Source: harden
Section: admin
Priority: extra
Maintainer: Ola Lundqvist <opal@debian.org>
Build-Depends-Indep: debhelper (>> 4.1.16), perl, dpsyco-devel
Standards-Version: 3.6.1

Package: harden
Architecture: all
Depends: harden-environment, harden-servers, ${misc:Depends}, debconf (>= 1.2.0)
Recommends: harden-tools
Suggests: sudo, harden-clients, harden-nids, harden-remoteaudit, harden-surveillance
Description: Makes your system hardened
 This package is intended to help the administrator to improve
 the security of the system, or at least make the host less susceptible.
 .
 NOTE! This package will not make your system uncrackable, and it is
 not intended to do so. Making your system secure involves a LOT
 more than just installing a package. You are recommended to read at
 least some documents in addition to installing this package. The documents
 can be found in the harden-doc package. This is of course just a start
 because there are LOT of information on how to make your system more secure.
 .
 For more information on how to secure your system see:
 http://www.debian.org/doc/manuals/securing-debian-howto/

Package: harden-servers
Architecture: all
Depends: ${misc:Depends}, debconf (>= 1.2.0)
Conflicts: ${harden:Conflicts}
Description: Avoid servers that are known to be insecure
 This package is intended to give the administrator a easy option to avoid
 servers that in some sense are insecure. It can be a servers that needs
 passwords in plaintext, packages that can give someone access to the local
 host without permission, or packages that gives system information to remote
 users.
 .
 NOTE! This package will not make your system uncrackable, and it is
 not intended to do so. Making your system secure involves a LOT
 more than just installing a package.
 .
 For more information on how to secure your system see:
 http://www.debian.org/doc/manuals/securing-debian-howto/

Package: harden-clients
Architecture: all
Depends: ${misc:Depends}, debconf (>= 1.2.0)
Conflicts: ${harden:Conflicts}
Suggests: ssh
Description: Avoid clients that are known to be insecure
 Harden-clients is intended to give the administrator a easy option to avoid
 clients that in some sense are insecure. It can be a client that needs to send
 passwords in plaintext, or packages that can give someone access to the local
 host without permission.
 .
 NOTE! This package will not make your system uncrackable, and it is
 not intended to do so. Making your system secure involves a LOT
 more than just installing a package.
 .
 For more information on how to secure your system see:
 http://www.debian.org/doc/manuals/securing-debian-howto/

Package: harden-surveillance
Architecture: all
Depends: nagios | netsaint
Description: Check services and/or servers automatically
 This package help you to install tools for active network surveillance.
 Surveillance is the process of constant monitoring of networks and
 services to check that they work as expected.

Package: harden-development
Architecture: all
Recommends: rats
Description: Development tools for creating more secure programs
 This package help you to install tools that can be useful in order
 to create better programs in the context of security.
 .
 Such tools need knowledge from the program author so it will not
 automatically make your programs better.

Package: harden-tools
Architecture: all
Suggests: john, gnupg, bastille, tiger
Description: Tools to enhance or analyze the security of the local system
 Harden-tools helps you to install tools that the administrator can
 use to enhance the security of the local system in some way.
 .
 NOTE! This package will not make your system uncrackable, and it is
 not intended to do so. Making your system secure involves a LOT
 more than just installing a package.
 .
 For more information on how to secure your system see:
 http://www.debian.org/doc/manuals/securing-debian-howto/

Package: harden-environment
Architecture: all
Depends: debsums | samhain | integrit | tripwire | aide | ids, sash | osh
Recommends: logcheck, checksecurity
Suggests: harden-nids, sudo, debsums, samhain, integrit, tripwire, aide, ids, sash, osh, libsafe
Description: Hardened system environment
 Harden-environment provides a hardened system environment, or at least
 helps the administrator to configure such an environment.
 .
 Right now this include packages for local intrusion detection.
 .
 NOTE! This package will not make your system uncrackable, and it is
 not intended to do so. Making your system secure involves a LOT
 more than just installing a package.
 .
 For more information on how to secure your system see:
 http://www.debian.org/doc/manuals/securing-debian-howto/

Package: harden-nids
Architecture: all
Depends: snort | ntop
Recommends: logcheck
Description: Harden a system by using a network intrusion detection system
 This package help you to install a network intrusion detection system.
 Network intrusion detection systems is a tool that analyze network
 packets and log anomalies or known crack attempts.
 .
 NOTE! Network intrusion detection systems do not find all attempts to
 crack your system. The can also be pretty hard to set up so please
 read more about this before you start the process.

Package: harden-remoteaudit
Architecture: all
Depends: nessusd
Priority: optional
Suggests: nessus, satan, nagios | netsaint, dsniff, harden-nids, idswakeup, ettercap
Description: Audit your remote systems from this host
 This package helps you to install a set of tools to check remote systems,
 sniff for passwords and more. Observe that this kind of activity can be
 illegal so you have to check if you are authorized to do so in the environment
 where you install this package.
 .
 You can check exploits, sniff for passwords and similar things.
 .
 Nessus note: You have to have the nessus client installed on some host. The
 client is provided by the 'nessus' package. You can install it on the same
 host but that is not necessary.
 .
 NOTE! This package includes packages that can damage the system that
 you audit. It should NOT be used on any host, network or system that you are
 not responsible for. It can also damage the hosts that are checked.
 You have been warned!
