Groups | Search | Server Info | Login | Register
Groups > linux.debian.security > #6426
| From | Michael Lazin <microlaser@gmail.com> |
|---|---|
| Newsgroups | linux.debian.security, linux.debian.doc |
| Subject | Re: Resurrecting the Securing Debian Manual |
| Date | 2025-06-09 18:40 +0200 |
| Message-ID | <KVNHr-9o79-3@gated-at.bofh.it> (permalink) |
| References | <KVNxM-9o43-7@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
Cross-posted to 2 groups.
[Multipart message — attachments visible in raw view] - view raw
I am usually radio silent on this list but this project is interesting to
me because I have 11 years of experience doing forensics in a purely Debian
environment. I am not a full stack developer, I can script in bash and
python but this is not enough to contribute to code. Contributing to this
manual is in my set of skills and I would like to help with this project.
Thank you,
Michael Lazin
.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.
On Mon, Jun 9, 2025 at 12:21 PM Noah Meyerhans <noahm@debian.org> wrote:
> Hi all. The Securing Debian Manual (the harden-doc package) is
> woefully out of date and doesn't provide accurate guidance for
> operating modern software in the current threat landscape. I'd like
> to begin the task of updating it to reflect current best practice and
> to document current tools and technologies.
>
> Most basically, I wonder if folks think this is a worthy idea. The
> landscape has changed significantly since harden-doc was first
> written. Default configurations don't require as much hardening, and
> there are lots more available resources. Maybe harden-doc has
> stagnated because there's no real need for it?
>
> Assuming we do revive the doc, here are some ideas of what I'd like to
> do with the document. I'd like to also get feedback, ideas, and
> contributions from others interested in the topic.
>
> 1. More background information on principles such as:
> a. Threat modeling
> b. Defense in depth
> c. Least privilege
> 2. Modern server deployment practices, such as:
> a. Sandboxing (with systemd, containers, etc)
> b. Image-based deployments, including cloud
> c. Update deployment strategies for large fleets
> 3. Data privacy:
> a. VPNs, wireguard, etc
> b. Disk encryption
> 4. Workstation best practices, including:
> a. Ssh key generation and handling
> b. Basic browser hygine
> c. Password managers and other password hygine
>
> My inclination is to primarily focus on general principles rather than
> try to document specific settings in specific packages, as in the
> current document's Chapter 5 ("Securing services running on your
> system"). It'll make sense to document some approaches to safe usage of
> the most common software (firefox, openssh, etc), but I don't believe
> that it's feasible to provide useful advice for a meaningful subset of
> Debian packages.
>
> Should we maybe consider maintaining this document on wiki.debian.org,
> rather than being a centrally maintained document? The wiki may scale
> better to multiple contributors, leading to better content and more
> active maintenance.
>
> If you've got ideas for other topics, I'd love to hear them.
>
> noah
>
>
Back to linux.debian.security | Previous | Next — Previous in thread | Next in thread | Find similar
Resurrecting the Securing Debian Manual Noah Meyerhans <noahm@debian.org> - 2025-06-09 18:30 +0200
Re: Resurrecting the Securing Debian Manual Michael Lazin <microlaser@gmail.com> - 2025-06-09 18:40 +0200
Re: Resurrecting the Securing Debian Manual Holger Levsen <holger@layer-acht.org> - 2025-06-09 18:50 +0200
Re: Resurrecting the Securing Debian Manual Holger Levsen <holger@layer-acht.org> - 2025-06-11 12:10 +0200
Re: Resurrecting the Securing Debian Manual Holger Levsen <holger@layer-acht.org> - 2025-06-11 18:50 +0200
Re: Resurrecting the Securing Debian Manual Jeffrey Chimene <jeff@systasis.co> - 2025-06-09 19:10 +0200
Re: Resurrecting the Securing Debian Manual Rob Ward <pocketapocketa@protonmail.com> - 2025-06-09 19:20 +0200
Re: Resurrecting the Securing Debian Manual Vladislav Kurz <vladislav.kurz@webstep.net> - 2025-06-09 22:10 +0200
Re: Resurrecting the Securing Debian Manual "Dave P." <dprowseus@gmail.com> - 2025-06-10 15:20 +0200
Re: Resurrecting the Securing Debian Manual Javier Fernandez-Sanguino <jfs@debian.org> - 2025-06-10 22:10 +0200
Re: Resurrecting the Securing Debian Manual Noah Meyerhans <noahm@debian.org> - 2025-06-10 23:00 +0200
Re: Resurrecting the Securing Debian Manual Javier Fernandez-Sanguino <jfs@debian.org> - 2025-06-11 00:00 +0200
Re: Resurrecting the Securing Debian Manual debianmailinglists.hz5zm@simplelogin.com - 2025-06-11 08:30 +0200
Re: Resurrecting the Securing Debian Manual "Dave P." <dprowseus@gmail.com> - 2025-06-11 16:50 +0200
Re: Resurrecting the Securing Debian Manual debianmailinglists.hz5zm@simplelogin.com - 2025-06-10 19:50 +0200
csiph-web