: harden-clients
Architecture: all
Depends: ${misc:Depends}, debconf (>= 1.2.0)
Conflicts: ${harden:Conflicts}
Suggests: openssh-client
Description: Avoid clients that are known to be insecure
 Harden-clients gives the administrator an easy way to avoid installing
 clients that are insecure in some sense. It conflicts with: clients that need
 to send passwords in plaintext, and packages that can give someone access to
 the local host without permission.
 .
 NOTE! This package will not make your system uncrackable, and it is
 not intended to do so. Making your system secure involves a LOT
 more than just installing a package.
 .
 For more information on how to secure your system see:
 http://www.debian.org/doc/manuals/securing-debian-howto/

Package: harden-surveillance
Architecture: all
Depends: nagios3 | nagios2 | nagios | netsaint
Description: Check services and/or servers automatically
 This package helps you to install tools for active network surveillance.
 Surveillance is the process of constant monitoring of networks and
 services to check that they work as expected.

Package: harden-development
Architecture: all
Recommends: rats
Description: Development tools for creating more secure programs
 This package helps you to install tools that can be useful in order
 to create better programs in the context of security.
 .
 Such tools need knowledge from the program author so it will not
 automatically make your programs better.

Package: harden-tools
Architecture: all
Suggests: john, gnupg, bastille, tiger
Description: Tools to enhance or analyze the security of the local system
 Harden-tools helps you to install tools that the administrator can
 use to enhance the security of the local system in some way.
 .
 NOTE! This package will not make your system uncrackable, and it is
 not intended to do so. Making your system secure involves a LOT
 more than just installing a package.
 .
 For more information on how to secure your system see:
 http://www.debian.org/doc/manuals/securing-debian-howto/

Package: harden-environment
Architecture: all
Depends: debsums | samhain | integrit | tripwire | aide | ids, sash | osh
Recommends: logcheck, checksecurity
Suggests: harden-nids, sudo, debsums, samhain, integrit, tripwire, aide, ids, sash, osh, libsafe
Description: Hardened system environment
 Harden-environment provides a hardened system environment, or at least
 helps the administrator to configure such an environment.
 .
 Right now this includes packages for local intrusion detection.
 .
 NOTE! This package will not make your system uncrackable, and it is
 not intended to do so. Making your system secure involves a LOT
 more than just installing a package.
 .
 For more information on how to secure your system see:
 http://www.debian.org/doc/manuals/securing-debian-howto/

Package: harden-nids
Architecture: all
Depends: snort | ntop
Recommends: logcheck
Description: Harden a system by using a network intrusion detection system
 This package helps you to install a network intrusion detection system.
 A network intrusion detection system is a tool that analyzes network
 packets and logs anomalies or known crack attempts.
 .
 NOTE! Network intrusion detection systems do not find all attempts to
 crack your system. They can also be pretty hard to set up so please
 read more about this before you start the process.

Package: harden-remoteaudit
Architecture: all
Depends: openvas-server
Priority: optional
Suggests: openvas-client, nagios3, dsniff, harden-nids, ettercap
Description: Audit your remote systems from this host
 This package helps you to install a set of tools to check remote systems,
 sniff for passwords and more. Observe that this kind of activity can be
 illegal so you have to check if you are authorized to do so in the environment
 where you install this package.
 .
 You can check exploits, sniff for passwords and similar things.
 .
 Nessus note: You have to have the nessus client installed on some host. The
 client is provided by the 'nessus' package. You can install it on the same
 host but that is not necessary.
 .
 NOTE! This package includes packages that can damage the system that
 you audit. It should ONLY be used to audit hosts, networks or systems
 that you are allowed to audit. I repeat: it can damage the hosts that are
 checked. You have been warned!