Source: harden
Section: admin
Priority: extra
Maintainer: Ola Lundqvist <opal@debian.org>
Build-Depends-Indep: debhelper (>> 3.0.0), dpsyco-devel, debiandoc-sgml, perl, texinfo, tetex-bin
Standards-Version: 3.5.2

Package: harden
Architecture: all
Depends: harden-environment, harden-servers, harden-remoteflaws, harden-localflaws, ${misc:Depends}
Recommends: harden-tools
Suggests: sudo, harden-clients, harden-nids, harden-remoteautdit, harden-surveillance
Description: Makes your system hardened.
 This package is intended to help the administrator to improve
 the security of the system, or at least make the host less susceptible.
 .
 NOTE! This package will not make your system uncrackable, and it is
 not intended to do so. Making your system secure involves a LOT
 more than just installing a package. You are recommended to read at
 least some documents in addition to installing this package. The documents
 can be found in the harden-doc package. This is of course just a start
 because there are LOT of information on how to make your system more secure.
 .
 For more information on how to secure your system see:
 http://www.debian.org/doc/manuals/securing-debian-howto/

Package: harden-servers
Architecture: all
Depends: ${misc:Depends}
Conflicts: ${harden:Conflicts}
Description: Avoid servers that are known to be insecure.
 This package is intended to give the administrator a easy option to avoid
 servers that in some sense are insecure. It can be a servers that needs
 passwords in plaintext, packages that can give someone access to the local
 host without permission, or packages that gives system information to remote
 users.
 .
 NOTE! This package will not make your system uncrackable, and it is
 not intended to do so. Making your system secure involves a LOT
 more than just installing a package.
 .
 For more information on how to secure your system see:
 http://www.debian.org/doc/manuals/securing-debian-howto/

Package: harden-clients
Architecture: all
Depends: ${misc:Depends}
Conflicts: ${harden:Conflicts}
Suggests: ssh
Description: Avoid clients that are known to be insecure.
 Harden-clients is intended to give the administrator a easy option to avoid
 clients that in some sense are insecure. It can be a client that needs to send
 passwords in plaintext, or packages that can give someone access to the local
 host without permission.
 .
 NOTE! This package will not make your system uncrackable, and it is
 not intended to do so. Making your system secure involves a LOT
 more than just installing a package.
 .
 For more information on how to secure your system see:
 http://www.debian.org/doc/manuals/securing-debian-howto/

Package: harden-doc
Architecture: all
Recommends: lskb
Suggests: lasg
Description: Useful documentation to secure a Debian system.
 Harden-doc will install documentation an administrator can use
 to make a Debian system more secure. 
 .
 The Securing Debian Manual
 from the Debian Documentation Project available at
 http://www.debian.org/doc/manuals/securing-debian-howto/
 is included with this package.

Package: harden-surveillance
Architecture: all
Depends: netsaint
Description: Check services and/or servers automaticly.
 This package help you to install tools for active network surveillance.
 Surveillance is the process of constant monitoring of networks and
 services to check that they work as expected.

Package: harden-development
Architecture: all
Recommends: rats
Description: Development tools for creating more secure programs.
 This package help you to install tools that can be useful in order
 to create better programs in the context of security.
 .
 Such tools need knowledge from the program author so it will not
 automaticly make your programs better.

Package: harden-tools
Architecture: all
Suggests: john, gnupg, bastille, tiger
Description: Tools to enhance or analyze the security of the local system.
 Harden-tools helps you to install tools that the administrator can
 use to enhance the security of the local system in some way.
 .
 NOTE! This package will not make your system uncrackable, and it is
 not intended to do so. Making your system secure involves a LOT
 more than just installing a package.
 .
 For more information on how to secure your system see:
 http://www.debian.org/doc/manuals/securing-debian-howto/

Package: harden-environment
Architecture: all
Depends: debsums | samhain | integrit | tripwire | aide | ids, sash | osh
Recommends: logcheck
Suggests: harden-nids, sudo, debsums, samhain, integrit, tripwire, aide, ids, sash, osh
Description: Hardened system environment.
 Harden-environment provides a hardened system environment, or at least
 helps the administrator to configure such an environment.
 .
 Right now this include packages for local intrusion detection.
 .
 NOTE! This package will not make your system uncrackable, and it is
 not intended to do so. Making your system secure involves a LOT
 more than just installing a package.
 .
 For more information on how to secure your system see:
 http://www.debian.org/doc/manuals/securing-debian-howto/

Package: harden-nids
Architecture: all
Depends: snort | ntop
Recommends: logcheck
Description: Harden a system by using a network intrusion detection system.
 This package help you to install a network intrusion detection system.
 Network intrusion detection systems is a tool that analyze network
 packets and log anomalies or known crack attempts.
 .
 NOTE! Network intrusion detection systems do not find all attempts to
 crack your system. The can also be pretty hard to set up so please
 read more about this before you start the process.

Package: harden-remoteaudit
Architecture: all
Depends: nessusd
Suggests: nessus, satan, netsaint, dsniff, harden-nids, idswakeup, ettercap
Description: Audit your system from this host.
 This package helps you to install a set of tools to check remote systems,
 sniff for passwords and more. Observe that this kind of activity can be
 illegal so you have to check if you are authorized to do so in the environment
 where you install this package.
 .
 You can check exploits, sniff for passwords and similar things.
 .
 Nessus note: You have to have the nessus client installed on some host. The
 client is provided by the 'nessus' package. You can install it on the same
 host but that is not necessary.
 .
 NOTE! This package includes packages that can damage the system that
 you audit. It should NOT be used on any host, network or system that you are
 not responsible for. It can also damage the hosts that are checked.
 You have been warned!

Package: harden-remoteflaws
Architecture: all
Depends: ${misc:Depends}
Conflicts: ${harden:Conflicts}
Description: Avoid packages with security holes.
 Harden-remoteflaws is intended to help the administrator to avoid packages
 that are known to have security flaws that allows a remote user access to the
 system without permission. Normally an update manages this but sometime you
 just want to check for security changes and then this package can help.
 .
 If you want to avoid packages that local users can use to compromise the
 system you should look at the harden-localflaws instead.
 .
 If you want to avoid packages that can compromise computers on 3rd parties
 you should look at the harden-3rdflaws instead.
 .
 NOTE! This package will not make your system uncrackable, and it is
 not intended to do so. Making your system secure involves a LOT
 more than just installing a package.

Package: harden-localflaws
Architecture: all
Depends: ${misc:Depends}
Conflicts: ${harden:Conflicts}
Description: Avoid packages with security holes.
 Harden-localflaws is intended to help the administrator to avoid packages that
 are known to give a local user a way to compromise the system. Normally an
 update manages this but sometime you just want to check for security changes
 and then this package can help.
 .
 If you want to avoid packages that remote users can use to compromise the
 system you should look at the harden-remoteflaws instead.
 .
 If you want to avoid packages that can compromise computers on 3rd parties
 you should look at the harden-3rdflaws instead.
 .
 NOTE! This package will not make your system uncrackable, and it is
 not intended to do so. Making your system secure involves a LOT
 more than just installing a package.

Package: harden-3rdflaws
Architecture: all
Conflicts: ${harden:Conflicts}
Description: Avoid packages with security problems.
 Harden-3rdflaws is intended to help the administrator to avoid packages
 that are known to give 3rd parties (like connected web browsers or
 similar) problems in form of insecure code.
 .
 If you want to avoid packages that remote users can use to compromise the
 system you should look at the harden-remoteflaws instead.
 .
 If you want to avoid packages that local users can use to compromise the
 system you should look at the harden-localflaws instead.
 .
 NOTE! This package will not make the 3rd party host uncrackable, and it is
 not inteded to do so.
