Debian comes with several harden packages, designed to make a computer more secure. My needs are very simple: word processing and Web browsing. I do not run any special servers, do not use SSH, telnet, etc. The only software that should use the Internet, that I know of, is iceweasel and apt.
- Is there a way to ensure that only these two pieces of software can access the Internet?
- Are any of the
hardenpackages suitable for these needs?
Best Answer
In a default user installation, there is only ssh as server application installed which you can simply uninstall via
aptitude remove openssh-serveror via any other package manager you use.Restricting network access for applications is difficult. {{ EDIT: However, there is now Leopard Flower developed which seems to provides the features you need (per-process firewall, interactive user interface). }} See Per process firewall? for more information about the topic. Without using complicate solutions, you can only restrict network access to special users via the iptables
ownermodule.As normal user you do not need any
harden-*packages. They either conflict on unsafe packages, which you probably have not installed anyway, or install security packages which are for normal systems too complicated to configure and maintain - like network intrusion systems.