Launchpad entry: none yet
Created: 2006-08-03 by JohnMoser
This spec defines a configuration auditing aspect of the Ubuntu Hardened Team specified in HardenedUbuntu: The Ubuntu Hardened Configuration Auditing Team.
Even with basic security, lack of vulnerabilities, and proactive security to stop active exploits, minor configuration errors such as enabling default users and passwords can easily lead to system compromise. Someone needs to be paying special attention to the default configurations of packages in Ubuntu Linux.
The scope is packages in Main.
A team will be formed to audit and examine the default configurations of packages prior to release of stable Ubuntu branches or of updates to stable Ubuntu branches.
Data preservation and migration
- This should probably be aided in some way; this would be pretty easy if configuration files created between different versions of packages could be diffed out and displayed. That way someone could take, for example, Dapper and Edgy and generate a differential list of configuration changes and look for anything alarming.
This team will probably share a lot of members with other teams.