Hi everyone,

I was reading tutorial https://wiki.debian.org/Hardening, https://wiki.debian.org/HardeningWalkthrough and i was wondering how to use it. I've installed Debian 7 and i want to rebuild all packages with -fstack-protector-all and other options using hardening-wrapper/dpkg-buildflags. I would like to know is it any sense do it or if someone did it ?

Greetz,
bryn1u

In my opinion it makes sense only if your threatscape points you to implementing measures like that, and if you have no alternatives and if trade-offs are not acceptable (that's and-and, not or-or). I'm saying it this way because you must understand that it will take knowledge and time troubleshooting problems you're bound to encounter and some effort maintaining those setups having to rebuild and QA packages when updates are released. So at this point (lack of nfo) only you can gauge if it is acceptable in terms of in what way this enhances security significantly or not, time, effort, knowledge. Ideally you should have a separate build server with automated build scripts and a staging machine to debug and perform quality assurance on for each of the machine roles you have in production.

It would be helpful if your reply explains why you think you need it.


///NTLB

Destination to the server with shell account, possibility compile and run own software that's why i need this solution.

Well, I outlined what I think the decision making process should include and why and your reply doesn't change that, so.