Embedded Files
By default, Debian, including Debian sarge (minimal install) actually installed a large numbers of development tools. Having these tools available means anyone can program and compile inside that system. This section guides you on how to keep the installed packages minimal.
Identified Threats
Identified Threats
These are the identified threats related to Debian Software.
(T13) Debian Installed Development Tools by Default
(T13) Debian Installed Development Tools by Default
Development tools are not used in production system allows attacker to do privilege escalation, to run local exploits in the system if there is a debugger and compiler ready to compile and test them.
Actions Required
Actions Required
Here are the list if actions to counter the issues.
Remove Unused Development Tools
Remove Unused Development Tools
Development tools like:
Package Size------------------------+--------gdb 2,766,822gcc-X.X 1,570,284dpkg-dev 166,800libcX-dev 2,531,564cpp-X.X 1,391,346manpages-dev 1,081,408flex 257,678g++ 1,384 (Note: virtual package)linux-kernel-headers 1,377,022bin86 82,090cpp 29,446gcc 4,896 (Note: virtual package)g++-X.X 1,778,880bison 702,830make 366,138libstdc++X-X.X-dev 774,982Should be uninstalled from a production system. This way, intruder cannot use production system as a development tools. Be careful with:
- Python
- Perl
As these are not easily removed and can easily break the operating system upon removal, one must thread lightly.
That's all for hardening Debian by having minimal software installed into the operating system.
Page updated
Google Sites
Report abuse