Security: Difference between revisions

The fewer security mechanisms, the cleaner the design. We believe the majority of useful security automations (outside of a Mandatory Access Control environment) best achieved via a combination of IPTables, POSIX file-based capabilities, seccomp and virtualization. As a result, several technologies have been deprecated in SprezzOS, as it is felt they served only to complicate the security landscape.

Removed Technologies

• SELinux
• TCPWrappers

Root account

By default, the root account cannot directly log in. This can be changed post-install with sudo passwd, but is discouraged.

Sudo

The user created during SprezzOS installation will be added to the sudo group, which requires no password by default:

%sudo   ALL=(ALL:ALL) NOPASSWD:ALL

To add an arbitrary user U to the sudo group, run

sudo usermod -G sudo -a U

{{#switch:|subgroup|child=|none=|#default=

}}{{#if:The Woefully Incomplete SprezzOS Handbook (bold indicates content)|{{#if:|<th scope="col" style="border-left:2px solid #fdfdfd;width:100%;|}}{{#if:|{{#if:The Woefully Incomplete SprezzOS Handbook (bold indicates content)|}}}}{{#if:* Why SprezzOS? Getting help Release Model Man pages FAQ|{{#if:The Woefully Incomplete SprezzOS Handbook (bold indicates content)| }}{{#if:|}}{{#if:Meta|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|{{#if:|}}}}{{#if:* Booting Installation The shell environment The desktop environment|{{#if:The Woefully Incomplete SprezzOS Handbook (bold indicates content)* Why SprezzOS? Getting help Release Model Man pages FAQ| }}{{#if:Environments|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:* Firmware Power Management Storage Printing Sound Graphics Networking|{{#if:The Woefully Incomplete SprezzOS Handbook (bold indicates content)* Why SprezzOS? Getting help Release Model Man pages FAQ* Booting Installation The shell environment The desktop environment| }}{{#if:Hardware|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:* Kernel APT Development Debugging Fonts Webservers External software| {{#if:Software|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:* Security Job scheduling Benchmarking Health/Testing Remote access| {{#if:Admin|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:|{{#if:|<td style="text-align:left;border-left-width:2px;border-left-style:solid;|}}{{#if:Consult further resources from among Debian documentation.|{{#if:The Woefully Incomplete SprezzOS Handbook (bold indicates content)* Why SprezzOS? Getting help Release Model Man pages FAQ* Booting Installation The shell environment The desktop environment* Firmware Power Management Storage Printing Sound Graphics Networking| }}}} {{#if:{{#switch:|plain|off=1}}{{#if:Handbook||{{#switch:|subgroup|child|none=1}}}}|{{#ifeq:|off|{{#ifeq:|plain| }}|{{#ifeq:|plain|| }}}}|{{#if:Handbook||Error: No name provided}}{{#ifeq:|plain| }}}} The Woefully Incomplete SprezzOS Handbook (bold indicates content) {{{above}}} {{{imageleft}}} Meta Why SprezzOS? Getting help Release Model Man pages FAQ Environments Booting Installation The shell environment The desktop environment Hardware Firmware Power Management Storage Printing Sound Graphics Networking Software Kernel APT Development Debugging Fonts Webservers External software Admin Security Job scheduling Benchmarking Health/Testing Remote access {{{group6}}} {{{list6}}} {{{group7}}} {{{list7}}} {{{group8}}} {{{list8}}} {{{group9}}} {{{list9}}} {{{group10}}} {{{list10}}} {{{group11}}} {{{list11}}} {{{group12}}} {{{list12}}} {{{group13}}} {{{list13}}} {{{group14}}} {{{list14}}} {{{group15}}} {{{list15}}} {{{group16}}} {{{list16}}} {{{group17}}} {{{list17}}} {{{group18}}} {{{list18}}} {{{group19}}} {{{list19}}} {{{group20}}} {{{list20}}} Consult further resources from among Debian documentation. {{#switch:|subgroup|child= |none=|#default=

}}{{#ifeq:|Template|{{#ifeq:|child||{{#ifeq:|subgroup||{{#switch:security

|doc
|sandbox
|testcases =
|#default = {{#switch:
 |plainlist
 |hlist
 |hlist hnum
 |hlist vcard
 |vcard hlist = 
 |#default = hlist
 }}
}}

}}}}}}