What are the real vulnerabilities of Ubuntu?

This is a nice article :

What are the real vulnerabilities of Linux?
http://www.newsforge.com/article.pl?sid=04/12/01/2329229

I would like to know more about SELinux and Ubuntu
http://www.ubuntulinux.org/wiki/HoaryGoals
SELinux - Needs proof of concept derivative

I would like firestarter in ubuntu main and installed by default in hoary

I would like to know if the security settings of the default install of hoary are going to be equal to those generated by hardening scripts like Bastille (rendering them largely useless)

There would be no point to having Firestarter around, because we don't have any open ports by default. So you could have it running if you wanted to feel better, but there's nothing for anyone to connect to anyway. Efforts like Firestarter and Bastille have been based around the idea of securing already-running services, instead of just not running them and having them publicly visible anyway.

There would be no point to having Firestarter around, because we don't have any open ports by default. So you could have it running if you wanted to feel better, but there's nothing for anyone to connect to anyway. Efforts like Firestarter and Bastille have been based around the idea of securing already-running services, instead of just not running them and having them publicly visible anyway.
okay cool

What is your opinion about SElinux and Ubuntu? And how's the progress if any ?

I would like firestarter in ubuntu main and installed by default in hoary Just think about all the people we'd have in here and the Wiki and the IRC channel pleading about 'why is my bittorrent so slow' or 'why can't I connect to such-and-such an XDCC bot?' I agree with daniels; let those who are interested in the firewall get it themselves. For everyone else, it's probably more trouble than it's worth to solve all of the problems it will cause.

Just think about all the people we'd have in here and the Wiki and the IRC channel pleading about 'why is my bittorrent so slow' or 'why can't I connect to such-and-such an XDCC bot?' I agree with daniels; let those who are interested in the firewall get it themselves. For everyone else, it's probably more trouble than it's worth to solve all of the problems it will cause.
True. I tend to forget my own plees about making stuff easy for the average-desktop-user. I tend to forget people don't even understand the easy interface of firestarter. Lot's of people don't understand anything about firewalls. It's a good thing we don't really need them in Ubuntu.

Daniel, I disagree about firestarter. The way you guys configured debconf, all newly installed daemons will listen on all interfaces, so as soon as you start apt-getting apache and stuff, you'll start getting open ports!


I like using Firestarter to prevent me from doing something really stupid, like leaving samba open on the wrong interface! LOL

Daniel, I disagree about firestarter. The way you guys configured debconf, all newly installed daemons will listen on all interfaces, so as soon as you start apt-getting apache and stuff, you'll start getting open ports!


I like using Firestarter to prevent me from doing something really stupid, like leaving samba open on the wrong interface! LOL
It's a matter of choice :Ubuntu more secure against Ubuntu easier. I think I was to naive in my assumption everyone would understand firestarter.

I think all nerds who are going to run services/deamons like apache will be smart enough to install a firewall like firestarter. But maybe we have to create an Ubuntu security guide or something for these kinds of things.

yeah. Warty does come with quite a recent version of Firestarter, too.

(not daring to mention backports in a security forum, lol)

Question for Ubuntu Developers :

What is your opinion about SElinux and Ubuntu? And how's the progress if any ?

well , you can have a little option in the install... asking (security ----> or ease of use)... so newbs can pick ease of use & gurus... security...

well , you can have a little option in the install... asking (security ----> or ease of use)... so newbs can pick ease of use & gurus... security...
computing should be easy AND secure

computing should be easy AND secure
Agreed, and I think the current Ubuntu installation is the ultimate balence between security and ease of use. Many factors lead me to say this, the fact that there are no dangerous daemons like ssh listening to any ports by default, and root is effectively disabled and only used by default, reducing the risks associated with leaving a root xterm open and such.

There would be no point to having Firestarter around, because we don't have any open ports by default. So you could have it running if you wanted to feel better, but there's nothing for anyone to connect to anyway. Efforts like Firestarter and Bastille have been based around the idea of securing already-running services, instead of just not running them and having them publicly visible anyway.

Can you guys set debconf to NOT put newly installed daemons in the default runlevel? I think that should be a conscious, self-made decision. (or prompt the user, like you can make sarge do)

It's not a debconf thing -- we'd need to change either update-rc.d, or change debhelper and then rebuild every package (rebuilding every package will not happen; if it gets rebuilt due to a new version, cool).

Well, can we do one of the two for Hoary? I know that my old Debian Sarge installation prompted me before enabling a Daemon.

I'll check it out.