harden-0.1.38+nmu1/0000700000000000000000000000000011710557422010600 5ustar harden-0.1.38+nmu1/README0000600000000000000000000000231511173250423011455 0ustar harden - Native Debian package to help hardening of a Debian system Background: =========== This package is a native debian package and was initially created by Ola Lundqvist after some dicussion on debian-devel. Actually this have been proposed at least two times by different people. Package information: ==================== For more information take a look at debian/harden-*.README.Debian License information: ==================== Copyright (C) 2001-2007 Ola Lundqvist This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. harden-0.1.38+nmu1/patches/0000700000000000000000000000000011710557422012227 5ustar harden-0.1.38+nmu1/patches/diff-switch-to-po-debconf.patch0000600000000000000000000005423411173250423020115 0ustar From: Martin Quinson Hey dude, this time, the changes are minimal. The diff is a bit big, but it's only wrapping due to debconf-gettextize. I only removed the dot at the end of note short description. As usual, I'll stand at your side in case of problem. Thanks for applying, Mt. *** /home/mquinson/L10N/BR Using the "new" gettext format for debconf templates helps for templates translations. For instance, detecting outdated or untranslated strings becomes considerably easier. It also keeps track of who did which translation. Patch description: ------------------ The attached patch does the required modifications: - debian/control modification for dependencies: build-dep: debhelper (>= 4.1.16) which depends on po-debconf depend: debconf (>= 1.2.0) since old versions have problems with templates specifying the encoding of their content - Add 'debconf-updatepo' to the clean target of your debian/rules (to make sure that the relevant files are ready for translation in the distributed source packages, and thus help translators) - execute "debconf-gettextize debian/*templates*". This does: - generate po/ directory containing all the translation mecanism - change the template file to mark some strings as translatable by putting a _ before the field name. - mark the right strings as translatable in the templates. This is a manual check to make sure that fields containing stuff which cannot be translated such as kernel module name, and the one not shown to the users are not marked as translatable. For more details, see po-debconf documentation, especially "man 7 po-debconf" This patch also document the most important modifications in the changelog. Use this as a sample, and please feel free to change it to fit your taste. If you want to give me credit for this, write my name but avoid to publish my email address there since I already get enough spam. About backports: ---------------- Please note that the suggested modifications will make your package a little bit harder to backport to earlier Debian releases. If this is a concern to you, you may try to adopt the method used by the openssh package and detailed by Colin Watson in http://lists.debian.org/debian-i18n/2003/debian-i18n-200307/msg00026.html This patch does not includes this method as this would make it too invasive, IMHO. So, preserving backportability is up to you... Stylistic considerations: ------------------------- While I was working on the convertion to po-debconf, I noticed that the templates of your package are in a rather good shape. I did provide such a conversion for a bunch of packages, and I saw a bunch of broken templates very hard to understand for newbies. Yours are not that way, and I want to congratulate you for that. In case of future doubt, please note that the current best practices concerning templates are available from: http://people.debian.org/~bubulle/dtsg.txt Future: ------- Once the switch is achieved, and style improvements are done (if any), I guess that you will receive translations of your templates rather soon. They will consist in XX.po files where XX is the code of the language they contain. Simply put them to debian/po, add a changelog entry, and your package is ready for rebuilding and uploading after the usual checks. If you modify your templates in the future, no action is absolutely mandatory from you to take care of the translations (outdated translations will be automatically discarded). But it is nicer to your translators and your not english speaking users to include the updated translations in the same upload. For that, run debconf-updatepo, and mail each translator the XX.po file they provided you. Their adress can be found in the headers of the po file. Wait a few days so that they can do their work, and put the new version of the po file back in position in debian/po before upload. Thanks for helping the translators, and thus your non english speaker end-users. Bye, Mt. diff -ruN harden-0.1.11.cpy/debian/control harden-0.1.11/debian/control --- harden-0.1.11.cpy/debian/control 2004-05-20 23:53:03.000000000 +0200 +++ harden-0.1.11/debian/control 2004-05-20 23:55:08.000000000 +0200 @@ -2,12 +2,12 @@ Section: admin Priority: extra Maintainer: Ola Lundqvist -Build-Depends-Indep: debhelper (>> 3.0.0), dpsyco-devel, perl, texinfo, tetex-bin, tetex-extra +Build-Depends-Indep: debhelper (>= 4.1.16), dpsyco-devel, perl, texinfo, tetex-bin, tetex-extra Standards-Version: 3.5.8 Package: harden Architecture: all -Depends: harden-environment, harden-servers, harden-remoteflaws, harden-localflaws, ${misc:Depends} +Depends: harden-environment, harden-servers, harden-remoteflaws, harden-localflaws, ${misc:Depends}, debconf (>= 1.2.0) Recommends: harden-tools Suggests: sudo, harden-clients, harden-nids, harden-remoteaudit, harden-surveillance Description: Makes your system hardened @@ -26,7 +26,7 @@ Package: harden-servers Architecture: all -Depends: ${misc:Depends} +Depends: ${misc:Depends}, debconf (>= 1.2.0) Conflicts: ${harden:Conflicts} Description: Avoid servers that are known to be insecure This package is intended to give the administrator a easy option to avoid @@ -44,7 +44,7 @@ Package: harden-clients Architecture: all -Depends: ${misc:Depends} +Depends: ${misc:Depends}, debconf (>= 1.2.0) Conflicts: ${harden:Conflicts} Suggests: ssh Description: Avoid clients that are known to be insecure diff -ruN harden-0.1.11.cpy/debian/harden-clients.templates harden-0.1.11/debian/harden-clients.templates --- harden-0.1.11.cpy/debian/harden-clients.templates 2004-05-20 23:53:03.000000000 +0200 +++ harden-0.1.11/debian/harden-clients.templates 2004-05-20 23:56:42.000000000 +0200 @@ -1,27 +1,27 @@ Template: harden-clients/plaintext Type: note -Description: Plaintext passwords. +_Description: Plaintext passwords Services that use plaintext passwords are almost by definition insecure. The reason is that you can not know if someone is sniffing your passwords. . - In a local environment with no connection to the outside world this is - of course not a big problem. On the other hand then you will not need - to secure your system at all and should not need this package. + In a local environment with no connection to the outside world this is of + course not a big problem. On the other hand then you will not need to + secure your system at all and should not need this package. . - This package conflicts with a lot of client service components that depend on - plaintext passwords. Some tools that use plaintext passwords is not + This package conflicts with a lot of client service components that depend + on plaintext passwords. Some tools that use plaintext passwords is not conflicted because they can be configured not to use plaintext passwords. So installing this package will only help you with some of the most critical server components. . - The advice is to look for each available client and investigate if it - use plaintext passwords. If it does, try to configure it so it start - using encryption or some password exchange algorigthm that does not - require plaintext passwords. + The advice is to look for each available client and investigate if it use + plaintext passwords. If it does, try to configure it so it start using + encryption or some password exchange algorigthm that does not require + plaintext passwords. Template: harden-clients/fetchmail Type: note -Description: Fetchmail configuration. +_Description: Fetchmail configuration The package fetchmail is installed on the local system. Normally this package do not support secure connections so you are encouraged to use fetchmail-ssl instead. A client that support encryption does not help if @@ -30,8 +30,8 @@ Template: harden-clients/fetchmail-ssl Type: note -Description: Fetchmail configuration. - The package fetchmail-ssl is detected. You have to make sure that you really - use a encrypted connection. You do that by configuring the client and - at the same time check that the server really support encryption. If the - server do not support encryption it does not help if the client does. +_Description: Fetchmail configuration + The package fetchmail-ssl is detected. You have to make sure that you + really use a encrypted connection. You do that by configuring the client + and at the same time check that the server really support encryption. If + the server do not support encryption it does not help if the client does. diff -ruN harden-0.1.11.cpy/debian/harden-servers.templates harden-0.1.11/debian/harden-servers.templates --- harden-0.1.11.cpy/debian/harden-servers.templates 2004-05-20 23:53:03.000000000 +0200 +++ harden-0.1.11/debian/harden-servers.templates 2004-05-20 23:56:30.000000000 +0200 @@ -1,52 +1,52 @@ Template: harden-servers/plaintext Type: note -Description: Plaintext passwords. +_Description: Plaintext passwords Services that use plaintext passwords are almost by definition insecure. The reason is that you can not know if someone is sniffing your passwords. . - In a local environment with no connection to the outside world this is - of course not a big problem. On the other hand then you will not need - to secure your system at all and should not need this package. + In a local environment with no connection to the outside world this is of + course not a big problem. On the other hand then you will not need to + secure your system at all and should not need this package. . - This package conflicts with a lot of service server components that depend on - plaintext passwords. Some tools that use plaintext passwords is not + This package conflicts with a lot of service server components that depend + on plaintext passwords. Some tools that use plaintext passwords is not conflicted because they can be configured not to use plaintext passwords. So installing this package will only help you with some of the most critical server components. . - The advice is to look for each available service and investigate if it - use plaintext passwords. If it does, try to configure it so it start - using encryption or some password exchange algorigthm that does not - require plaintext passwords. + The advice is to look for each available service and investigate if it use + plaintext passwords. If it does, try to configure it so it start using + encryption or some password exchange algorigthm that does not require + plaintext passwords. Template: harden-servers/inetd Type: note -Description: Default services and inetd. - By default some not very necessary services is enabled on your - system. The program that provide them is inetd. There are other alternatives - to inetd which are more flexible. The problem is not that inetd in itself - is insecure so you will probably not need to remove it. The problem - is that you have to configure it to only provide the services that are - really needed. - . - If you have the normal inetd program installed you should configure it - by editing /etc/inetd.conf. - . - The general rule is to comment all lines that you do not need. If you do not - know what it is, you probably do not need it. If you discover some problem - you can always uncomment it later. +_Description: Default services and inetd + By default some not very necessary services is enabled on your system. The + program that provide them is inetd. There are other alternatives to inetd + which are more flexible. The problem is not that inetd in itself is + insecure so you will probably not need to remove it. The problem is that + you have to configure it to only provide the services that are really + needed. + . + If you have the normal inetd program installed you should configure it by + editing /etc/inetd.conf. + . + The general rule is to comment all lines that you do not need. If you do + not know what it is, you probably do not need it. If you discover some + problem you can always uncomment it later. . - When you have edit that file you have to restart the inet daemon with - the following command: /etc/init.d/inetd restart + When you have edit that file you have to restart the inet daemon with the + following command: /etc/init.d/inetd restart Template: harden-servers/vncserver Type: note -Description: VNC server - The VNC server in the Debian GNU/Linux distribution contain the - tightvnc patches which in addition to adding compression make it possible - to use ssh tunnelling. You do that from the client by adding the -via - switch when connecting. To make sure that no plaintext passwords is - transmitted over the network you have to add firewalling rules on the - local machine that disallow direct connections to the VNC ports (see - the manpage for exact numbers). Only connections from the local interface - should be allowed, to make it possible to tunnel it using ssh. +_Description: VNC server + The VNC server in the Debian GNU/Linux distribution contain the tightvnc + patches which in addition to adding compression make it possible to use + ssh tunnelling. You do that from the client by adding the -via switch when + connecting. To make sure that no plaintext passwords is transmitted over + the network you have to add firewalling rules on the local machine that + disallow direct connections to the VNC ports (see the manpage for exact + numbers). Only connections from the local interface should be allowed, to + make it possible to tunnel it using ssh. diff -ruN harden-0.1.11.cpy/debian/harden.templates harden-0.1.11/debian/harden.templates --- harden-0.1.11.cpy/debian/harden.templates 2004-05-20 23:53:03.000000000 +0200 +++ harden-0.1.11/debian/harden.templates 2004-05-20 23:55:47.000000000 +0200 @@ -1,12 +1,11 @@ Template: harden/welcome Type: note -Description: Harden your Debian GNU/Linux system. - Hardening your Debian GNU/Linux system is NOT as simple as - installing a package. You have to have LOT of knowledge about what - to do when configuring the system. This package will try to help you - to take proper actions and give some suggestions. +_Description: Harden your Debian GNU/Linux system + Hardening your Debian GNU/Linux system is NOT as simple as installing a + package. You have to have LOT of knowledge about what to do when + configuring the system. This package will try to help you to take proper + actions and give some suggestions. . - In the harden-doc package you can find documentation on how to - make your Debian installation more secure. - It is also available at: + In the harden-doc package you can find documentation on how to make your + Debian installation more secure. It is also available at: http://www.debian.org/doc/manuals/securing-debian-howto/ diff -ruN harden-0.1.11.cpy/debian/po/POTFILES.in harden-0.1.11/debian/po/POTFILES.in --- harden-0.1.11.cpy/debian/po/POTFILES.in 1970-01-01 01:00:00.000000000 +0100 +++ harden-0.1.11/debian/po/POTFILES.in 2004-05-20 23:55:26.000000000 +0200 @@ -0,0 +1,3 @@ +[type: gettext/rfc822deb] harden-clients.templates +[type: gettext/rfc822deb] harden-servers.templates +[type: gettext/rfc822deb] harden.templates diff -ruN harden-0.1.11.cpy/debian/po/templates.pot harden-0.1.11/debian/po/templates.pot --- harden-0.1.11.cpy/debian/po/templates.pot 1970-01-01 01:00:00.000000000 +0100 +++ harden-0.1.11/debian/po/templates.pot 2004-05-20 23:58:15.000000000 +0200 @@ -0,0 +1,204 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2004-05-20 23:58+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../harden-clients.templates:3 ../harden-servers.templates:3 +msgid "Plaintext passwords" +msgstr "" + +#. Type: note +#. Description +#: ../harden-clients.templates:3 ../harden-servers.templates:3 +msgid "" +"Services that use plaintext passwords are almost by definition insecure. The " +"reason is that you can not know if someone is sniffing your passwords." +msgstr "" + +#. Type: note +#. Description +#: ../harden-clients.templates:3 ../harden-servers.templates:3 +msgid "" +"In a local environment with no connection to the outside world this is of " +"course not a big problem. On the other hand then you will not need to secure " +"your system at all and should not need this package." +msgstr "" + +#. Type: note +#. Description +#: ../harden-clients.templates:3 +msgid "" +"This package conflicts with a lot of client service components that depend " +"on plaintext passwords. Some tools that use plaintext passwords is not " +"conflicted because they can be configured not to use plaintext passwords. So " +"installing this package will only help you with some of the most critical " +"server components." +msgstr "" + +#. Type: note +#. Description +#: ../harden-clients.templates:3 +msgid "" +"The advice is to look for each available client and investigate if it use " +"plaintext passwords. If it does, try to configure it so it start using " +"encryption or some password exchange algorigthm that does not require " +"plaintext passwords." +msgstr "" + +#. Type: note +#. Description +#: ../harden-clients.templates:24 +msgid "" +"The package fetchmail is installed on the local system. Normally this " +"package do not support secure connections so you are encouraged to use " +"fetchmail-ssl instead. A client that support encryption does not help if the " +"server does not support it. So make sure that the server side support SSL " +"encryption too." +msgstr "" + +#. Type: note +#. Description +#: ../harden-clients.templates:33 +msgid "Fetchmail configuration" +msgstr "" + +#. Type: note +#. Description +#: ../harden-clients.templates:33 +msgid "" +"The package fetchmail-ssl is detected. You have to make sure that you really " +"use a encrypted connection. You do that by configuring the client and at the " +"same time check that the server really support encryption. If the server do " +"not support encryption it does not help if the client does." +msgstr "" + +#. Type: note +#. Description +#: ../harden-servers.templates:3 +msgid "" +"This package conflicts with a lot of service server components that depend " +"on plaintext passwords. Some tools that use plaintext passwords is not " +"conflicted because they can be configured not to use plaintext passwords. So " +"installing this package will only help you with some of the most critical " +"server components." +msgstr "" + +#. Type: note +#. Description +#: ../harden-servers.templates:3 +msgid "" +"The advice is to look for each available service and investigate if it use " +"plaintext passwords. If it does, try to configure it so it start using " +"encryption or some password exchange algorigthm that does not require " +"plaintext passwords." +msgstr "" + +#. Type: note +#. Description +#: ../harden-servers.templates:24 +msgid "Default services and inetd" +msgstr "" + +#. Type: note +#. Description +#: ../harden-servers.templates:24 +msgid "" +"By default some not very necessary services is enabled on your system. The " +"program that provide them is inetd. There are other alternatives to inetd " +"which are more flexible. The problem is not that inetd in itself is insecure " +"so you will probably not need to remove it. The problem is that you have to " +"configure it to only provide the services that are really needed." +msgstr "" + +#. Type: note +#. Description +#: ../harden-servers.templates:24 +msgid "" +"If you have the normal inetd program installed you should configure it by " +"editing /etc/inetd.conf." +msgstr "" + +#. Type: note +#. Description +#: ../harden-servers.templates:24 +msgid "" +"The general rule is to comment all lines that you do not need. If you do not " +"know what it is, you probably do not need it. If you discover some problem " +"you can always uncomment it later." +msgstr "" + +#. Type: note +#. Description +#: ../harden-servers.templates:24 +msgid "" +"When you have edit that file you have to restart the inet daemon with the " +"following command: /etc/init.d/inetd restart" +msgstr "" + +#. Type: note +#. Description +#: ../harden-servers.templates:44 +msgid "VNC server" +msgstr "" + +#. Type: note +#. Description +#: ../harden-servers.templates:44 +msgid "" +"The VNC server in the Debian GNU/Linux distribution contain the tightvnc " +"patches which in addition to adding compression make it possible to use ssh " +"tunnelling. You do that from the client by adding the -via switch when " +"connecting. To make sure that no plaintext passwords is transmitted over the " +"network you have to add firewalling rules on the local machine that disallow " +"direct connections to the VNC ports (see the manpage for exact numbers). " +"Only connections from the local interface should be allowed, to make it " +"possible to tunnel it using ssh." +msgstr "" + +#. Type: note +#. Description +#: ../harden.templates:3 +msgid "Harden your Debian GNU/Linux system" +msgstr "" + +#. Type: note +#. Description +#: ../harden.templates:3 +msgid "" +"Hardening your Debian GNU/Linux system is NOT as simple as installing a " +"package. You have to have LOT of knowledge about what to do when configuring " +"the system. This package will try to help you to take proper actions and " +"give some suggestions." +msgstr "" + +#. Type: note +#. Description +#: ../harden.templates:3 +msgid "" +"In the harden-doc package you can find documentation on how to make your " +"Debian installation more secure. It is also available at: http://www.debian." +"org/doc/manuals/securing-debian-howto/" +msgstr "" diff -ruN harden-0.1.11.cpy/debian/rules harden-0.1.11/debian/rules --- harden-0.1.11.cpy/debian/rules 2004-05-20 23:53:03.000000000 +0200 +++ harden-0.1.11/debian/rules 2004-05-20 23:53:21.000000000 +0200 @@ -25,6 +25,7 @@ dh_testdir dh_testroot -rm -f build-stamp configure-stamp + debconf-updatepo dh_clean harden-0.1.38+nmu1/debian/0000700000000000000000000000000012053313470012014 5ustar harden-0.1.38+nmu1/debian/harden-servers.questions0000600000000000000000000000036311173250422016723 0ustar if [ -x /usr/X11R6/bin/vncserver ] ; then if [ ! -e /var/lib/harden-servers/vncserver ] ; then db_input "medium" harden-servers/vncserver || true db_go mkdir -p /var/lib/harden-servers touch /var/lib/harden-servers/vncserver fi fi harden-0.1.38+nmu1/debian/po/0000700000000000000000000000000012053313470012432 5ustar harden-0.1.38+nmu1/debian/po/de.po0000600000000000000000000002325311710557350013377 0ustar # translation of harden_0.1.25_de.po to German # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans# # Developers do not need to manually edit POT or PO files. # # Erik Schanze , 2006. msgid "" msgstr "" "Project-Id-Version: harden_0.1.25_de\n" "Report-Msgid-Bugs-To: opal@debian.org\n" "POT-Creation-Date: 2006-08-20 17:55+0200\n" "PO-Revision-Date: 2006-11-05 20:32+0100\n" "Last-Translator: Erik Schanze \n" "Language-Team: German \n" "Language: de\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "Plaintext passwords" msgstr "Klartext-Passwörter" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "Services that use plaintext passwords are almost by definition insecure. The " "reason is that you cannot know if someone is sniffing your passwords." msgstr "" "Dienste, die Klartext-Passwörter benutzen, sind prinzipiell unsicher, weil " "jemand ohne Ihr Wissen Ihre Passwörter mitlesen kann." #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "In a local environment with no connection to the outside world this is of " "course not a big problem. On the other hand then you will not need to secure " "your system at all and should not need this package." msgstr "" "In einer lokalen Umgebung ohne Verbindung zur Außenwelt ist das natürlich " "kein großes Problem. Andererseits brauchen Sie Ihr System in diesem Fall " "überhaupt nicht abzusichern und benötigen dieses Paket gar nicht." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "This package conflicts with a lot of client service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "clients." msgstr "" "Dieses Paket verhindert die Installation einer Reihe von Client-Programmen, " "die nur Klartext-Passwörter verwenden. Einige Programme, die Klartext-" "Passwörter verwenden, werden geduldet, weil sie so eingerichtet werden " "können, dass sie keine Klartext-Passwörter verwenden. Deshalb hilft Ihnen " "die Installation dieses Pakets nur bei einigen der bedenklichsten Clients." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "The advice is to look at each available client and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Sie sollten jedes verfügbare Client-Programm kontrollieren und untersuchen, " "ob Klartext-Passwörter benutzt werden. Wenn das so ist, sollten Sie " "versuchen, ihn so einzurichten, dass Verschlüsselung oder ein Verfahren des " "Passwort-Austausches benutzt wird, das keine Klartext-Passwörter erfordert." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "This package conflicts with a lot of server service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "servers." msgstr "" "Dieses Paket verhindert die Installation einer Reihe von Serverdienst-" "Komponenten, die nur Klartext-Passwörter verwenden. Einige Programme werden " "geduldet, weil sie so eingerichtet werden können, dass sie keine Klartext-" "Passwörter verwenden. Deshalb hilft Ihnen die Installation dieses Pakets nur " "bei einigen der kritischsten Serverkomponenten." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "The advice is to look at each available service and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Sie sollten jeden verfügbaren Dienst kontrollieren und untersuchen, ob " "Klartext-Passwörter benutzt werden. Wenn das so ist, sollten Sie versuchen, " "ihn so einzurichten, dass Verschlüsselung oder ein Verfahren des Passwort-" "Austausches benutzt wird, das keine Klartext-Passwörter erfordert." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "Default services and inetd" msgstr "Standard-Dienste und Inetd" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "By default some unnecessary services are enabled on your system. The program " "that provides them is inetd. There are alternatives to inetd which are more " "flexible. The problem is not that inetd in itself is insecure so you will " "probably not need to remove it. The problem is that you have to configure it " "to provide only the services that are really needed." msgstr "" "Auf Ihrem System sind standardmäßig einige Dienste aktiviert, die unnötig " "sind. Das Programm Inetd stellt diese Dienste bereit. Es gibt Alternativen " "zu Inetd, die flexibler sind. Inetd selbst ist nicht unsicher, deshalb " "brauchen Sie es nicht entfernen. Sie müssen es aber so einrichten, dass nur " "die Dienste angeboten werden, die wirklich nötig sind." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "If you have the normal inetd program installed you should configure it by " "editing /etc/inetd.conf." msgstr "" "Wenn bei Ihnen das normale Programm Inetd installiert ist, sollten Sie es " "durch Ändern der Datei /etc/inetd.conf einrichten." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "The general rule is to comment all lines that you do not need. If you do not " "know what it is, you probably do not need it. If you discover some problem " "you can always uncomment it later." msgstr "" "Üblicherweise sollten Sie alle Zeilen auskommentieren, die Sie nicht " "brauchen. Wenn Sie nicht wissen, um welchen Dienst es sich handelt, brauchen " "Sie ihn wahrscheinlich auch nicht. Wenn Sie danach Probleme feststellen, " "können Sie die Dienste später wieder aktivieren." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "When you have edited that file, you have to restart the inet daemon with the " "following command: /etc/init.d/inetd restart" msgstr "" "Sobald Sie die Datei geändert haben, müssen Sie Inetd mit dem folgenden " "Befehl neu starten: /etc/init.d/inetd restart." #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "VNC server" msgstr "VNC-Server" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "" "The VNC server in the Debian GNU/Linux distribution contains the tightvnc " "patches which in addition to adding compression make it possible to use ssh " "tunnelling. You do that from the client by adding the -via switch when " "connecting. To make sure that no plaintext passwords are transmitted over " "the network you have to add firewalling rules on the local machine that " "disallow direct connections to the VNC ports (see the manpage for exact " "numbers). Only connections from the local interface should be allowed, to " "make it possible to tunnel it using ssh." msgstr "" "Der VNC-Server bei Debian GNU/Linux enthält die TightVNC-Patches, die es " "zusätzlich zur hinzugefügten Komprimierung möglich machen, SSL-Tunnel zu " "benutzen. Dieser Tunnel wird vom Client aufgebaut, indem der Schalter »-via« " "beim Verbindungsaufbau angegeben wird. Um sicher zu sein, dass keine " "Klartext-Passwörter über das Netzwerk übertragen werden, müssen Sie dem " "lokalen Rechner noch Firewall-Regeln hinzufügen, die direkte Verbindungen zu " "den VNC-Ports unterbinden (die genauen Portnummern stehen in der " "Handbuchseite). Nur Verbindungen von der lokalen Netzwerkschnittstelle " "sollten zugelassen werden, um den Tunnel mittels SSH zu nutzen." #. Type: note #. Description #: ../harden.templates:1001 msgid "Harden your Debian GNU/Linux system" msgstr "Härten Ihres Debian GNU/Linux Systems" #. Type: note #. Description #: ../harden.templates:1001 msgid "" "Hardening your Debian GNU/Linux system is NOT as simple as installing a " "package. You need a LOT of knowledge about what to do when configuring the " "system. This package will try to help you to take proper actions and will " "give some suggestions." msgstr "" "Das Härten Ihres Debian GNU/Linux Systems ist nicht mit einer " "Paketinstallation getan. Sie müssen selbst eine MENGE Erfahrung in der " "Einrichtung des Systems haben. Dieses Paket wird versuchen, Sie zu " "unterstützen, die richtigen Maßnahmen zu ergreifen und Ihnen einige " "Empfehlungen geben." #. Type: note #. Description #: ../harden.templates:1001 msgid "" "In the harden-doc package you can find documentation on how to make your " "Debian installation more secure. It is also available at: http://www.debian." "org/doc/manuals/securing-debian-howto/" msgstr "" "Im Paket Harden-doc finden Sie Beschreibungen, wie Sie Ihre Debian-" "Installation sicherer machen können. Sie sind auch verfügbar unter: http://" "www.debian.org/doc/manuals/securing-debian-howto/." harden-0.1.38+nmu1/debian/po/templates.pot0000600000000000000000000001261611173250422015163 0ustar # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: opal@debian.org\n" "POT-Creation-Date: 2006-08-20 17:55+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "Plaintext passwords" msgstr "" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "Services that use plaintext passwords are almost by definition insecure. The " "reason is that you cannot know if someone is sniffing your passwords." msgstr "" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "In a local environment with no connection to the outside world this is of " "course not a big problem. On the other hand then you will not need to secure " "your system at all and should not need this package." msgstr "" #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "This package conflicts with a lot of client service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "clients." msgstr "" #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "The advice is to look at each available client and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "This package conflicts with a lot of server service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "servers." msgstr "" #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "The advice is to look at each available service and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "Default services and inetd" msgstr "" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "By default some unnecessary services are enabled on your system. The program " "that provides them is inetd. There are alternatives to inetd which are more " "flexible. The problem is not that inetd in itself is insecure so you will " "probably not need to remove it. The problem is that you have to configure it " "to provide only the services that are really needed." msgstr "" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "If you have the normal inetd program installed you should configure it by " "editing /etc/inetd.conf." msgstr "" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "The general rule is to comment all lines that you do not need. If you do not " "know what it is, you probably do not need it. If you discover some problem " "you can always uncomment it later." msgstr "" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "When you have edited that file, you have to restart the inet daemon with the " "following command: /etc/init.d/inetd restart" msgstr "" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "VNC server" msgstr "" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "" "The VNC server in the Debian GNU/Linux distribution contains the tightvnc " "patches which in addition to adding compression make it possible to use ssh " "tunnelling. You do that from the client by adding the -via switch when " "connecting. To make sure that no plaintext passwords are transmitted over " "the network you have to add firewalling rules on the local machine that " "disallow direct connections to the VNC ports (see the manpage for exact " "numbers). Only connections from the local interface should be allowed, to " "make it possible to tunnel it using ssh." msgstr "" #. Type: note #. Description #: ../harden.templates:1001 msgid "Harden your Debian GNU/Linux system" msgstr "" #. Type: note #. Description #: ../harden.templates:1001 msgid "" "Hardening your Debian GNU/Linux system is NOT as simple as installing a " "package. You need a LOT of knowledge about what to do when configuring the " "system. This package will try to help you to take proper actions and will " "give some suggestions." msgstr "" #. Type: note #. Description #: ../harden.templates:1001 msgid "" "In the harden-doc package you can find documentation on how to make your " "Debian installation more secure. It is also available at: http://www.debian." "org/doc/manuals/securing-debian-howto/" msgstr "" harden-0.1.38+nmu1/debian/po/sv.po0000600000000000000000000002523211710557351013437 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # msgid "" msgstr "" "Project-Id-Version: harden 0.1.21\n" "Report-Msgid-Bugs-To: opal@debian.org\n" "POT-Creation-Date: 2006-08-20 17:55+0200\n" "PO-Revision-Date: 2006-05-02 23:37+0100\n" "Last-Translator: Daniel Nylander \n" "Language-Team: Swedish \n" "Language: sv\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "Plaintext passwords" msgstr "Lsenord i klartext" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "Services that use plaintext passwords are almost by definition insecure. The " "reason is that you cannot know if someone is sniffing your passwords." msgstr "" "Tjnster som anvnder lsenord i klartext r nstan alltid per definition " "oskra. Anledningen r att du inte vet om ngon fngar upp dina lsenord " "under transport." #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "In a local environment with no connection to the outside world this is of " "course not a big problem. On the other hand then you will not need to secure " "your system at all and should not need this package." msgstr "" "I en lokal milj utan anslutningar till vrlden utanfr r detta s klart " "inte ett stort problem. P andra sidan behver du inte skra ditt system " "alls och ska inte behva detta paket." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "This package conflicts with a lot of client service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "clients." msgstr "" "Detta paket r i konflikt med ett flertal komponenter fr klienttjnster som " "r beroende av klartextlsenord. Vissa verktyg som anvnder lsenord i " "klartext r inte i konflikt fr att de kan konfigureras att inte anvnda " "lsenord i klartext. Installation av detta paket kommer bara att hjlpa dig " "med ngra av de mest kritiska klienterna." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "The advice is to look at each available client and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Rdet r att se p varje tillgnglig klient och underska om den anvnder " "lsenord i klartext. Om den gr det, frsk att konfigurera den s att den " "brjar anvnda kryptering eller ngon algoritm fr lsenordsutbyte som inte " "krver lsenord i klartext." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "This package conflicts with a lot of server service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "servers." msgstr "" "Detta paket r i konflikt med ett flertal komponenter fr servertjnster som " "r beroende av lsenord i klartext. Vissa verktyg som anvnder lsenord i " "klartext r inte i konflikt fr att de kan konfigureras att inte anvnda " "lsenord i klartext. Installation av detta paket kommer bara att hjlpa dig " "med ngra av de mest kritiska servrarna." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "The advice is to look at each available service and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Rdet r att se p varje tillgnglig tjnst och underska om den anvnder " "lsenord i klartext. Om den gr det, frsk att konfigurera den s att den " "brjar anvnda kryptering eller ngon algoritm fr lsenordsutbyte som inte " "krver lsenord i klartext." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "Default services and inetd" msgstr "Standardtjnster och inetd" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "By default some unnecessary services are enabled on your system. The program " "that provides them is inetd. There are alternatives to inetd which are more " "flexible. The problem is not that inetd in itself is insecure so you will " "probably not need to remove it. The problem is that you have to configure it " "to provide only the services that are really needed." msgstr "" "Som standard r vissa ondiga tjnster aktiverade p ditt system. Programmet " "som tillhandahller dem r inetd. Det finns alternativ till inetd som r mer " "flexibla. Problemet r inte att sjlva inetd r oskert s du behver " "antagligen inte ta bort det. Problemet r att du mste konfigurera det att " "bara tillhandahlla tjnster som verkligen behvs." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "If you have the normal inetd program installed you should configure it by " "editing /etc/inetd.conf." msgstr "" "Om du har det vanliga inetd-programmet installerat br du konfigurera det " "genom att redigera /etc/inetd.conf." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "The general rule is to comment all lines that you do not need. If you do not " "know what it is, you probably do not need it. If you discover some problem " "you can always uncomment it later." msgstr "" "Den allmnna regeln r att kommentera alla rader som du inte behver. Om du " "inte vet vad det r, behver du det antagligen inte. Om du upptcker vissa " "problem kan du alltid ta bort kommentarstecknet senare." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "When you have edited that file, you have to restart the inet daemon with the " "following command: /etc/init.d/inetd restart" msgstr "" "Nr du har redigerat den filen mste du starta om inet-demonen med fljande " "kommando: /etc/init.d/inetd restart" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "VNC server" msgstr "VNC-server" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "" "The VNC server in the Debian GNU/Linux distribution contains the tightvnc " "patches which in addition to adding compression make it possible to use ssh " "tunnelling. You do that from the client by adding the -via switch when " "connecting. To make sure that no plaintext passwords are transmitted over " "the network you have to add firewalling rules on the local machine that " "disallow direct connections to the VNC ports (see the manpage for exact " "numbers). Only connections from the local interface should be allowed, to " "make it possible to tunnel it using ssh." msgstr "" "VNC-servern i Debian GNU/Linux-utgvan innehller programfixar fr tightvnc " "som i tillgg till att lgga till komprimering ocks gr det mjligt att " "anvnda ssh-tunnlar. Du gr det frn klienten genom att lgga till flaggan -" "via nr du ansluter. Fr att vara sker att inte lsenord verfrs i " "klartext ver ntverket mste du lgga till regler i brandvggen p den " "lokala maskinen som inte tillter direkta anslutningar till VNC-portarna (se " "manualsidan fr de exakta portnumren). Endast anslutningar frn det lokala " "grnssnittet br tilltas fr att gra det mjligt att tunnla det med ssh." #. Type: note #. Description #: ../harden.templates:1001 msgid "Harden your Debian GNU/Linux system" msgstr "Hrda ditt Debian GNU/Linux-system" #. Type: note #. Description #: ../harden.templates:1001 msgid "" "Hardening your Debian GNU/Linux system is NOT as simple as installing a " "package. You need a LOT of knowledge about what to do when configuring the " "system. This package will try to help you to take proper actions and will " "give some suggestions." msgstr "" "Hrdning av ditt Debian GNU/Linux-system r INTE s enkelt som att " "installera ett paket. Du behver ha MYCKET kunskap om vad du gra nr du " "konfigurerar systemet. Detta paket kommer att frska hjlpa dig att " "genomfra de korrekta tgrderna och ge dig ngra rd." #. Type: note #. Description #: ../harden.templates:1001 msgid "" "In the harden-doc package you can find documentation on how to make your " "Debian installation more secure. It is also available at: http://www.debian." "org/doc/manuals/securing-debian-howto/" msgstr "" "I paketet harden-doc kan du hitta dokumentation om hur du gr din Debian-" "installation skrare. Den finns ven tillgnglig p: http://www.debian.org/" "doc/manuals/securing-debian-howto/" #~ msgid "" #~ "The package fetchmail is installed on the local system. Normally this " #~ "package do not support secure connections so you are encouraged to use " #~ "fetchmail-ssl instead. A client that support encryption does not help if " #~ "the server does not support it. So make sure that the server side support " #~ "SSL encryption too." #~ msgstr "" #~ "Paketet fetchmail r installerat p det lokala systemet. Normalt sett har " #~ "detta paket inte std fr skra anslutningar s du rekommenderas att " #~ "anvnda paketet fetchmail-ssl istllet. En klient som har std fr " #~ "kryptering hjlper inte om servern inte har std fr det. Se till att " #~ "serversidan ocks har std fr SSL-kryptering." #~ msgid "Fetchmail configuration" #~ msgstr "Fetchmail-konfiguration" #~ msgid "" #~ "The package fetchmail-ssl is detected. You have to make sure that you " #~ "really use a encrypted connection. You do that by configuring the client " #~ "and at the same time check that the server really support encryption. If " #~ "the server do not support encryption it does not help if the client does." #~ msgstr "" #~ "Paketet fetchmail-ssl hittades. Du mste kontrollera att du verkligen " #~ "anvnder en krypterad anslutning. Du gr det genom att konfigurera " #~ "klienten och samtidigt kontrollera att servern verkligen har std fr " #~ "kryptering. Om servern inte har std fr kryptering hjlper det inte om " #~ "klienten har det." harden-0.1.38+nmu1/debian/po/POTFILES.in0000600000000000000000000000022111173250422014203 0ustar [type: gettext/rfc822deb] harden-clients.templates [type: gettext/rfc822deb] harden-servers.templates [type: gettext/rfc822deb] harden.templates harden-0.1.38+nmu1/debian/po/da.po0000600000000000000000000002220311710557350013365 0ustar # Danish translation harden. # Copyright (C) 2012 harden & nedenstående oversættere. # This file is distributed under the same license as the harden package. # Joe Hansen (joedalton2@yahoo.dk), 2012. # msgid "" msgstr "" "Project-Id-Version: harden\n" "Report-Msgid-Bugs-To: opal@debian.org\n" "POT-Creation-Date: 2006-08-20 17:55+0200\n" "PO-Revision-Date: 2012-01-27 12:42+0000\n" "Last-Translator: Joe Hansen \n" "Language-Team: Danish \n" "Language: da\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "Plaintext passwords" msgstr "Adgangskoder i klartekst" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "Services that use plaintext passwords are almost by definition insecure. The " "reason is that you cannot know if someone is sniffing your passwords." msgstr "" "Tjenester som bruger adgangskoder i klartekst er næsten per definition " "usikre. Årsagen er, at du ikke kan vide om nogen opsnapper dine adgangskoder." #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "In a local environment with no connection to the outside world this is of " "course not a big problem. On the other hand then you will not need to secure " "your system at all and should not need this package." msgstr "" "I et lokalt miljø uden forbindelse til den omkringliggende verden er dette " "selvfølgelig ikke et stort problem. På den anden side så har du ikke brug " "for at sikre dit system i det hele taget og har derfor ikke brug for denne " "pakke." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "This package conflicts with a lot of client service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "clients." msgstr "" "Denne pakke er i konflikt med en masse klienttjenestekomponenter, som " "afhænger af adgangskoder i klartekst. Nogle værktøjer, som bruger " "adgangskoder i klartekst, er ikke i konflikt, fordi de kan konfigureres til " "ikke at bruge adgangskoder i klartekst. Så installation af denne pakke vil " "kun hjælpe dig med nogle af de mest kritiske klienter." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "The advice is to look at each available client and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Rådet er at kigge på hver tilgængelig klient og undersøge om den bruger " "adgangskoder i klartekst. Hvis den gør, så forsøg at konfigurere den så den " "starter op med kryptering eller en slags udvekslingsalgoritme for " "adgangskode, som ikke kræver adgangskoder i klartekst." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "This package conflicts with a lot of server service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "servers." msgstr "" "Denne pakke er i konflikt med en masse servertjenestekomponenter, som " "afhænger af adgangskoder i klartekst. Nogle værktøjer, som bruger " "adgangskoder i klartekst, er ikke i konflikt, fordi de kan konfigureres til " "ikke at bruge adgangskoder i klartekst. Så installation af denne pakke vil " "kun hjælpe dig med nogle af de mest kritiske servere." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "The advice is to look at each available service and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Rådet er at kigge på hver tilgængelig tjeneste og undersøge om den bruger " "adgangskoder i klartekst. Hvis den gør, så forsøg at konfigurere den så den " "starter op med kryptering eller en slags udvekslingsalgoritme for " "adgangskode som ikke kræver adgangskoder i klartekst." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "Default services and inetd" msgstr "Standardtjenester og inetd" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "By default some unnecessary services are enabled on your system. The program " "that provides them is inetd. There are alternatives to inetd which are more " "flexible. The problem is not that inetd in itself is insecure so you will " "probably not need to remove it. The problem is that you have to configure it " "to provide only the services that are really needed." msgstr "" "Som standard er en række unødvendige tjenester aktiveret på dit system. " "Programmet som tilbyder dem er inetd. Der er alternativer til inetd, som er " "mere fleksible. Problemet er ikke at inetd i sig selv er usikkert, så du vil " "sikkert ikke skulle fjerne programmet. Problemet er, at du skal konfigurere " "programmet så det kun tilbyder de tjenester, som virkelig er krævet." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "If you have the normal inetd program installed you should configure it by " "editing /etc/inetd.conf." msgstr "" "Hvis du har det normale inetd-program installeret, så skal du konfigurere " "det ved at redigere /etc/inetd.conf." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "The general rule is to comment all lines that you do not need. If you do not " "know what it is, you probably do not need it. If you discover some problem " "you can always uncomment it later." msgstr "" "Den generelle regel er at udkommentere alle linjer, som du ikke har brug " "for. Hvis du ikke ved hvad det er, så har du sikkert ikke brug for det. Hvis " "du så opdager nogle problemer, kan du altid fjerne udkommenteringen igen " "senere." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "When you have edited that file, you have to restart the inet daemon with the " "following command: /etc/init.d/inetd restart" msgstr "" "Når ud har redigeret den fil, så skal du genstarte inet-dæmonen med den " "følgende kommando: /etc/init.d/inetd restart" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "VNC server" msgstr "VNC-server" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "" "The VNC server in the Debian GNU/Linux distribution contains the tightvnc " "patches which in addition to adding compression make it possible to use ssh " "tunnelling. You do that from the client by adding the -via switch when " "connecting. To make sure that no plaintext passwords are transmitted over " "the network you have to add firewalling rules on the local machine that " "disallow direct connections to the VNC ports (see the manpage for exact " "numbers). Only connections from the local interface should be allowed, to " "make it possible to tunnel it using ssh." msgstr "" "VNC-serveren i Debian GNU/Linux-distributionen indeholder tightvnc-" "rettelserne som udover at tilføje komprimering gør det muligt at bruge ssh " "tunnelling. Du gør det fra klienten ved at tilføje kontakten -via når du " "forbinder. For at sikre at ingen adgangskoder i klartekst sendes over " "netværket, skal du tilføje brandmursregler (firewall) på den lokale maskine " "som deaktiverer direkte forbindelser til VNC-portene (se manualsiden for " "præcise tal). Kun forbindelser fra den lokale grænseflade bør være tilladt, " "for at gøre det muligt at tunnelere den med brug af ssh." #. Type: note #. Description #: ../harden.templates:1001 msgid "Harden your Debian GNU/Linux system" msgstr "Gør dit Debian GNU/Linux-system mere sikkert" #. Type: note #. Description #: ../harden.templates:1001 msgid "" "Hardening your Debian GNU/Linux system is NOT as simple as installing a " "package. You need a LOT of knowledge about what to do when configuring the " "system. This package will try to help you to take proper actions and will " "give some suggestions." msgstr "" "At gøre dit Debian GNU/Linux-system mere sikkert er IKKE klaret med at " "installere en pakke. Du har brug for en MASSE viden, om hvad der skal gøres, " "når du konfigurerer systemet. Denne pakke vil forsøge at hjælpe dig med at " "foretage de korrekte handlinger og vil komme med nogle forslag." #. Type: note #. Description #: ../harden.templates:1001 msgid "" "In the harden-doc package you can find documentation on how to make your " "Debian installation more secure. It is also available at: http://www.debian." "org/doc/manuals/securing-debian-howto/" msgstr "" "I pakken harden-doc kan du finde dokumentation, om hvordan du gør din " "Debianinstallation mere sikker. Den er også tilgængelig på: http://www." "debian.org/doc/manuals/securing-debian-howto/" harden-0.1.38+nmu1/debian/po/ru.po0000600000000000000000000002651611710557351013443 0ustar # translation of ru.po to Russian # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Yuri Kozlov , 2009. msgid "" msgstr "" "Project-Id-Version: harden 0.1.36\n" "Report-Msgid-Bugs-To: opal@debian.org\n" "POT-Creation-Date: 2006-08-20 17:55+0200\n" "PO-Revision-Date: 2009-06-23 21:11+0400\n" "Last-Translator: Yuri Kozlov \n" "Language-Team: Russian \n" "Language: ru\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "Plaintext passwords" msgstr "Нешифрованные пароли" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "Services that use plaintext passwords are almost by definition insecure. The " "reason is that you cannot know if someone is sniffing your passwords." msgstr "" "Службы, использующие нешифрованные пароли, по определению не защищены, так " "как вы не знаете, подсмотрел кто-нибудь ваш пароль или нет." #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "In a local environment with no connection to the outside world this is of " "course not a big problem. On the other hand then you will not need to secure " "your system at all and should not need this package." msgstr "" "В локальных средах без доступа извне, это, конечно, не такая большая " "проблема. В этом случае вам вообще ненужно следить за безопасностью в " "системе, и поэтому и данный пакет тоже ненужен." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "This package conflicts with a lot of client service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "clients." msgstr "" "Данный пакет конфликтует со многими клиентскими частями служб, работа " "которых зависит от нешифрованных паролей. С некоторыми инструментами, " "использующими нешифрованные пароли, конфликта не возникает, так как они " "могут быть настроены не использовать нешифрованные пароли. Поэтому установка " "данного пакета поможет обнаружить только наиболее проблемные клиентские " "программы." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "The advice is to look at each available client and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Советуем проверить каждую клиентскую программу, не использует ли она " "нешифрованные пароли. Если использует, попытайтесь настроить в ней " "шифрование паролей, или измените способ работы, который не требует " "нешифрованных паролей." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "This package conflicts with a lot of server service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "servers." msgstr "" "Данный пакет конфликтует со многими серверными частями служб, работа которых " "зависит от нешифрованных паролей. С некоторыми инструментами, использующими " "нешифрованные пароли, конфликта не возникает, так как они могут быть " "настроены не использовать нешифрованные пароли. Поэтому установка данного " "пакета поможет обнаружить только наиболее проблемные серверные программы." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "The advice is to look at each available service and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Советуем проверить каждую доступную службу, не использует ли она " "нешифрованные пароли. Если использует, попытайтесь настроить в ней " "шифрование паролей, или измените способ работы, который не требует " "нешифрованных паролей." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "Default services and inetd" msgstr "Службы по умолчанию и inetd" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "By default some unnecessary services are enabled on your system. The program " "that provides them is inetd. There are alternatives to inetd which are more " "flexible. The problem is not that inetd in itself is insecure so you will " "probably not need to remove it. The problem is that you have to configure it " "to provide only the services that are really needed." msgstr "" "По умолчанию в системе включены некоторые ненужные службы. Программа, " "которая их предоставляет — inetd. Существуют альтернативы inetd, которые " "более гибко настраиваются. Проблема не в том, что небезопасна сама inetd, " "её, скорее всего, ненужно удалять. Проблема в том, что вы должны настроить в " "ней запуск только тех служб, которые вам действительно нужны." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "If you have the normal inetd program installed you should configure it by " "editing /etc/inetd.conf." msgstr "" "Если у вас установлена обычная программа inetd, то настройте её, " "отредактировав файл /etc/inetd.conf." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "The general rule is to comment all lines that you do not need. If you do not " "know what it is, you probably do not need it. If you discover some problem " "you can always uncomment it later." msgstr "" "Общее правило: закомментируйте все ненужные строки. Если вы не знаете для " "чего эта строка, значит она ненужна. Если возникнет проблема, то позже " "всегда можно убрать комментирование." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "When you have edited that file, you have to restart the inet daemon with the " "following command: /etc/init.d/inetd restart" msgstr "" "По окончании редактирования этого файла перезапустите службу inet командой: /" "etc/init.d/inetd restart" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "VNC server" msgstr "Сервер VNC" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "" "The VNC server in the Debian GNU/Linux distribution contains the tightvnc " "patches which in addition to adding compression make it possible to use ssh " "tunnelling. You do that from the client by adding the -via switch when " "connecting. To make sure that no plaintext passwords are transmitted over " "the network you have to add firewalling rules on the local machine that " "disallow direct connections to the VNC ports (see the manpage for exact " "numbers). Only connections from the local interface should be allowed, to " "make it possible to tunnel it using ssh." msgstr "" "Сервер VNC в дистрибутиве Debian GNU/Linux содержит заплаты tightvnc, " "которые добавляют сжатие для работы через туннелирование ssh. В клиенте это " "указывается параметром -via при подключении. Чтобы случайно не передать " "нешифрованные пароли через сеть, добавьте правила в межсетевой экран " "локальной машины, которые запретят прямые подключения по портам VNC (номера " "портов см. в справочной странице). Должны быть разрешены подключения только " "с локального интерфейса — для организации туннеля через ssh." #. Type: note #. Description #: ../harden.templates:1001 msgid "Harden your Debian GNU/Linux system" msgstr "Укрепи свою систему Debian GNU/Linux" #. Type: note #. Description #: ../harden.templates:1001 msgid "" "Hardening your Debian GNU/Linux system is NOT as simple as installing a " "package. You need a LOT of knowledge about what to do when configuring the " "system. This package will try to help you to take proper actions and will " "give some suggestions." msgstr "" "Укрепление системы Debian GNU/Linux — это НЕ ПРОСТО установка пакета. Вы " "должны МНОГО знать о том, как настраивать систему. Этот пакет поможет в " "выполнении правильных действий и даст рекомендации." #. Type: note #. Description #: ../harden.templates:1001 msgid "" "In the harden-doc package you can find documentation on how to make your " "Debian installation more secure. It is also available at: http://www.debian." "org/doc/manuals/securing-debian-howto/" msgstr "" "В пакете harden-doc вы найдёте документацию о том, как сделать установленный " "Debian более защищённым. Также она доступна: http://www.debian.org/doc/" "manuals/securing-debian-howto/" harden-0.1.38+nmu1/debian/po/pt.po0000600000000000000000000002224211710557351013430 0ustar # Portuguese translation of harden's debconf messages. # Copyright (C) 2007 # This file is distributed under the same license as the harden package. # Luísa Lourenço , YEAR. # msgid "" msgstr "" "Project-Id-Version: harden 0.1.30\n" "Report-Msgid-Bugs-To: opal@debian.org\n" "POT-Creation-Date: 2006-08-20 17:55+0200\n" "PO-Revision-Date: 2007-03-16 11:41+0000\n" "Last-Translator: Luísa Lourenço \n" "Language-Team: Portuguese \n" "Language: pt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "Plaintext passwords" msgstr "Palavras-chave de texto simples" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "Services that use plaintext passwords are almost by definition insecure. The " "reason is that you cannot know if someone is sniffing your passwords." msgstr "" "Os serviços que usem palavras-chave de texto simples são quase inseguras por " "definição. A razão é que não pode saber se alguém está a apanhar as suas " "palavras chave." #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "In a local environment with no connection to the outside world this is of " "course not a big problem. On the other hand then you will not need to secure " "your system at all and should not need this package." msgstr "" "Num ambiente local sem ligação para o mundo exterior isto não é obviamente " "um grande problema. Por outro lado também não iria precisar de proteger o " "seu sistema de todo e não precisaria deste pacote." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "This package conflicts with a lot of client service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "clients." msgstr "" "Este pacote entra em conflito com muitos componentes de serviço cliente que " "dependem de palavras chave de texto simples. Algumas ferramentas que usam " "palavras-chave de texto simples não entram em conflito porque podem ser " "configuradas para não usar palavras chave de texto simples. Por isso " "instalar este pacote só irá ajudá-lo com alguns dos clientes mais criticos." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "The advice is to look at each available client and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "O conselho é olhar para cada cliente disponível e investigar se usa palavras-" "chave de texto simples. Se o fizer, tente configurar para que comece a usar " "palavras-chave encriptadas ou um algoritmo de troca de palavras-chave que " "não precise de palavras-chave de texto simples." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "This package conflicts with a lot of server service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "servers." msgstr "" "Este pacote entra em conflito com muitos componentes de serviço servidor que " "dependem de palavras chave de texto simples. Algumas ferramentas que usam " "palavras-chave de texto simples não entram em conflito porque podem ser " "configuradas para não usar palavras-chave de texto simples. Por isso " "instalar este pacote só irá ajudá-lo com alguns dos servidores mais " "críticos." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "The advice is to look at each available service and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "O conselho é olhar para cada serviço disponível e investigar se usa palavras-" "chave de texto simples. Se o fizer, tente configurar para que comece a usar " "palavras-chave encriptadas ou um algoritmo de troca de palavras-chave que " "não precise de palavras-chave de texto simples." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "Default services and inetd" msgstr "Serviços por omissão e inetd" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "By default some unnecessary services are enabled on your system. The program " "that provides them is inetd. There are alternatives to inetd which are more " "flexible. The problem is not that inetd in itself is insecure so you will " "probably not need to remove it. The problem is that you have to configure it " "to provide only the services that are really needed." msgstr "" "Por omissão alguns serviços desnecessários estão activados no seu sistema. O " "programa que os providencia é o inetd. Existem alternativas ao inetd que são " "mais flexíveis. O problema não é o inetd por si ser inseguro por isso não " "irá provavelmente precisar de o remover. O problema é que o tem de " "configurar para disponibilizar somente os serviços que são mesmo necessários." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "If you have the normal inetd program installed you should configure it by " "editing /etc/inetd.conf." msgstr "" "Se tem o programa inetd normal instalado devia configurá-lo editando o /etc/" "inetd.conf." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "The general rule is to comment all lines that you do not need. If you do not " "know what it is, you probably do not need it. If you discover some problem " "you can always uncomment it later." msgstr "" "A regra geral é comentar todas as linhas que não precisa. Se não sabe quais " "é que são, provavelmente, não precisa. Se descobrir um problema pode sempre " "descomentar mais tarde." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "When you have edited that file, you have to restart the inet daemon with the " "following command: /etc/init.d/inetd restart" msgstr "" "Quando tiver editado aquele ficheiro, terá que reinciar o deamon do inet com " "o seguinte comando: /etc/init.d/inetd restart" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "VNC server" msgstr "Servidor VNC" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "" "The VNC server in the Debian GNU/Linux distribution contains the tightvnc " "patches which in addition to adding compression make it possible to use ssh " "tunnelling. You do that from the client by adding the -via switch when " "connecting. To make sure that no plaintext passwords are transmitted over " "the network you have to add firewalling rules on the local machine that " "disallow direct connections to the VNC ports (see the manpage for exact " "numbers). Only connections from the local interface should be allowed, to " "make it possible to tunnel it using ssh." msgstr "" "O servidor VNC na distribuição Debian GNU/Linux contém os patches do " "tightvnc que além de adicionar compressão tornam possivel de usar o túnel de " "ssh. Faz isso a partir do cliente ao adiconar o switch -via quando está a " "conectar. Para ter a certeza que nenhumas palavras chave de texto simples " "são transmitidas através da rede tem de adicionar as regras de firewall na " "máquina local que não permitam conexões directas para as portas VNC (veja a " "página do manual para os números exactos). Somente conexões a partir da " "interface local devem ser permitidas, para tornar possível fazer um túnel de " "ssh." #. Type: note #. Description #: ../harden.templates:1001 msgid "Harden your Debian GNU/Linux system" msgstr "Torne o seu sistema Debian GNU/Linux robusto." #. Type: note #. Description #: ../harden.templates:1001 msgid "" "Hardening your Debian GNU/Linux system is NOT as simple as installing a " "package. You need a LOT of knowledge about what to do when configuring the " "system. This package will try to help you to take proper actions and will " "give some suggestions." msgstr "" "Tornar o seu sistema Debian GNU/Linux robusto NÃO é tão simples como " "instalar um pacote. Precisa de MUITO conhecimento acerca do que fazer quando " "está a configurar o seu sistema. Este pacote tenta ajudá-lo a tomar acções " "apropriadas e irá dar algumas sugestões." #. Type: note #. Description #: ../harden.templates:1001 msgid "" "In the harden-doc package you can find documentation on how to make your " "Debian installation more secure. It is also available at: http://www.debian." "org/doc/manuals/securing-debian-howto/" msgstr "" "No pacote harden-doc poderá encontrar documentação acerca de como tornar a " "sua instalação Debian mais segura. Também está disponível em: http://www." "debian.org/doc/manuals/securing-debian-howto/" harden-0.1.38+nmu1/debian/po/nl.po0000600000000000000000000002242011710557351013414 0ustar # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # msgid "" msgstr "" "Project-Id-Version: harden\n" "Report-Msgid-Bugs-To: opal@debian.org\n" "POT-Creation-Date: 2006-08-20 17:55+0200\n" "PO-Revision-Date: 2007-03-03 23:13+0100\n" "Last-Translator: Bart Cornelis \n" "Language-Team: debian-l10n-dutch \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "Plaintext passwords" msgstr "Platte-tekst-wachtwoorden" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "Services that use plaintext passwords are almost by definition insecure. The " "reason is that you cannot know if someone is sniffing your passwords." msgstr "" "Diensten die gebruik maken van platte-tekst-wachtwoorden zijn bijna per " "definitie onveilig. De reden hiervoor is dat het onmogelijk te weten is of " "iemand uw wachtwoorden snift." #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "In a local environment with no connection to the outside world this is of " "course not a big problem. On the other hand then you will not need to secure " "your system at all and should not need this package." msgstr "" "In een lokale omgeving met geen verbindingen naar het wijdere internet is " "dit geen groot probleem. Maar in zo'n geval heeft beveiliging van uw systeem " "zowieso weinig waarde en heeft u dit pakket waarschijnlijk niet nodig." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "This package conflicts with a lot of client service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "clients." msgstr "" "Dit pakket conflicteert met een groot aantal clientcomponenten die diensten " "voorzien die afhangen van platte-tekst wachtwoorden. Sommige platte-tekst-" "wachtwoorden gebruikende programma's conflicteren niet met dit pakket, omdat " "ze configuratie toelaten die het gebruik van platte-tekst wachtwoorden " "uitschakelt. Installatie van dit pakket geeft dan ook enkel verzekereing bij " "sommige van de meest kritieke clients." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "The advice is to look at each available client and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Het advies is om alle beschikbare clients na te lopen en te onderzoeken of " "ze platte-tekst-wachtwoorden gebruiken. Indien zo probeer ze dan in te " "stellen zodat ze gebruik maken van versleuteling of een wachtwoord-" "uitwisselingsalgoritme dat geen platte-tekst-wachtwoorden vereist." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "This package conflicts with a lot of server service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "servers." msgstr "" "Dit pakket conflicteert met een groot aantal servercomponenten die diensten " "voorzien die afhangen van platte-tekst wachtwoorden. Sommige platte-tekst-" "wachtwoorden gebruikende programma's conflicteren niet met dit pakket, omdat " "ze configuratie toelaten die het gebruik van platte-tekst wachtwoorden " "uitschakelt. Installatie van dit pakket geeft dan ook enkel verzekereing bij " "sommige van de meest kritieke servers." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "The advice is to look at each available service and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Het advies is om alle beschikbare diensten na te lopen en te onderzoeken of " "ze platte-tekst-wachtwoorden gebruiken. Indien zo probeer ze dan in te " "stellen zodat ze gebruik maken van versleuteling of een wachtwoord-" "uitwisselingsalgoritme dat geen platte-tekst-wachtwoorden vereist." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "Default services and inetd" msgstr "Standaarddiensten en inetd" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "By default some unnecessary services are enabled on your system. The program " "that provides them is inetd. There are alternatives to inetd which are more " "flexible. The problem is not that inetd in itself is insecure so you will " "probably not need to remove it. The problem is that you have to configure it " "to provide only the services that are really needed." msgstr "" "Standaard zijn er enkele onnodige diensten geactiveerd op uw system. Het " "programma dat deze voorziet is inetd. Er zijn alternatieven voor inetd die " "flexibeler zijn. Het probleem is niet dat inetd zelf onveilig is, u dient " "inetd echter wel in te stellen om enkel die diensten te voorzien die echt " "nodig zijn." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "If you have the normal inetd program installed you should configure it by " "editing /etc/inetd.conf." msgstr "" "Als u het normale inetd-programma heeft geïnstalleerd kunt u dit " "configureren door /etc/inetd.conf aan te passen." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "The general rule is to comment all lines that you do not need. If you do not " "know what it is, you probably do not need it. If you discover some problem " "you can always uncomment it later." msgstr "" "De algemene regel is om alle regels die niet nodig heeft als commentaar te " "makeren. Die dingen waarvan u niet weet wat ze zijn heeft u naar alle " "waarschijnlijkheid niet nodig. Mocht u later toch problemen ondervinden kunt " "deze altijd weer activeren." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "When you have edited that file, you have to restart the inet daemon with the " "following command: /etc/init.d/inetd restart" msgstr "" "Eens u dit bestand aangepast heeft, dient u de inet-achtergronddienst te " "herstarten via het commando '/etc/init.d/inetd restart'." #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "VNC server" msgstr "VNC-server" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "" "The VNC server in the Debian GNU/Linux distribution contains the tightvnc " "patches which in addition to adding compression make it possible to use ssh " "tunnelling. You do that from the client by adding the -via switch when " "connecting. To make sure that no plaintext passwords are transmitted over " "the network you have to add firewalling rules on the local machine that " "disallow direct connections to the VNC ports (see the manpage for exact " "numbers). Only connections from the local interface should be allowed, to " "make it possible to tunnel it using ssh." msgstr "" "De VNC-server in de Debian GNU/Linux distributie bevat de tightvnc-patches. " "Deze voegen compressie toe en maken het bovendien mogelijk om ssh-tunnellen " "te gebruiken. U doet dat met de client door de -via schakelaar mee te geven " "bij het maken van de verbinding. Om te verzekeren dat er geen platte-tekst-" "wachtwoorden verstuurd worden over het netwerk dient u firewall-regels toe " "te voegen aan de lokale machine die directe verbindingen naar de VNS-poorten " "verbieden (zie de manpagina voor exacte poortnummers). Om het gebruik van " "ssh-tunnels mogelijk te maken dienen enkel lokale interfaces toegelaten te " "worden." #. Type: note #. Description #: ../harden.templates:1001 msgid "Harden your Debian GNU/Linux system" msgstr "Verhard uw Debian GNU/Linux systeem" #. Type: note #. Description #: ../harden.templates:1001 msgid "" "Hardening your Debian GNU/Linux system is NOT as simple as installing a " "package. You need a LOT of knowledge about what to do when configuring the " "system. This package will try to help you to take proper actions and will " "give some suggestions." msgstr "" "Het verharden van uw Debian GNU/Linux systeem is NIET zo simpel als het " "installeren van een pakket. Er is HEEL WAT kennis nodig over wat te doen " "wanneer u het systeem instelt. Dit pakket probeert u te helpen om de juiste " "acties te nemen, en geeft een aantal suggesties." #. Type: note #. Description #: ../harden.templates:1001 msgid "" "In the harden-doc package you can find documentation on how to make your " "Debian installation more secure. It is also available at: http://www.debian." "org/doc/manuals/securing-debian-howto/" msgstr "" "Documentatie over hoe uw Debian-installatie beter te beveiligen vindt u in " "het pakket 'harden-doc'. Deze documentatie is ook beschikbaar op het adres " "http://www.debian.org/doc/manuals/securing-debian-howto/ ." harden-0.1.38+nmu1/debian/po/fr.po0000600000000000000000000002362611710557350013422 0ustar # translation of fr.po to French # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans# # Developers do not need to manually edit POT or PO files. # # Jeremy Monnet , 2004. # Christian Perrier , 2007. msgid "" msgstr "" "Project-Id-Version: fr\n" "Report-Msgid-Bugs-To: opal@debian.org\n" "POT-Creation-Date: 2006-08-20 17:55+0200\n" "PO-Revision-Date: 2007-01-18 22:25+0100\n" "Last-Translator: Christian Perrier \n" "Language-Team: French \n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=ISO-8859-15\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "Plaintext passwords" msgstr "Mots de passe en clair" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "Services that use plaintext passwords are almost by definition insecure. The " "reason is that you cannot know if someone is sniffing your passwords." msgstr "" "Les services qui utilisent des mots de passe en clair sont par dfinition " "peu scuriss. En effet, vous ne pouvez jamais savoir si quelqu'un n'est pas " "en train de capturer votre mot de passe." #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "In a local environment with no connection to the outside world this is of " "course not a big problem. On the other hand then you will not need to secure " "your system at all and should not need this package." msgstr "" "Dans un environnement local sans connexion avec l'extrieur, ce n'est bien " "sr pas un gros problme. Dans ce cas, toutefois, vous avez moins besoin de " "scuriser votre systme et vous n'avez donc pas besoin de ce paquet." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "This package conflicts with a lot of client service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "clients." msgstr "" "Ce paquet entre en conflit avec de nombreux clients qui dpendent de mots de " "passe en clair. Quelques outils utilisant des mots de passe en clair " "n'entrent pas en conflit avec ce paquet car il est possible de les " "configurer pour ne pas utiliser de mots de passe en clair. Aussi, " "l'installation de ce paquet ne vous aidera que pour certains des clients les " "plus critiques." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "The advice is to look at each available client and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Vous devriez vrifier chaque client disponible et rechercher pour chacun " "d'entre eux s'ils utilisent des mots de passe en clair. Si c'est le cas, " "essayez de les configurer pour qu'ils utilisent le chiffrement ou des " "mcanismes d'change de mots de passe qui n'ont pas besoin d'changer des " "mots de passe en clair." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "This package conflicts with a lot of server service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "servers." msgstr "" "Ce paquet entre en conflit avec de nombreux serveurs qui dpendent d'un mot " "de passe en clair. Quelques outils utilisant des mots de passe en clair " "n'entrent pas en conflit avec ce paquet car ils peuvent tre configurs pour " "ne pas utiliser de mots de passe en clair. Aussi, l'installation de ce " "paquet ne vous aidera que pour certains des serveurs les plus critiques." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "The advice is to look at each available service and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Vous devriez vrifier chaque serveur disponible et rechercher pour chacun " "d'entre eux s'ils utilisent des mots de passe en clair. Si c'est le cas, " "essayez de les configurer pour qu'ils utilisent le chiffrement ou des " "mcanismes d'change de mots de passe qui n'ont pas besoin de faire circuler " "des mots de passe en clair." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "Default services and inetd" msgstr "Services par dfaut et inetd" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "By default some unnecessary services are enabled on your system. The program " "that provides them is inetd. There are alternatives to inetd which are more " "flexible. The problem is not that inetd in itself is insecure so you will " "probably not need to remove it. The problem is that you have to configure it " "to provide only the services that are really needed." msgstr "" "Par dfaut, des services qui ne sont pas indispensables sont activs sur " "votre systme. Le programme qui les fournit est inetd. Il existe d'autres " "alternatives a inetd qui sont plus flexibles. Le problme n'est pas que " "inetd n'est pas sr par lui-mme, et vous n'aurez probablement pas besoin de " "le supprimer. Mais vous devriez le configurer pour fournir uniquement les " "services dont vous avez vraiment besoin." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "If you have the normal inetd program installed you should configure it by " "editing /etc/inetd.conf." msgstr "" "Si vous avez le programme inetd standard, vous devriez le configurer en " "modifiant le fichier /etc/inetd.conf." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "The general rule is to comment all lines that you do not need. If you do not " "know what it is, you probably do not need it. If you discover some problem " "you can always uncomment it later." msgstr "" "La rgle gnrale est de commenter toutes les lignes dont vous n'avez pas " "besoin. Si vous ne savez pas quoi une ligne correspond, vous n'en avez " "probablement pas besoin. Si vous dcouvrez des problmes par la suite, vous " "pouvez toujours les dcommenter." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "When you have edited that file, you have to restart the inet daemon with the " "following command: /etc/init.d/inetd restart" msgstr "" "Aprs avoir modifi ce fichier, vous devez redmarrer le dmon inetd avec la " "commande: /etc/init.d/inetd restart." #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "VNC server" msgstr "Serveur VNC" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "" "The VNC server in the Debian GNU/Linux distribution contains the tightvnc " "patches which in addition to adding compression make it possible to use ssh " "tunnelling. You do that from the client by adding the -via switch when " "connecting. To make sure that no plaintext passwords are transmitted over " "the network you have to add firewalling rules on the local machine that " "disallow direct connections to the VNC ports (see the manpage for exact " "numbers). Only connections from the local interface should be allowed, to " "make it possible to tunnel it using ssh." msgstr "" "Le serveur VNC de la distribution Debian GNU/Linux contient les correctifs " "tightvnc qui, en plus d'ajouter la compression, rendent possible " "l'utilisation d'un tunnel SSH. Vous pouvez utiliser cette fonctionnalit " "avec le client en ajoutant l'option -via lors de la connexion. Pour tre sr " "de ne pas transmettre de mots de passe en clair sur le rseau, vous devriez " "ajouter des rgles de pare-feu sur la machine locale qui empchent une " "connexion directe aux ports VNC. Veuillez vous reporter la page de manuel " "pour les numros de ces ports. Seules les connexions depuis l'interface " "locale doivent tre autorises pour rendre possible l'utilisation d'un " "tunnel SSH." #. Type: note #. Description #: ../harden.templates:1001 msgid "Harden your Debian GNU/Linux system" msgstr "Scurisez votre systme Debian GNU/Linux" #. Type: note #. Description #: ../harden.templates:1001 msgid "" "Hardening your Debian GNU/Linux system is NOT as simple as installing a " "package. You need a LOT of knowledge about what to do when configuring the " "system. This package will try to help you to take proper actions and will " "give some suggestions." msgstr "" "Scuriser votre systme Debian GNU/Linux ne se limite PAS installer un " "paquet. Vous devez avoir BEAUCOUP de connaissances sur ce qu'il faut faire " "lors de sa configuration. Ce paquet essaie de vous aider avoir les bons " "reflexes et vous donne quelques conseils." #. Type: note #. Description #: ../harden.templates:1001 msgid "" "In the harden-doc package you can find documentation on how to make your " "Debian installation more secure. It is also available at: http://www.debian." "org/doc/manuals/securing-debian-howto/" msgstr "" "Dans le paquet harden-doc, vous pouvez trouver de la documentation sur la " "manire de rendre votre installation de Debian plus scurise. Elle est " "aussi disponible l'adresse: http://www.debian.org/doc/manuals/securing-" "debian-howto/" harden-0.1.38+nmu1/debian/po/es.po0000600000000000000000000002371111710557350013415 0ustar # harden po-debconf translation to Spanish # Copyright (C) 2007, 2009, 2010 Software in the Public Interest # This file is distributed under the same license as the harden package. # # Changes: # - Initial translation # Carlos Galisteo , 2007 # # - Updates # Francisco Javier Cuadrado , 2009, 2010 # # Traductores, si no conocen el formato PO, merece la pena leer la # documentación de gettext, especialmente las secciones dedicadas a este # formato, por ejemplo ejecutando: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Equipo de traducción al español, por favor lean antes de traducir # los siguientes documentos: # # - El proyecto de traducción de Debian al español # http://www.debian.org/intl/spanish/ # especialmente las notas de traducción en # http://www.debian.org/intl/spanish/notas # # - La guía de traducción de po's de debconf: # /usr/share/doc/po-debconf/README-trans # o http://www.debian.org/intl/l10n/po-debconf/README-trans # msgid "" msgstr "" "Project-Id-Version: harden 0.1.36\n" "Report-Msgid-Bugs-To: opal@debian.org\n" "POT-Creation-Date: 2006-08-20 17:55+0200\n" "PO-Revision-Date: 2010-03-25 10:56+0100\n" "Last-Translator: Francisco Javier Cuadrado \n" "Language-Team: Debian l10n Spanish \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "Plaintext passwords" msgstr "Contraseñas en texto claro" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "Services that use plaintext passwords are almost by definition insecure. The " "reason is that you cannot know if someone is sniffing your passwords." msgstr "" "Los servicios que usan contraseñas en texto claro son inseguros casi por " "definición. La razón es que no puede saber si hay alguien espiando sus " "contraseñas." #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "In a local environment with no connection to the outside world this is of " "course not a big problem. On the other hand then you will not need to secure " "your system at all and should not need this package." msgstr "" "En un entorno local sin conexión al mundo exterior, esto no supone un gran " "problema. Por otro lado, si esto es así no necesitará asegurar el sistema y " "puede que no necesite este paquete." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "This package conflicts with a lot of client service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "clients." msgstr "" "Este paquete entra en conflicto con muchos clientes de servicios que " "dependen de contraseñas en texto claro. Algunas herramientas que usan " "contraseñas en texto claro no entran en conflicto porque pueden configurarse " "para que no las usen. Así que instalar este paquete sólo le ayudará con " "algunos de los clientes más críticos." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "The advice is to look at each available client and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Lo más aconsejable es revisar cada cliente disponible e investigar si usa " "contraseñas en texto claro. Si lo hace, intente configurarlo para que se " "inicie usando cifrado o algún algoritmo de intercambio de contraseñas que no " "requiera contraseñas en texto claro." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "This package conflicts with a lot of server service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "servers." msgstr "" "Este paquete entra en conflicto con muchos servidores de servicios que " "dependen de contraseñas en texto claro. Algunas herramientas que usan " "contraseñas en texto claro no entran en conflicto porque pueden configurarse " "para que no las usen. Así que instalar este paquete sólo le ayudará con " "algunos de los servidores más críticos." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "The advice is to look at each available service and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Lo más aconsejable es revisar cada servidor disponible e investigar si usa " "contraseñas en texto claro. Si lo hace, intente configurarlo para que se " "inicie usando cifrado o algún algoritmo de intercambio de contraseñas que no " "requiera contraseñas en texto claro." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "Default services and inetd" msgstr "Servicios predeterminados e inetd" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "By default some unnecessary services are enabled on your system. The program " "that provides them is inetd. There are alternatives to inetd which are more " "flexible. The problem is not that inetd in itself is insecure so you will " "probably not need to remove it. The problem is that you have to configure it " "to provide only the services that are really needed." msgstr "" "Algunos servicios innecesarios están habilitados de manera predeterminada en " "el sistema. El programa que los proporciona es inetd. Existen alternativas a " "inetd que son más flexibles. El problema no es que inetd sea inseguro en sí " "mismo, por lo que probablemente no necesitará eliminarlo. El problema es que " "debe configurarlo para que proporcione sólo los servicios que sean realmente " "necesarios." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "If you have the normal inetd program installed you should configure it by " "editing /etc/inetd.conf." msgstr "" "Si tiene instalado el programa inetd normal debería configurarlo editando «/" "etc/inetd.conf»." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "The general rule is to comment all lines that you do not need. If you do not " "know what it is, you probably do not need it. If you discover some problem " "you can always uncomment it later." msgstr "" "La regla general es comentar todas las líneas que no necesite. Si no sabe lo " "que es, probablemente no lo necesite. Si descubre algún problema siempre " "puede descomentarlo más tarde." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "When you have edited that file, you have to restart the inet daemon with the " "following command: /etc/init.d/inetd restart" msgstr "" "Cuando haya editado ese archivo, debe reiniciar el servicio inetd con la " "siguiente orden: «/etc/init.d/inetd restart»" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "VNC server" msgstr "Servidor de VNC" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "" "The VNC server in the Debian GNU/Linux distribution contains the tightvnc " "patches which in addition to adding compression make it possible to use ssh " "tunnelling. You do that from the client by adding the -via switch when " "connecting. To make sure that no plaintext passwords are transmitted over " "the network you have to add firewalling rules on the local machine that " "disallow direct connections to the VNC ports (see the manpage for exact " "numbers). Only connections from the local interface should be allowed, to " "make it possible to tunnel it using ssh." msgstr "" "El servidor de VNC de la distribución Debian GNU/Linux contiene los parches " "de tightvnc que, junto con la incorporación de la compresión, posibilitan el " "uso de túneles ssh. Esto se hace desde el cliente, añadiendo el parámetro «-" "via» al conectar. Para asegurarse de que no se transmiten contraseñas en " "texto claro por la red debe añadir reglas de filtrado a la máquina local que " "deshabiliten las conexiones directas a los puertos de VNC (consulte los " "números exactos en las páginas del manual). Sólo se deberían permitir las " "conexiones desde el interfaz local, para hacer posible su paso por un túnel " "ssh." #. Type: note #. Description #: ../harden.templates:1001 msgid "Harden your Debian GNU/Linux system" msgstr "Reforzar la seguridad de su sistema Debian GNU/Linux." #. Type: note #. Description #: ../harden.templates:1001 msgid "" "Hardening your Debian GNU/Linux system is NOT as simple as installing a " "package. You need a LOT of knowledge about what to do when configuring the " "system. This package will try to help you to take proper actions and will " "give some suggestions." msgstr "" "Reforzar la seguridad de su sistema Debian GNU/Linux NO es tan simple como " "instalar un paquete. Necesita MUCHOS conocimientos sobre qué hacer al " "configurar el sistema. Este paquete tratará de ayudarle a tomar las medidas " "oportunas y le ofrecerá algunas sugerencias." #. Type: note #. Description #: ../harden.templates:1001 msgid "" "In the harden-doc package you can find documentation on how to make your " "Debian installation more secure. It is also available at: http://www.debian." "org/doc/manuals/securing-debian-howto/" msgstr "" "En el paquete harden-doc puede encontrar la documentación sobre cómo hacer " "su instalación de Debian más segura. También está disponible en: http://www." "debian.org/doc/manuals/securing-debian-howto/" harden-0.1.38+nmu1/debian/po/cs.po0000600000000000000000000002463111710557350013415 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # msgid "" msgstr "" "Project-Id-Version: harden\n" "Report-Msgid-Bugs-To: opal@debian.org\n" "POT-Creation-Date: 2006-08-20 17:55+0200\n" "PO-Revision-Date: 2006-05-09 21:15+0200\n" "Last-Translator: Miroslav Kure \n" "Language-Team: Czech \n" "Language: cs\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "Plaintext passwords" msgstr "Nešifrovaná hesla" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "Services that use plaintext passwords are almost by definition insecure. The " "reason is that you cannot know if someone is sniffing your passwords." msgstr "" "Služby, které používají nešifrovaná hesla, jsou již z definice nebezpečné. " "Nikdy totiž nevíte, zda někdo vaši komunikaci neodposlouchává." #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "In a local environment with no connection to the outside world this is of " "course not a big problem. On the other hand then you will not need to secure " "your system at all and should not need this package." msgstr "" "V lokálním prostředí bez připojení ke vnějšímu světu to samozřejmě není až " "tak velký problém, ale na druhou stranu pokud nepotřebujete zabezpečit " "systém, nepotřebujete ani tento balík." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "This package conflicts with a lot of client service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "clients." msgstr "" "Tento balík koliduje se spoustou klientských služeb, které závisí na " "nešifrovaných heslech. Nejsou zde zahrnuty ty nástroje, které můžete " "nastavit, aby používaly šifrovaná hesla, ale standardně tak nečiní. " "Instalací balíku se tedy zbavíte pouze nejkritičtějších klientů." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "The advice is to look at each available client and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Zkuste se podívat na všechny dostupné klienty a zjistit zda používají " "nešifrovaná hesla. Pokud ano, pokuste se klienty nastavit tak, aby používali " "šifrování nebo jiný algoritmus nevyžadující nešifrovaná hesla." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "This package conflicts with a lot of server service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "servers." msgstr "" "Tento balík koliduje se spoustou serverových služeb, které závisí na " "nešifrovaných heslech. Nejsou zde zahrnuty ty nástroje, které můžete " "nastavit, aby používaly šifrovaná hesla, ale standardně tak nečiní. " "Instalací balíku se tedy zbavíte pouze nejkritičtějších služeb." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "The advice is to look at each available service and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Zkuste se podívat na všechny dostupné služby a zjistit, zda používají " "nešifrovaná hesla. Pokud ano, pokuste se je nastavit tak, aby používaly " "šifrování nebo jiný algoritmus nevyžadující nešifrovaná hesla." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "Default services and inetd" msgstr "Výchozí služby a inetd" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "By default some unnecessary services are enabled on your system. The program " "that provides them is inetd. There are alternatives to inetd which are more " "flexible. The problem is not that inetd in itself is insecure so you will " "probably not need to remove it. The problem is that you have to configure it " "to provide only the services that are really needed." msgstr "" "Implicitně jsou v systému zapnuty nepotřebné služby. Tyto služby jsou " "poskytovány programem inetd. Problém není v tom, že by inetd byl nebezpečný " "sám o sobě (proto jej nemusíte odstranit, i když jistě existují " "flexibilnější náhrady), ale v tom, že jej musíte nastavit tak, aby " "poskytoval pouze služby, které jsou opravdu potřeba." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "If you have the normal inetd program installed you should configure it by " "editing /etc/inetd.conf." msgstr "" "Máte-li nainstalován běžný inetd, můžete jej konfigurovat úpravou souboru /" "etc/inetd.conf." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "The general rule is to comment all lines that you do not need. If you do not " "know what it is, you probably do not need it. If you discover some problem " "you can always uncomment it later." msgstr "" "Obvyklé pravidlo zní: Zakomentovat vše, co nepotřebujete. Pokud nevíte, k " "čemu služba slouží, pravděpodobně ji nepotřebujete. Zjistíte-li problém, " "kdykoliv můžete službu odkomentovat." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "When you have edited that file, you have to restart the inet daemon with the " "following command: /etc/init.d/inetd restart" msgstr "" "Po úpravě souboru musíte restartovat daemon inetd následujícím příkazem: /" "etc/init.d/inetd restart" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "VNC server" msgstr "VNC server" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "" "The VNC server in the Debian GNU/Linux distribution contains the tightvnc " "patches which in addition to adding compression make it possible to use ssh " "tunnelling. You do that from the client by adding the -via switch when " "connecting. To make sure that no plaintext passwords are transmitted over " "the network you have to add firewalling rules on the local machine that " "disallow direct connections to the VNC ports (see the manpage for exact " "numbers). Only connections from the local interface should be allowed, to " "make it possible to tunnel it using ssh." msgstr "" "VNC server v distribuci Debian GNU/Linux obsahuje záplaty pro tightvnc, " "které kromě přidání komprimace přináší i podporu pro ssh tunelování. To " "můžete použít tak, že klientovi přidáte při připojování volbu -via. Abyste " "se ujistili, že nepoužíváte žádná nešifrovaná hesla, musíte nastavit " "firewall na svém počítači tak, aby zakázal přímá spojení na VNC porty (pro " "přesné hodnoty se podívejte do manuálové stránky). Povolena by měla být " "pouze spojení z lokálních rozhraní, aby je bylo možné tunelovat pomocí ssh." #. Type: note #. Description #: ../harden.templates:1001 msgid "Harden your Debian GNU/Linux system" msgstr "Zabezpečení vašeho systému Debian GNU/Linux" #. Type: note #. Description #: ../harden.templates:1001 msgid "" "Hardening your Debian GNU/Linux system is NOT as simple as installing a " "package. You need a LOT of knowledge about what to do when configuring the " "system. This package will try to help you to take proper actions and will " "give some suggestions." msgstr "" "K zabezpečení Debian GNU/Linuxu NESTAČÍ jenom nainstalovat balíček. Musíte " "mít SPOUSTY znalostí o správě systému. Tento balík vám pomůže vykročit " "správným směrem a nabídne vám některé návrhy." #. Type: note #. Description #: ../harden.templates:1001 msgid "" "In the harden-doc package you can find documentation on how to make your " "Debian installation more secure. It is also available at: http://www.debian." "org/doc/manuals/securing-debian-howto/" msgstr "" "V balíku harden-doc najdete nápady, jak lépe zabezpečit svou instalaci " "Debianu. Dokument je je také dostupný na http://www.debian.org/doc/manuals/" "securing-debian-howto/" #~ msgid "" #~ "The package fetchmail is installed on the local system. Normally this " #~ "package do not support secure connections so you are encouraged to use " #~ "fetchmail-ssl instead. A client that support encryption does not help if " #~ "the server does not support it. So make sure that the server side support " #~ "SSL encryption too." #~ msgstr "" #~ "Na tomto počítači je nainstalován balík fetchmail. Normálně tento balík " #~ "nepodporuje zabezpečené spojení, proto místo něj doporučujeme používat " #~ "fetchmail-ssl. Ani to však nepomůže, pokud šifrování nepodporuje i druhá " #~ "strana (server). Proto se vždy ujistěte zda server podporuje SSL spojení." #~ msgid "Fetchmail configuration" #~ msgstr "Nastavení fetchmailu" #~ msgid "" #~ "The package fetchmail-ssl is detected. You have to make sure that you " #~ "really use a encrypted connection. You do that by configuring the client " #~ "and at the same time check that the server really support encryption. If " #~ "the server do not support encryption it does not help if the client does." #~ msgstr "" #~ "V tomto počítači je nainstalován balík fetchmail-ssl. Ujistěte se zda " #~ "opravdu používá šifrované spojení. Učiňte tak v nastavení klienta a " #~ "zároveň zkontrolujte, zda server také používá šifrování. Pokud server " #~ "šifrování nepodporuje, pak není spojení s klientem zabezpečené." harden-0.1.38+nmu1/debian/po/ja.po0000600000000000000000000003053311710557351013401 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # # msgid "" msgstr "" "Project-Id-Version: harden 0.1.24\n" "Report-Msgid-Bugs-To: opal@debian.org\n" "POT-Creation-Date: 2006-08-20 17:55+0200\n" "PO-Revision-Date: 2006-10-11 00:08+0900\n" "Last-Translator: Hideki Yamane (Debian-JP) \n" "Language-Team: Japanese \n" "Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "Plaintext passwords" msgstr "平文パスワードについて" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "Services that use plaintext passwords are almost by definition insecure. The " "reason is that you cannot know if someone is sniffing your passwords." msgstr "" "平文パスワードを使っているサービスは全くセキュアではないとみなせます。その理" "由は、誰があなたのパスワードを盗み見ているのか分からないからです。" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "In a local environment with no connection to the outside world this is of " "course not a big problem. On the other hand then you will not need to secure " "your system at all and should not need this package." msgstr "" "外界との接点を持たない閉じたローカルな環境では、もちろんあまり大きな問題では" "ありません。言い換えると、そのような場合はシステムをセキュアにする必要は全く" "無く、このパッケージも必要がないということです。" #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "This package conflicts with a lot of client service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "clients." msgstr "" "このパッケージは平文パスワードに依存している多くのクライアントサービスのコン" "ポーネントと衝突 (conflict) します。平文パスワードを使う幾つかのツールについ" "ては、平文パスワードを使わないように設定できるので衝突 (conflict) しません。" "このパッケージをインストールするのは、もっとも致命的なサーバコンポーネントの" "利用の手助けをしてくれるというだけのことです。" #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "The advice is to look at each available client and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "アドバイスとしては、利用可能なクライアントとそれが平文パスワードを使っている" "かどうかをそれぞれ確認することです。使うような場合は、暗号化を行うようにする" "か、平文パスワードを必要としないパスワード交換アルゴリズムを使うかするように" "設定してみてください。" #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "This package conflicts with a lot of server service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "servers." msgstr "" "このパッケージは平文パスワードに依存している多くのサーバサービスのコンポーネ" "ントと衝突 (conflict) します。平文パスワードを使う幾つかのツールについては、" "平文パスワードを使わないように設定できるので衝突 (conflict) しません。この" "パッケージをインストールするのは、もっとも致命的なサーバコンポーネントの利用" "の手助けをしてくれるというだけのことです。" #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "The advice is to look at each available service and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "アドバイスとしては、利用可能なクライアントとそれが平文パスワードを使うかどう" "かをそれぞれ確認することです。使うような場合は、暗号化を行うようにするか、平" "文パスワードを必要としないパスワード交換アルゴリズムを使うかするように設定し" "てみてください。" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "Default services and inetd" msgstr "標準のサービスと inetd について" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "By default some unnecessary services are enabled on your system. The program " "that provides them is inetd. There are alternatives to inetd which are more " "flexible. The problem is not that inetd in itself is insecure so you will " "probably not need to remove it. The problem is that you have to configure it " "to provide only the services that are really needed." msgstr "" "標準状態のシステムでは、必要ではないサービスがいくつか有効になっています。こ" "れらのサービスを提供しているのは inetd プログラムです。他にも inetd の代わり" "になるような、より柔軟なものがあります。問題は inetd 自身がセキュアでないとい" "うことではないので、削除の必要はないでしょう。問題は、本当に必要なサービスの" "みを提供するように設定する必要がある、ということです。" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "If you have the normal inetd program installed you should configure it by " "editing /etc/inetd.conf." msgstr "" "通常の inetd プログラムをインストールしている場合は、/etc/inetd.conf を編集し" "て設定する必要があります。" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "The general rule is to comment all lines that you do not need. If you do not " "know what it is, you probably do not need it. If you discover some problem " "you can always uncomment it later." msgstr "" "通常のやり方は、必要ない行すべてをコメントにすることです。その行が何かわから" "なければ、おそらく必要がありません。何か問題が見つかれば、後からいつでもコメ" "ントを外せます。" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "When you have edited that file, you have to restart the inet daemon with the " "following command: /etc/init.d/inetd restart" msgstr "" "このファイルを編集したら、以下のコマンドで inetd デーモンを再起動する必要があ" "ります: /etc/init.d/inetd restart" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "VNC server" msgstr "VNC サーバについて" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "" "The VNC server in the Debian GNU/Linux distribution contains the tightvnc " "patches which in addition to adding compression make it possible to use ssh " "tunnelling. You do that from the client by adding the -via switch when " "connecting. To make sure that no plaintext passwords are transmitted over " "the network you have to add firewalling rules on the local machine that " "disallow direct connections to the VNC ports (see the manpage for exact " "numbers). Only connections from the local interface should be allowed, to " "make it possible to tunnel it using ssh." msgstr "" "Debian GNU/Linux ディストリビューション中の VNC サーバは、ssh トンネルを利用" "可能とする圧縮機能を付け加える tightvnc パッチを含んでいます。これは、接続時" "にクライアントで -via スイッチを加えることによって行います。ネットワークに平" "文パスワードが送信されてないようにするため、VNC ポートに対して直接の接続を許" "さないファイアウォールの設定をローカルマシンに追加する必要があります (正確な" "数字は man ページを参照してください)。ローカルインターフェイスからの通信のみ" "が許可されるので、ssh を使ったトンネルを使えば可能です。" #. Type: note #. Description #: ../harden.templates:1001 msgid "Harden your Debian GNU/Linux system" msgstr "Debian GNU/Linux システムの強化について" #. Type: note #. Description #: ../harden.templates:1001 msgid "" "Hardening your Debian GNU/Linux system is NOT as simple as installing a " "package. You need a LOT of knowledge about what to do when configuring the " "system. This package will try to help you to take proper actions and will " "give some suggestions." msgstr "" "Debian GNU/Linux を強化するということは単にパッケージをインストールすることで" "は「ありません」。システムを設定する際に何をすればよいのかについて「たくさ" "ん」の知識を得る必要があります。このパッケージは、正しい設定を行うのを手助け" "し、示唆を与えてくれることでしょう。" #. Type: note #. Description #: ../harden.templates:1001 msgid "" "In the harden-doc package you can find documentation on how to make your " "Debian installation more secure. It is also available at: http://www.debian." "org/doc/manuals/securing-debian-howto/" msgstr "" "harden-doc パッケージで、どうやって Debian のインストールをよりセキュアにする" "のか、というドキュメントを見れます。http://www.debian.org/doc/manuals/" "securing-debian-howto/ からも入手可能です。" #~ msgid "" #~ "The package fetchmail is installed on the local system. Normally this " #~ "package do not support secure connections so you are encouraged to use " #~ "fetchmail-ssl instead. A client that support encryption does not help if " #~ "the server does not support it. So make sure that the server side support " #~ "SSL encryption too." #~ msgstr "" #~ "fetchmail パッケージがローカルシステムにインストールされています。通常この" #~ "パッケージは SSL 接続をサポートしていないので、代わりに fetchmail-ssl を使" #~ "うのをお勧めします。クライアントが暗号化をサポートしていてもサーバがサポー" #~ "トしていなければ意味がありません。ですので、サーバ側も SSL をサポートして" #~ "いるのを確認してください。" #~ msgid "Fetchmail configuration" #~ msgstr "fetchmail の設定" #~ msgid "" #~ "The package fetchmail-ssl is detected. You have to make sure that you " #~ "really use a encrypted connection. You do that by configuring the client " #~ "and at the same time check that the server really support encryption. If " #~ "the server do not support encryption it does not help if the client does." #~ msgstr "" #~ "fetchmail-ssl パッケージを検出しました。実際に暗号化接続を利用するのを確認" #~ "する必要があります。これは、クライアントを設定するのと同時に、サーバが暗号" #~ "化を本当にサポートしているのをチェックすることで行います。サーバが暗号化接" #~ "続をサポートしていない場合、クライアントがサポートしていても意味がありませ" #~ "ん。" harden-0.1.38+nmu1/debian/po/vi.po0000600000000000000000000002253211710557351013425 0ustar # Vietnamese translation for Harden. # Copyright © 2010 Free Software Foundation, Inc. # Clytie Siddall , 2005-2010. # msgid "" msgstr "" "Project-Id-Version: harden 0.1.35+nmu1\n" "Report-Msgid-Bugs-To: opal@debian.org\n" "POT-Creation-Date: 2006-08-20 17:55+0200\n" "PO-Revision-Date: 2010-03-07 01:34+0930\n" "Last-Translator: Clytie Siddall \n" "Language-Team: Vietnamese \n" "Language: vi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: LocFactoryEditor 1.8\n" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "Plaintext passwords" msgstr "Mật khẩu nhập thô" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "Services that use plaintext passwords are almost by definition insecure. The " "reason is that you cannot know if someone is sniffing your passwords." msgstr "" "Dịch vụ nào dùng mật khẩu nhập thô thì không an toàn. Người khác có khả năng " "ăn cấp mật khẩu riêng của bạn." #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "In a local environment with no connection to the outside world this is of " "course not a big problem. On the other hand then you will not need to secure " "your system at all and should not need this package." msgstr "" "Trong một môi trường cục bộ không có kết nối với mạng, không có sao. Nếu bạn " "không bao giờ kết nối với máy khác hay mạng (gồm có điện thoại, PDA và mạng " "WiFi) thì không yêu cầu gói này." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "This package conflicts with a lot of client service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "clients." msgstr "" "Gói này xung đột với nhiều thành phần dịch vụ khách mà phụ thuộc vào mật " "khẩu nhập thô. Tuy nhiên, một số công cụ nào đó có thể được cấu hình để dùng " "mật khẩu mạnh hơn. Gói này chỉ có thể cải tiến phần mềm kiểu này (gồm có một " "số trình khách quan trọng nhất)." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "The advice is to look at each available client and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Khuyên bạn xem mỗi trình khách sẵn sàng, tìm biết nếu nó dùng mật khẩu nhập " "thô. Có thì thử cấu hình nó để bắt đầu dùng mật mã hay một thuật toán trao " "đổi mật khẩu mà không cần thiết mật khẩu nhập thô." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "This package conflicts with a lot of server service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "servers." msgstr "" "Gói này xung đột với nhiều thành phần dịch vụ phục vụ mà phụ thuộc vào mật " "khẩu nhập thô. Tuy nhiên, một số công cụ nào đó có thể được cấu hình để dùng " "mật khẩu mạnh hơn. Gói này chỉ có thể cải tiến phần mềm kiểu này (gồm có một " "số trình phục vụ quan trọng nhất)." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "The advice is to look at each available service and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Khuyên bạn xem mỗi trình phục vụ sẵn sàng, tìm biết nếu nó dùng mật khẩu " "nhập thô. Có thì thử cấu hình nó để bắt đầu dùng mật mã hay một thuật toán " "trao đổi mật khẩu mà không cần thiết mật khẩu nhập thô." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "Default services and inetd" msgstr "Dịch vụ mặc định và inetd" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "By default some unnecessary services are enabled on your system. The program " "that provides them is inetd. There are alternatives to inetd which are more " "flexible. The problem is not that inetd in itself is insecure so you will " "probably not need to remove it. The problem is that you have to configure it " "to provide only the services that are really needed." msgstr "" "Mặc định là một số dịch vụ không cần thiết đã được hiệu lực trên hệ thống " "này. Chúng được chương trình « inetd » cung cấp. Có một số chương trình thay " "thế inetd mà dễ cấu hình hơn. (Vấn đề không phải là inetd chính nó không an " "toàn: rất có thể là không cần gỡ bỏ inetd. Vấn đề là nó không cho phép bạn " "cấu hình chỉ những dịch vụ cần thiết.)" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "If you have the normal inetd program installed you should configure it by " "editing /etc/inetd.conf." msgstr "" "Nếu hệ thống này đã có trình nền inetd bình thường thì bạn nên cấu hình nó " "bằng cách chỉnh sửa tập tin « /etc/inetd.conf »." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "The general rule is to comment all lines that you do not need. If you do not " "know what it is, you probably do not need it. If you discover some problem " "you can always uncomment it later." msgstr "" "Quy tắc chung là ghi chú tắt mỗi dòng không cần. Cũng có thể bỏ ghi chú về " "sau." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "When you have edited that file, you have to restart the inet daemon with the " "following command: /etc/init.d/inetd restart" msgstr "" "Một khi chỉnh sửa tập tin đó thì cũng cần phải khởi chạy lại trình nền inetd " "dùng câu lệnh « /etc/init.d/inetd restart »." #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "VNC server" msgstr "Trình phục vụ VNC" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "" "The VNC server in the Debian GNU/Linux distribution contains the tightvnc " "patches which in addition to adding compression make it possible to use ssh " "tunnelling. You do that from the client by adding the -via switch when " "connecting. To make sure that no plaintext passwords are transmitted over " "the network you have to add firewalling rules on the local machine that " "disallow direct connections to the VNC ports (see the manpage for exact " "numbers). Only connections from the local interface should be allowed, to " "make it possible to tunnel it using ssh." msgstr "" "Trình phục vụ trong bản phân phối Debian GNU/Linux cũng chứa các đắp vá « " "tightvnc » mà thêm chức năng nén và chức năng đào đường hầm SSH xuyên qua. " "Để sử dụng đường hầm SSH, trong trình khách đặt cờ « -via » khi kết nối. Để " "đảm bảo rằng không có mật khẩu nhập thô được gửi qua mạng, bạn cũng cần phải " "thêm quy tắc bức tường lửa trên máy cục bộ mà chặn kết nối trực tiếp đến " "cổng VNC (xem trang hướng dẫn « man » để tìm các số thứ tự cổng chính xác). " "Để sử dụng đường hầm SSH một cách an toàn, chỉ cho phép kết nối từ giao diện " "cục bộ." #. Type: note #. Description #: ../harden.templates:1001 msgid "Harden your Debian GNU/Linux system" msgstr "Làm cho cứng hệ thống Debian GNU/Linux này" #. Type: note #. Description #: ../harden.templates:1001 msgid "" "Hardening your Debian GNU/Linux system is NOT as simple as installing a " "package. You need a LOT of knowledge about what to do when configuring the " "system. This package will try to help you to take proper actions and will " "give some suggestions." msgstr "" "Làm cho cứng hệ thống Debian GNU/Linux này KHÔNG phải đơn giản như cài đặt " "một gói. Bạn cần phải rất quen với cấu hình hệ thống. Gói này sẽ thử giúp " "bạn làm những hành động đúng (gồm có đề nghị)." #. Type: note #. Description #: ../harden.templates:1001 msgid "" "In the harden-doc package you can find documentation on how to make your " "Debian installation more secure. It is also available at: http://www.debian." "org/doc/manuals/securing-debian-howto/" msgstr "" "Trong gói « harden-doc » có tài liệu về cách làm cho bản cài đặt Debian bảo " "mật hơn. Cũng có các tài liệu này ở địa chỉ « http://www.debian.org/doc/" "manuals/securing-debian-howto/ »." harden-0.1.38+nmu1/debian/po/pt_BR.po0000600000000000000000000002605211710557351014016 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # msgid "" msgstr "" "Project-Id-Version: harden\n" "Report-Msgid-Bugs-To: opal@debian.org\n" "POT-Creation-Date: 2006-08-20 17:55+0200\n" "PO-Revision-Date: 2004-09-11 17:07-0300\n" "Last-Translator: Andr Lus Lopes \n" "Language-Team: Debian-BR Project \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=ISO-8859-1\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "Plaintext passwords" msgstr "Senhas em texto puro" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 #, fuzzy msgid "" "Services that use plaintext passwords are almost by definition insecure. The " "reason is that you cannot know if someone is sniffing your passwords." msgstr "" "Servios que utilizam senhas em texto puro so, em sua maioria, inseguros " "por definio. A razo que voc no pode ter certeza que algum no esteja " "espionando suas senhas." #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "In a local environment with no connection to the outside world this is of " "course not a big problem. On the other hand then you will not need to secure " "your system at all and should not need this package." msgstr "" "Em um ambiente local sem conexo ao mundo exterior isso com certeza no um " "grande problema. Por outro lado, em um ambiente desses voc no precisaria " "deixar seu sistema mais seguro e no precisaria utilizar este pacote." #. Type: note #. Description #: ../harden-clients.templates:1001 #, fuzzy msgid "" "This package conflicts with a lot of client service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "clients." msgstr "" "Este pacote conflita com diversos componentes de clientes de servios que " "dependem de senhas em texto puro. No existem conflitos declarado contra " "algumas ferramentas que utilizam senhas em texto puro devido a tais " "ferramentas poderem ser configuradas para no utilizar senhas em texto puro. " "Portanto, instalar este pacote somente lhe auxiliar em relao a alguns dos " "componentes servidores mais crticos." #. Type: note #. Description #: ../harden-clients.templates:1001 #, fuzzy msgid "" "The advice is to look at each available client and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Um conselho procurar por cada cliente disponvel e investigar se o mesmo " "utiliza senhas em texto puro. Caso utilize, tente configur-lo de forma que " "o mesmo passe a utilizar ecnriptao ou algum algoritmo de troca de senhas " "que no requeira o uso de senhas em texto puro." #. Type: note #. Description #: ../harden-servers.templates:1001 #, fuzzy msgid "" "This package conflicts with a lot of server service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "servers." msgstr "" "Este pacote conflita com diversos componentes de clientes de servios que " "dependem de senhas em texto puro. No existem conflitos declarado contra " "algumas ferramentas que utilizam senhas em texto puro devido a tais " "ferramentas poderem ser configuradas para no utilizar senhas em texto puro. " "Portanto, instalar este pacote somente lhe auxiliar em relao a alguns dos " "componentes servidores mais crticos." #. Type: note #. Description #: ../harden-servers.templates:1001 #, fuzzy msgid "" "The advice is to look at each available service and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "Um conselho procurar por cada cliente disponvel e investigar se o mesmo " "utiliza senhas em texto puro. Caso utilize, tente configur-lo de forma que " "o mesmo passe a utilizar ecnriptao ou algum algoritmo de troca de senhas " "que no requeira o uso de senhas em texto puro." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "Default services and inetd" msgstr "Servios padro e inetd" #. Type: note #. Description #: ../harden-servers.templates:2001 #, fuzzy msgid "" "By default some unnecessary services are enabled on your system. The program " "that provides them is inetd. There are alternatives to inetd which are more " "flexible. The problem is not that inetd in itself is insecure so you will " "probably not need to remove it. The problem is that you have to configure it " "to provide only the services that are really needed." msgstr "" "Por padro, alguns servios desnecessrios so habilitados em seu sistema. O " "programa que os fornece o inetd. Existem outras alternativas mais " "fliexveis ao inetd. O problema no que o prprio inetd seja inseguro a " "ponto de voc ter que remov-lo. O problema que voc precisa configur-lo " "para fornecer somente os servios que so realmente necessrios." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "If you have the normal inetd program installed you should configure it by " "editing /etc/inetd.conf." msgstr "" "Caso voc possua um programa inetd comum voc dever configur-lo editando o " "arquivo /etc/inetd.conf." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "The general rule is to comment all lines that you do not need. If you do not " "know what it is, you probably do not need it. If you discover some problem " "you can always uncomment it later." msgstr "" "A regra geral comentar todas as linhas que voc no precisa. Caso voc no " "saiba o que significa cada uma das linhas, voc provavelmente no precisa " "delas. Caso voc encontre problemas voc sempre poder descoment-las depois." #. Type: note #. Description #: ../harden-servers.templates:2001 #, fuzzy msgid "" "When you have edited that file, you have to restart the inet daemon with the " "following command: /etc/init.d/inetd restart" msgstr "" "Quando voc tiver finalizado a edio do arquivo voc precisar reiniciar o " "daemon inet com o seguinte comando : /etc/init.d/inetd restart" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "VNC server" msgstr "Servidor VNC" #. Type: note #. Description #: ../harden-servers.templates:3001 #, fuzzy msgid "" "The VNC server in the Debian GNU/Linux distribution contains the tightvnc " "patches which in addition to adding compression make it possible to use ssh " "tunnelling. You do that from the client by adding the -via switch when " "connecting. To make sure that no plaintext passwords are transmitted over " "the network you have to add firewalling rules on the local machine that " "disallow direct connections to the VNC ports (see the manpage for exact " "numbers). Only connections from the local interface should be allowed, to " "make it possible to tunnel it using ssh." msgstr "" "O servidor VNC na distribuio Debian GNU/Linux contm os patches adicionais " "tightvnc, os quais, alm de adicionarem compresso, possibilitam o uso de " "tunelamento ssh. Para certificar-se de que nenhuma senha em texto puro senha " "transmitida pela rede voc precisa adicionar regras de firewall na mquina " "local que impeam conexes diretas as porta VNC (consulte a pgina de manual " "para conhecer os nmeros exatos das portas). Somente conexes originadas da " "interface local devem ser permitidas para que seja possvel tunelar as " "mesmas utilizando ssh." #. Type: note #. Description #: ../harden.templates:1001 msgid "Harden your Debian GNU/Linux system" msgstr "Torne seu sistema Debian GNU/Linux seguro" #. Type: note #. Description #: ../harden.templates:1001 #, fuzzy msgid "" "Hardening your Debian GNU/Linux system is NOT as simple as installing a " "package. You need a LOT of knowledge about what to do when configuring the " "system. This package will try to help you to take proper actions and will " "give some suggestions." msgstr "" "Tornar seu sistema Debian GNU/Linux seguro NO to simples a ponto de " "requerer apenas a instalao de um pacote. Voc precisa possuir MUITO " "conhecimento sobre o que fazer quando configurando o sistema. Este pacote " "tentar auxili-lo a tomar aes apropriadas e lhe dar algumas sugestes." #. Type: note #. Description #: ../harden.templates:1001 msgid "" "In the harden-doc package you can find documentation on how to make your " "Debian installation more secure. It is also available at: http://www.debian." "org/doc/manuals/securing-debian-howto/" msgstr "" "No pacote harden-doc voc poder encontrar documentao sobre como tornar " "sua instalao Debian mais segura. Tal documentao tambm est disponvel " "em : http://www.debian.org/doc/manuals/securing-debian-howto/" #~ msgid "" #~ "The package fetchmail is installed on the local system. Normally this " #~ "package do not support secure connections so you are encouraged to use " #~ "fetchmail-ssl instead. A client that support encryption does not help if " #~ "the server does not support it. So make sure that the server side support " #~ "SSL encryption too." #~ msgstr "" #~ "O pacote fetchmail est instalado no sistema local. Normalmente, este " #~ "pacote no suporta conexes seguras. Portanto, o uso do pacote fetchmail-" #~ "ssl recomendado. Um cliente que suporte encriptao no ajuda caso o " #~ "servidor no a suporte tambm. Certifique-se de que o lado do servidor " #~ "tambm suporte encriptao SSL." #~ msgid "Fetchmail configuration" #~ msgstr "Configurao fetchmail" #~ msgid "" #~ "The package fetchmail-ssl is detected. You have to make sure that you " #~ "really use a encrypted connection. You do that by configuring the client " #~ "and at the same time check that the server really support encryption. If " #~ "the server do not support encryption it does not help if the client does." #~ msgstr "" #~ "O pacote fetchmail-ssl foi detectado. Voc precisa se certificar de estar " #~ "realmente utilizando uma conexo encriptada. Voc pode faz-lo " #~ "configurando o cliente e ao mesmo tempo checando se o servidor realmente " #~ "suporta encriptao. Caso o servidor no suporte encriptao, no ajuda " #~ "muito o cliente suportar." harden-0.1.38+nmu1/debian/po/gl.po0000600000000000000000000002161611710557351013413 0ustar # Galician translation of harden's debconf templates # This file is distributed under the same license as the harden package. # Jacobo Tarrio , 2007. # msgid "" msgstr "" "Project-Id-Version: harden\n" "Report-Msgid-Bugs-To: opal@debian.org\n" "POT-Creation-Date: 2006-08-20 17:55+0200\n" "PO-Revision-Date: 2007-03-05 10:49+0100\n" "Last-Translator: Jacobo Tarrio \n" "Language-Team: Galician \n" "Language: gl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "Plaintext passwords" msgstr "Contrasinais en claro" #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "Services that use plaintext passwords are almost by definition insecure. The " "reason is that you cannot know if someone is sniffing your passwords." msgstr "" "Os servizos que empregan contrasinais en claro son inseguros case por " "definición. O motivo é que non se pode saber se alguén está a capturar os " "contrasinais." #. Type: note #. Description #: ../harden-clients.templates:1001 ../harden-servers.templates:1001 msgid "" "In a local environment with no connection to the outside world this is of " "course not a big problem. On the other hand then you will not need to secure " "your system at all and should not need this package." msgstr "" "Nun ambiente local sen conexión ao mundo exterior este non é un grave " "problema. Pola outra banda, así non debería ter necesidade de asegurar o seu " "sistema e non debería precisar deste paquete." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "This package conflicts with a lot of client service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "clients." msgstr "" "Este paquete ten conflictos con moitos compoñentes cliente de servizos que " "dependen de contrasinais en claro. Algunhas ferramentas que empregan " "contrasinais e claro non teñen conflicto porque se poden configurar para non " "empregar contrasinais en claro. Polo tanto, instalar este paquete só o ha " "axudar con algúns dos clientes máis críticos." #. Type: note #. Description #: ../harden-clients.templates:1001 msgid "" "The advice is to look at each available client and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "O consello é que vaia a cada cliente individual e investigue se emprega " "contrasinais en claro. Se o fai, trate de configuralo para que se inicie " "empregando cifrado ou algún algoritmo de intercambio de contrasinais que non " "precise de contrasinais en claro." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "This package conflicts with a lot of server service components that depend " "on plaintext passwords. Some tools that use plaintext passwords are not " "conflicted because they can be configured not to use plaintext passwords. So " "installing this package will only help you with some of the most critical " "servers." msgstr "" "Este paquete ten conflictos con moitos compoñentes servidor de servizos que " "dependen de contrasinais en claro. Algunhas ferramentas que empregan " "contrasinais e claro non teñen conflicto porque se poden configurar para non " "empregar contrasinais en claro. Polo tanto, instalar este paquete só o ha " "axudar con algúns dos servidores máis críticos." #. Type: note #. Description #: ../harden-servers.templates:1001 msgid "" "The advice is to look at each available service and investigate if it uses " "plaintext passwords. If it does, try to configure it so it starts using " "encryption or some password exchange algorithm that does not require " "plaintext passwords." msgstr "" "O consello é que vaia a cada servidor individual e investigue se emprega " "contrasinais en claro. Se o fai, trate de configuralo para que se inicie " "empregando cifrado ou algún algoritmo de intercambio de contrasinais que non " "precise de contrasinais en claro." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "Default services and inetd" msgstr "Servizos por defecto e inetd" #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "By default some unnecessary services are enabled on your system. The program " "that provides them is inetd. There are alternatives to inetd which are more " "flexible. The problem is not that inetd in itself is insecure so you will " "probably not need to remove it. The problem is that you have to configure it " "to provide only the services that are really needed." msgstr "" "Por defecto, algúns servizos innecesarios quedan activados no seu sistema. O " "programa que os fornece é inetd. Hai alternativas a inetd que son máis " "flexibles. O problema non é que inetd en si sexa inseguro, polo que non ha " "precisar de o eliminar. O problema é que ten que configuralo para que " "forneza só os servizos que sexan realmente necesarios." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "If you have the normal inetd program installed you should configure it by " "editing /etc/inetd.conf." msgstr "" "Se ten o programa inetd normal instalado, debería configuralo editando /etc/" "inetd.conf." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "The general rule is to comment all lines that you do not need. If you do not " "know what it is, you probably do not need it. If you discover some problem " "you can always uncomment it later." msgstr "" "A regra xeral é comentar tódalas liñas das que non precisa. Se non sabe que " "é algo, probablemente non precise diso. Sempre pode descomentar as liñas " "máis tarde se aparece algún problema." #. Type: note #. Description #: ../harden-servers.templates:2001 msgid "" "When you have edited that file, you have to restart the inet daemon with the " "following command: /etc/init.d/inetd restart" msgstr "" "Despois de editar ese ficheiro ha ter que reiniciar o servizo inetd coa " "seguinte orde: /etc/init.d/inetd restart" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "VNC server" msgstr "Servidor VNC" #. Type: note #. Description #: ../harden-servers.templates:3001 msgid "" "The VNC server in the Debian GNU/Linux distribution contains the tightvnc " "patches which in addition to adding compression make it possible to use ssh " "tunnelling. You do that from the client by adding the -via switch when " "connecting. To make sure that no plaintext passwords are transmitted over " "the network you have to add firewalling rules on the local machine that " "disallow direct connections to the VNC ports (see the manpage for exact " "numbers). Only connections from the local interface should be allowed, to " "make it possible to tunnel it using ssh." msgstr "" "O servidor VNC da distribución Debian GNU/Linux contén os parches de " "tightvnc que, ademáis de engadir compresión, permiten empregar túneles ssh. " "Pode facerse desde o cliente engadindo a opción -via ao conectar. Para se " "asegurar de que non se transmita ningún contrasinal en claro pola rede ten " "que engadir regras de devasa na máquina local que impidan as conexións " "directas aos portos de VNC (consulte a páxina man para ver os números " "exactos). Só se deberían permitir as conexións da interface local para facer " "posible conectarse mediante un túnel ssh." #. Type: note #. Description #: ../harden.templates:1001 msgid "Harden your Debian GNU/Linux system" msgstr "Endurecer o seu sistema Debian GNU/Linux" #. Type: note #. Description #: ../harden.templates:1001 msgid "" "Hardening your Debian GNU/Linux system is NOT as simple as installing a " "package. You need a LOT of knowledge about what to do when configuring the " "system. This package will try to help you to take proper actions and will " "give some suggestions." msgstr "" "Endurecer o seu sistema Debian GNU/Linux NON é tan simple coma instalar un " "paquete. Precisa de MOITOS coñecementos sobre o que facer ao configurar o " "sistema. Este paquete ha tentar axudalo a tomar as accións máis axeitadas e " "ha dar algunhas suxestións." #. Type: note #. Description #: ../harden.templates:1001 msgid "" "In the harden-doc package you can find documentation on how to make your " "Debian installation more secure. It is also available at: http://www.debian." "org/doc/manuals/securing-debian-howto/" msgstr "" "No paquete harden-doc pode atopar documentación sobre como facer máis segura " "a súa instalación de Debian. Tamén está dispoñible en: http://www.debian.org/" "doc/manuals/securing-debian-howto/" harden-0.1.38+nmu1/debian/harden-servers.prerm0000600000000000000000000000166711173250422016026 0ustar #! /bin/sh # prerm script for harden # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `upgrade' # * `failed-upgrade' # * `remove' `in-favour' # * `deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in remove) rm /var/lib/harden-servers/* > /dev/null 2>&1 || true ;; upgrade|deconfigure) ;; failed-upgrade) ;; *) echo "prerm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 harden-0.1.38+nmu1/debian/harden-servers.conflicts0000600000000000000000000000121111173250422016646 0ustar # FTP requires plaintext passwords and should not be used. telnetd ftpd lukemftpd muddleftpd wu-ftpd oftpd pyftpd vsftpd proftpd-base bsd-ftpd talkd # Finger gives away user information which it should not. fingerd xfingerd ffingerd cfingerd efingerd # Should sendmail be avoided like this? sendmail-bin netkit-rpc nfs-kernel-server nfs-user-server rwalld rusersd portmap rsh-server uw-imapd cyrus-imapd rstartd # Identd is not a good thing in a secure environment. ident2 bidentd pidentd #pidentd-des (encryption, ok?) midentd oidentd gidentd mdidentd #nullidentd (fake, ok) remstats-servers #Similar to ftp and send passwords in cleartext pawserv harden-0.1.38+nmu1/debian/harden-servers.postinst0000700000000000000000000000076611173250422016564 0ustar #! /bin/sh # Harden postinst script using debconf # Written by Ola Lundqvist set -e case "$1" in configure) . /usr/share/debconf/confmodule db_version 2.0 #QUESTIONS# db_stop ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 0 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 harden-0.1.38+nmu1/debian/TODO.Debian0000600000000000000000000000043111173250422013664 0ustar Here are some things that should be done. * Make someone create a better bind so that the other one (or of course to make the ordinary one more secure) can be conflicted. * Create a better function to tell the user what to use instead of some insecure packages. * Lot more. harden-0.1.38+nmu1/debian/harden.questions0000600000000000000000000000000011173250422015220 0ustar harden-0.1.38+nmu1/debian/changelog0000600000000000000000000003711612053227316013703 0ustar harden (0.1.38+nmu1) unstable; urgency=low * Non-maintainer upload. * Lower dependency of harden-remoteaudit on openvas-server to suggests. Closes: #690656. -- Ivo De Decker Wed, 21 Nov 2012 20:40:39 +0100 harden (0.1.38) unstable; urgency=low * Added Danish translation. Thanks to oe Dalton for it. Closes: #657619. -- Ola Lundqvist Fri, 27 Jan 2012 18:28:43 +0100 harden (0.1.37) unstable; urgency=low * Added russian translation. Closes: #577271. Thanks to Yuri Kozlov . * Added Spanish translation. Closes: #576499. Thanks to Francisco Javier Cuadrado . -- Ola Lundqvist Mon, 19 Apr 2010 21:03:37 +0200 harden (0.1.36) unstable; urgency=low * Updated Vietnamese template. Completely reviewed, translated and submitted by Clytie Siddall. Closes: #572780. -- Ola Lundqvist Tue, 23 Mar 2010 18:40:10 +0100 harden (0.1.35) unstable; urgency=low * Replaced dependency on nessus with openvas-server. Closes: #540851. * Changed suggests from nagios to nagios3. * Removed suggests of satan and idswakeup as those packages no longer exists in the Debian archive. -- Ola Lundqvist Thu, 27 Aug 2009 22:38:47 +0200 harden (0.1.34) unstable; urgency=low * Conflict with real sendmail and proftp packages instead of the meta packages. Closes: #515083, #515084. -- Ola Lundqvist Sat, 14 Feb 2009 16:16:48 +0100 harden (0.1.33) unstable; urgency=low * Changed dependencies for nagios/netsaint to include more versions. Closes: #469171. -- Ola Lundqvist Sat, 15 Mar 2008 15:57:26 +0100 harden (0.1.32) unstable; urgency=low * Added ident2 to the list of conflicts for harden-servers, closes: #450617. -- Ola Lundqvist Sun, 11 Nov 2007 21:28:46 +0100 harden (0.1.31) unstable; urgency=medium * Addition of Portuguese translation for debconf messages, closes: #415195. Thanks to Traduz - Portuguese Translation Team . -- Ola Lundqvist Wed, 21 Mar 2007 10:36:37 +0100 harden (0.1.30) unstable; urgency=medium * Added dutch po-debconf translation, closes: #414035. Thanks to Bart Cornelis for the translation. -- Ola Lundqvist Thu, 8 Mar 2007 19:30:26 +0100 harden (0.1.29) unstable; urgency=medium * Added Galician debconf templates translation for harden, closes: #413465. Thanks to Jacobo Tarrio . -- Ola Lundqvist Thu, 8 Mar 2007 18:20:18 +0100 harden (0.1.28) unstable; urgency=medium * Updated French translation from Christian Perrier , closes: #407491. -- Ola Lundqvist Mon, 22 Jan 2007 06:02:12 +0100 harden (0.1.27) unstable; urgency=low * Updated Czech translation from Miroslav Kure , closes: #366737. -- Ola Lundqvist Tue, 9 Jan 2007 20:07:38 +0100 harden (0.1.26) unstable; urgency=low * Updated German debconf text, closes: #397210. Thanks to Erik Schanze for the patch and to Helge Kreutzmann for the suggestions in order to create the patch. -- Ola Lundqvist Mon, 6 Nov 2006 06:55:01 +0100 harden (0.1.25) unstable; urgency=low * Update of Japanese translation, closes: #392158. * Added dependency on po-debconf as it is used while building. -- Ola Lundqvist Tue, 10 Oct 2006 20:11:34 +0200 harden (0.1.24) unstable; urgency=low * Change suggest of ssh to openssh-client, closes: #383749. -- Ola Lundqvist Sun, 20 Aug 2006 17:54:32 +0200 harden (0.1.23) unstable; urgency=low * Changed build-depends-indep to build-depends for debhelper. * Updated to standards version 3.7.2. * Updated to most recent version of GPL license. * Added binary-arch target to debian/rules. -- Ola Lundqvist Sun, 16 Jul 2006 23:50:52 +0200 harden (0.1.22) unstable; urgency=low * Updated swedish translation done by Daniel Nylander , closes: #365779. -- Ola Lundqvist Wed, 3 May 2006 06:46:17 +0200 harden (0.1.21) unstable; urgency=low * Updated description of harden-remoteaudit with help from Jeremy . -- Ola Lundqvist Thu, 20 Apr 2006 06:50:48 +0200 harden (0.1.20) unstable; urgency=low * Language corrections by Jeremy Wed, 19 Apr 2006 07:01:53 +0200 harden (0.1.19) unstable; urgency=low * Added Swedish translation from Daniel Nylander , closes: #336691. * Added German translation from Erik Schanze , closes: #351356. * Added Vietnamese translation from Clytie Siddall , closes: #314195. * Fetchmail package now support ssl so removing those questions. * Point to the document in a better way, closes: #291465. -- Ola Lundqvist Sat, 11 Mar 2006 19:56:05 +0100 harden (0.1.18) unstable; urgency=low * Added pawserv to conflicts, closes: #325008. * Documented the policy for the harden packages. * Updated standards version to 3.6.2. * Removed the need to depend on dpsyco-devel. * Updated to debhelper 4 compatibility. * Corrected FSF address in debian/copyright * Better license documentation and removed parts that belong to harden-doc that is not part of this package anymore. -- Ola Lundqvist Sun, 29 Jan 2006 11:42:28 +0100 harden (0.1.17) unstable; urgency=low * Added remstats-servers to the conflict list, closes: #289626. * Added recommends to checksecurity package in harden-environment, closes: #218737. -- Ola Lundqvist Mon, 10 Jan 2005 21:46:10 +0100 harden (0.1.16) unstable; urgency=low * Added Czech translation from Miroslav Kure for debconf, closes: #285315. * Removed a number of build dependencies that is no longer needed as harden-doc in no longer a part of this source package. -- Ola Lundqvist Sun, 12 Dec 2004 16:48:16 +0100 harden (0.1.15) unstable; urgency=low * Added Japanese translation, closes: #276295. * Harden-clients now conflict with gcjwebplugin, closes: #275923. -- Ola Lundqvist Fri, 22 Oct 2004 19:07:15 +0200 harden (0.1.14) unstable; urgency=low * Added French debconf translation, closes: #271613. -- Ola Lundqvist Tue, 14 Sep 2004 08:56:13 +0200 harden (0.1.13) unstable; urgency=low * Added Brazilian language translation, closes: #271195. Thanks to Andre Luis Lopes for the language file. * Updated standards version to 3.6.1. -- Ola Lundqvist Sat, 11 Sep 2004 23:12:26 +0200 harden (0.1.12) unstable; urgency=low * Maintainer upload and incorporated NMU changes, closes: #248241. * Switched to debconf templates, thanks to Martin Quinson for the patch, closes: #250261. * Fixed minor grammar problem that was pointed out by Vinod Kurup , closes: #224032. -- Ola Lundqvist Thu, 22 Jul 2004 23:17:33 +0200 harden (0.1.11-0.1) unstable; urgency=low * Non-maintainer upload * Removed dependency of harden to harden-remoteflaws and harden-localflaws, closes: #248241. -- Roland Stigge Sun, 27 Jun 2004 22:00:55 +0200 harden (0.1.11) unstable; urgency=low * Removed the harden-doc part from the harden package. * Added lintian override file so that some warnings will disappear. -- Ola Lundqvist Sun, 20 Jul 2003 19:41:28 +0200 harden (0.1.10) unstable; urgency=low * Updated securing debian howto from CVS. * Fixed missing info files, closes: #171541. -- Ola Lundqvist Fri, 18 Jul 2003 10:41:03 +0200 harden (0.1.9) unstable; urgency=low * Split out harden-*flaws to its separate package. * Fixed descrioptions so that they do not contain a full stop. * Fixed other description issues. * Updated standards version to 3.5.8. * Updated securing debian howto from cvs. * Added depend on nagios, closes: #167624. * Fixed remoteaudit suggestion, closes: #175284. * Added suggestion of libsafe, closes: #144124. -- Ola Lundqvist Thu, 17 Apr 2003 17:32:58 +0200 harden (0.1.8) unstable; urgency=low * Fixed doc-base problem, closes: #167361. -- Ola Lundqvist Mon, 4 Nov 2002 15:03:55 +0100 harden (0.1.7) unstable; urgency=medium * Fixed doc-base problem, closes: #151883. Thanks to Adam Byrtek for the fix. * Updated with the latest cvs, closes: #159467. -- Ola Lundqvist Wed, 11 Sep 2002 09:11:46 +0200 harden (0.1.6) unstable; urgency=medium * Updated with new security issues. -- Ola Lundqvist Thu, 29 Aug 2002 07:32:17 +0200 harden (0.1.5) unstable; urgency=low * Fixed build failure, closes: #146083. Thanks to: Junichi Uekawa . * Licq is ok for unstable, closes: #144994. * Updated build structure. * Changed /etc/dpkg/dpkg.conf to /etc/dpkg/dpkg.cfg in howto, closes: #145002. -- Ola Lundqvist Tue, 7 May 2002 08:37:13 +0200 harden (0.1.4) unstable; urgency=critical * Updated flaw conflicts from woody security roundup. -- Ola Lundqvist Sat, 27 Apr 2002 23:48:36 +0200 harden (0.1.3) unstable; urgency=medium * Updated because of new dsa information. -- Ola Lundqvist Wed, 17 Apr 2002 18:35:24 +0200 harden (0.1.2) unstable; urgency=low * Fixed conflict on phpgroupware, closes: #143057. * Added some new dsa from security.debian.org. * Conflicts with pidentd, closes: #143116. -- Ola Lundqvist Tue, 16 Apr 2002 23:12:41 +0200 harden (0.1.1) unstable; urgency=low * Fixed spelling error, closes: #141717. -- Ola Lundqvist Mon, 8 Apr 2002 20:51:11 +0200 harden (0.1.0) unstable; urgency=low * Updated security manual from cvs, closes: #141339. * Fixed build dependency, closes: #141263. * Fixed preconfigure problem, closes: #141285. * Added conflict with mtr, closes: #140146. * Conflict with buggy webmin, closes: #140370. * Fixed fetchmail problem by adding debconf question instead, closes: #94472. * Decided that the debconf questions is good enough for a new middle revision. -- Ola Lundqvist Fri, 5 Apr 2002 21:09:37 +0200 harden (0.0.15) unstable; urgency=low * Created a harden development package, closes: #113963. * No longer conflict with xvncviewer because it can be used in ssh-tunnel mode, closes: #136238. * Can not see any problems with the .dhelp file. Must be a old error, closes: #138636. * Started to use debconf to guide the installation, closes: #111322. -- Ola Lundqvist Fri, 22 Mar 2002 19:44:39 +0100 harden (0.0.14) unstable; urgency=low * Fixed dob-base problem in a better way. -- Ola Lundqvist Wed, 6 Mar 2002 16:48:56 +0100 harden (0.0.13) unstable; urgency=low * Updated howto. * Fix build dependency, closes: #133160. * Fixed postinst problem, closes: #130674. * Updated the documentation description, on what to read, closes: #133981. * Fixed long description line in harden-tools, closes: #130991. -- Ola Lundqvist Sun, 17 Feb 2002 11:43:05 +0100 harden (0.0.12) unstable; urgency=low * Fixed info file issues, closes: #127045, #127437. * Updated the harden howto, removing japan translation becuase of build errors. -- Ola Lundqvist Sat, 19 Jan 2002 12:20:11 +0100 harden (0.0.11) unstable; urgency=low * Fixed critical issue with net build assumption. * Fixed caffeine underrun problem in harden-doc. Doc-base, closes: #124259. * Changed priority, closes: #124131. * Fixed spelling error in harden-tools, closes: #124728. * Fixed spelling error in harden-servers, closes: #124727. * Fixed spelling error in harden-remoteflaws, closes: #124726. * Fixed spelling error in harden-environment, closes: #124723. * Fixed spelling error in harden-localflaws, closes: #124724. * Fixed spelling error in harden-doc, closes: #124722. * Fixed spelling error in harden-clients, closes: #124721. * Fixed spelling error in harden, closes: #124720. * Fixed spelling error in harden-remoteaudit: #124725. * Added some more suggestions to remoteaudit. -- Ola Lundqvist Thu, 20 Dec 2001 16:34:23 +0100 harden (0.0.10) unstable; urgency=low * Fix info problem in harden-doc, closes: #124145. -- Ola Lundqvist Sun, 16 Dec 2001 16:10:13 +0100 harden (0.0.9) unstable; urgency=low * Fixed document download, closes: #114777, #111723, #111722. * Only suggest non-free package lasg, closes: #123085. * Copyright fixed, closes: #111725. * Fixed override, closes: #122861. * Spellfix upstream, closes: #111104. -- Ola Lundqvist Sat, 15 Dec 2001 13:18:37 +0100 harden (0.0.8) unstable; urgency=low * Move conflict of lynx to harden-localflaws, closes: #118976. * Close bug from 0.0.7, closes: #111728. * Fixed build depends to indep. -- Ola Lundqvist Mon, 13 Nov 2001 22:54:47 +0100 harden (0.0.7) unstable; urgency=low * Lowering the priority of bastille. Not good enough to be depended. Now just suggested. * Lowering the priority of tiger. Now suggested. It may be higher in the future. * Changed the priority to extra. * Fixed harden-doc description, closes: #111728. * Harden-clients now conflicts with lynx. -- Ola Lundqvist Thu, 27 Sep 2001 10:29:13 +0200 harden (0.0.6) unstable; urgency=low * Renamed to harden. * Fixed missing docs, closes: #105330. * Fixed unnecessary dirs, closes: #109995. * Fixed incorrect description of the client package, closes: #111390, #111729. * Added integrit and samhain as an alternative to tripwire, closes: #111724, #111529. * Added tiger and bastille, closes: #111726. * Created remoteaudit package and fixed apropriate things, closes: #111730, #111878. * Added lskb | lasg to harden-doc dependency, closes: #111876. * Fixed typo in harden-environment, closes: #111731. -- Ola Lundqvist Mon, 17 Sep 2001 22:54:53 +0200 task-harden (0.0.5) unstable; urgency=low * Added lids packages. * Added some ftp servers that should be avoided. * Removed nfs-common. Nfs is not insecure on the client side. * Added bwnfsd on the conflicts line instead. * Changed to the proper name for build depends on mirrortool -> omt. -- Ola Lundqvist Fri, 13 Jul 2001 23:10:27 +0200 task-harden (0.0.4) unstable; urgency=low * Fixed c&p error in description, closes: #94588. * Fixed fingerd conflict error in harden-servers, closes: #94591. * Added some more things to conflict. -- Ola Lundqvist Fri, 20 Apr 2001 11:56:55 +0200 task-harden (0.0.3) unstable; urgency=low * Splitted the package in several subpackages. * No longer conflicts with ftp-server, closes: #93512. -- Ola Lundqvist Mon, 2 Apr 2001 17:39:12 +0200 task-harden (0.0.2) unstable; urgency=low * Now conflicts some more packages. * Fixed description, closes: #92952. -- Ola Lundqvist Mon, 2 Apr 2001 17:39:12 +0200 task-harden (0.0.1) unstable; urgency=low * Initial Release, closes: #92431. -- Ola Lundqvist Sun, 1 Apr 2001 18:02:13 +0200 harden-0.1.38+nmu1/debian/changelog.stable0000600000000000000000000000234511173250422015144 0ustar task-harden (0.0.5) stable; urgency=low * Added lids packages. * Added some ftp servers that should be avoided. * Removed nfs-common. Nfs is not insecure on the client side. * Added bwnfsd on the conflicts line instead. * Changed to the proper name for build depends on mirrortool -> omt. -- Ola Lundqvist Fri, 13 Jul 2001 23:10:27 +0200 task-harden (0.0.4) unstable; urgency=low * Fixed c&p error in description, closes: #94588. * Fixed fingerd conflict error in harden-servers, closes: #94591. * Added some more things to conflict. -- Ola Lundqvist Fri, 20 Apr 2001 11:56:55 +0200 task-harden (0.0.3) unstable; urgency=low * Splitted the package in several subpackages. * No longer conflicts with ftp-server, closes: #93512. -- Ola Lundqvist Mon, 2 Apr 2001 17:39:12 +0200 task-harden (0.0.2) unstable; urgency=low * Now conflicts some more packages. * Fixed description, closes: #92952. -- Ola Lundqvist Mon, 2 Apr 2001 17:39:12 +0200 task-harden (0.0.1) unstable; urgency=low * Initial Release, closes: #92431. -- Ola Lundqvist Sun, 1 Apr 2001 18:02:13 +0200 Local variables: mode: debian-changelog End: harden-0.1.38+nmu1/debian/harden-servers.config0000600000000000000000000000032011173250422016127 0ustar #!/bin/sh -e . /usr/share/debconf/confmodule db_version 2.0 db_title Harden servers db_input "medium" harden-servers/plaintext || true db_go db_input "medium" harden-servers/inetd || true db_go #QUESTIONS# harden-0.1.38+nmu1/debian/harden-servers.templates0000600000000000000000000000470711173250422016675 0ustar Template: harden-servers/plaintext Type: note _Description: Plaintext passwords Services that use plaintext passwords are almost by definition insecure. The reason is that you cannot know if someone is sniffing your passwords. . In a local environment with no connection to the outside world this is of course not a big problem. On the other hand then you will not need to secure your system at all and should not need this package. . This package conflicts with a lot of server service components that depend on plaintext passwords. Some tools that use plaintext passwords are not conflicted because they can be configured not to use plaintext passwords. So installing this package will only help you with some of the most critical servers. . The advice is to look at each available service and investigate if it uses plaintext passwords. If it does, try to configure it so it starts using encryption or some password exchange algorithm that does not require plaintext passwords. Template: harden-servers/inetd Type: note _Description: Default services and inetd By default some unnecessary services are enabled on your system. The program that provides them is inetd. There are alternatives to inetd which are more flexible. The problem is not that inetd in itself is insecure so you will probably not need to remove it. The problem is that you have to configure it to provide only the services that are really needed. . If you have the normal inetd program installed you should configure it by editing /etc/inetd.conf. . The general rule is to comment all lines that you do not need. If you do not know what it is, you probably do not need it. If you discover some problem you can always uncomment it later. . When you have edited that file, you have to restart the inet daemon with the following command: /etc/init.d/inetd restart Template: harden-servers/vncserver Type: note _Description: VNC server The VNC server in the Debian GNU/Linux distribution contains the tightvnc patches which in addition to adding compression make it possible to use ssh tunnelling. You do that from the client by adding the -via switch when connecting. To make sure that no plaintext passwords are transmitted over the network you have to add firewalling rules on the local machine that disallow direct connections to the VNC ports (see the manpage for exact numbers). Only connections from the local interface should be allowed, to make it possible to tunnel it using ssh. harden-0.1.38+nmu1/debian/genconflicts0000700000000000000000000000124511173250422014421 0ustar #!/bin/bash # This file take the information in $pkg.conflicts and generate conflict # information from that. PKGS=$(cat debian/control | grep "^Package:[[:space:]]" | \ sed -e "s|^Package:[[:space:]][[:space:]]*||;") for PKG in $PKGS ; do if [ -f debian/$PKG.conflicts ] ; then cat debian/$PKG.conflicts | sed -e "s/#.*$//g;" | grep -v "^[[:space:]]*$" | { FULL="" SEP="" while read -e LINE ; do LINE=$(echo $LINE | sed -e "s/[[:space:]]*$//;") LINE=$(echo $LINE | sed -e "s/^[[:space:]]*//;") FULL="$FULL$SEP$LINE" SEP=", " done touch debian/$PKG.substvars echo "harden:Conflicts=$FULL" >> debian/$PKG.substvars } fi done harden-0.1.38+nmu1/debian/harden.README.Debian0000600000000000000000000000206011173250422015314 0ustar harden: ======= GOAL: ----- The goal is to make it easier to install and administrate hosts that need good security. POLICY: ------- This package should be used by people that want some quick help to enhance the security of the system. To do this it will conflict with packages with known flaws. Flaws can be: * Bugs, like buffer overflows. * Sends passwords in plaintext by default. * No access control (http excluded). * other. It should also provide some tools that enhance the security in some sense: * Security analysis. * Intrusion detection. * Security tightening (only recommended). * more. NOTE! No other packages should be depended or recommended because the administrator should have the opportunity to remove them. Ssh are for example not required to make a secure host. FUTURE: ------- In the future this package should be maintained by a group of people. But until there is some kind of consensus about what this package should do I'll keep the maintenance of this package. -- Ola Lundqvist , Thu, 12 Apr 2001 22:23:09 +0200 harden-0.1.38+nmu1/debian/harden.postinst0000600000000000000000000000076611173250422015074 0ustar #! /bin/sh # Harden postinst script using debconf # Written by Ola Lundqvist set -e case "$1" in configure) . /usr/share/debconf/confmodule db_version 2.0 #QUESTIONS# db_stop ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 0 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 harden-0.1.38+nmu1/debian/harden-clients.README.Debian0000600000000000000000000000055411173250422016761 0ustar harden-clients: =============== What packages will be conflicted? * Packages that allow plaintext passwords by default. * Packages with frequent security problems. * Packages that allow callback, which in essence makes them servers even though to the user they look like client programs. -- Ola Lundqvist , Sun, 29 Jan 2006 10:58:27 +0100 harden-0.1.38+nmu1/debian/clean0000700000000000000000000000005111173250422013017 0ustar #!/bin/sh (cd howto-source; make clean) harden-0.1.38+nmu1/debian/changelog.unstable0000600000000000000000000000237011173250422015505 0ustar task-harden (0.0.5) unstable; urgency=low * Added lids packages, closes: #104442. * Added some ftp servers that should be avoided. * Removed nfs-common. Nfs is not insecure on the client side. * Added bwnfsd on the conflicts line instead. * Changed to the proper name for build depends on mirrortool -> omt. -- Ola Lundqvist Fri, 13 Jul 2001 23:10:27 +0200 task-harden (0.0.4) unstable; urgency=low * Fixed c&p error in description, closes: #94588. * Fixed fingerd conflict error in harden-servers, closes: #94591. * Added some more things to conflict. -- Ola Lundqvist Fri, 20 Apr 2001 11:56:55 +0200 task-harden (0.0.3) unstable; urgency=low * Splitted the package in several subpackages. * No longer conflicts with ftp-server, closes: #93512. -- Ola Lundqvist Mon, 2 Apr 2001 17:39:12 +0200 task-harden (0.0.2) unstable; urgency=low * Now conflicts some more packages. * Fixed description, closes: #92952. -- Ola Lundqvist Mon, 2 Apr 2001 17:39:12 +0200 task-harden (0.0.1) unstable; urgency=low * Initial Release, closes: #92431. -- Ola Lundqvist Sun, 1 Apr 2001 18:02:13 +0200 Local variables: mode: debian-changelog End: harden-0.1.38+nmu1/debian/control0000600000000000000000000001407012053227032013421 0ustar Source: harden Section: admin Priority: extra Maintainer: Ola Lundqvist Build-Depends-Indep: perl Build-Depends: debhelper (>> 4.1.16), po-debconf Standards-Version: 3.7.2 Package: harden Architecture: all Depends: harden-environment, harden-servers, ${misc:Depends}, debconf (>= 1.2.0) Recommends: harden-tools Suggests: sudo, harden-clients, harden-nids, harden-remoteaudit, harden-surveillance, harden-doc Description: Makes your system hardened This package is intended to help the administrator to improve the security of the system, or at least make the host less susceptible. . NOTE! This package will not make your system uncrackable, and it is not intended to do so. Making your system secure involves a LOT more than just installing a package. You are recommended to read at least some documents in addition to installing this package. . There is a LOT of information available on making your system more secure. A good place to start is with the harden-doc package or at http://www.debian.org/doc/manuals/securing-debian-howto/ Package: harden-servers Architecture: all Depends: ${misc:Depends}, debconf (>= 1.2.0) Conflicts: ${harden:Conflicts} Description: Avoid servers that are known to be insecure Harden-servers gives the administrator an easy way to avoid servers that are insecure in some sense. It conflicts with: servers that need passwords in plaintext, packages that can give someone access to the local host without permission, and packages that give system information to remote users. . NOTE! This package will not make your system uncrackable, and it is not intended to do so. Making your system secure involves a LOT more than just installing a package. . For more information on how to secure your system see: http://www.debian.org/doc/manuals/securing-debian-howto/ Package: harden-clients Architecture: all Depends: ${misc:Depends}, debconf (>= 1.2.0) Conflicts: ${harden:Conflicts} Suggests: openssh-client Description: Avoid clients that are known to be insecure Harden-clients gives the administrator an easy way to avoid installing clients that are insecure in some sense. It conflicts with: clients that need to send passwords in plaintext, and packages that can give someone access to the local host without permission. . NOTE! This package will not make your system uncrackable, and it is not intended to do so. Making your system secure involves a LOT more than just installing a package. . For more information on how to secure your system see: http://www.debian.org/doc/manuals/securing-debian-howto/ Package: harden-surveillance Architecture: all Depends: nagios3 | nagios2 | nagios | netsaint Description: Check services and/or servers automatically This package helps you to install tools for active network surveillance. Surveillance is the process of constant monitoring of networks and services to check that they work as expected. Package: harden-development Architecture: all Recommends: rats Description: Development tools for creating more secure programs This package helps you to install tools that can be useful in order to create better programs in the context of security. . Such tools need knowledge from the program author so it will not automatically make your programs better. Package: harden-tools Architecture: all Suggests: john, gnupg, bastille, tiger Description: Tools to enhance or analyze the security of the local system Harden-tools helps you to install tools that the administrator can use to enhance the security of the local system in some way. . NOTE! This package will not make your system uncrackable, and it is not intended to do so. Making your system secure involves a LOT more than just installing a package. . For more information on how to secure your system see: http://www.debian.org/doc/manuals/securing-debian-howto/ Package: harden-environment Architecture: all Depends: debsums | samhain | integrit | tripwire | aide | ids, sash | osh Recommends: logcheck, checksecurity Suggests: harden-nids, sudo, debsums, samhain, integrit, tripwire, aide, ids, sash, osh, libsafe Description: Hardened system environment Harden-environment provides a hardened system environment, or at least helps the administrator to configure such an environment. . Right now this includes packages for local intrusion detection. . NOTE! This package will not make your system uncrackable, and it is not intended to do so. Making your system secure involves a LOT more than just installing a package. . For more information on how to secure your system see: http://www.debian.org/doc/manuals/securing-debian-howto/ Package: harden-nids Architecture: all Depends: snort | ntop Recommends: logcheck Description: Harden a system by using a network intrusion detection system This package helps you to install a network intrusion detection system. A network intrusion detection system is a tool that analyzes network packets and logs anomalies or known crack attempts. . NOTE! Network intrusion detection systems do not find all attempts to crack your system. They can also be pretty hard to set up so please read more about this before you start the process. Package: harden-remoteaudit Architecture: all Priority: optional Suggests: openvas-scanner | openvas-server, openvas-client, nagios3, dsniff, harden-nids, ettercap Description: Audit your remote systems from this host This package helps you to install a set of tools to check remote systems, sniff for passwords and more. Observe that this kind of activity can be illegal so you have to check if you are authorized to do so in the environment where you install this package. . You can check exploits, sniff for passwords and similar things. . Nessus note: You have to have the nessus client installed on some host. The client is provided by the 'nessus' package. You can install it on the same host but that is not necessary. . NOTE! This package includes packages that can damage the system that you audit. It should ONLY be used to audit hosts, networks or systems that you are allowed to audit. I repeat: it can damage the hosts that are checked. You have been warned! harden-0.1.38+nmu1/debian/substfile0000700000000000000000000000162111173250422013741 0ustar #!/usr/bin/perl # Substitute EXPRESSION in chfile with content of wfile. # USAGE: substfile expr chfile wfile # Changes: # 2002-03-23 Ola Lundqvist # Wrote it. $expr = shift @ARGV; $chfile = shift @ARGV; $wfile = shift @ARGV; print("Substituting $expr in $chfile with content of $wfile.\n"); $expr =~ s/\%/\\\%/g; if (open (CF, "$chfile")) { my @lines = ; close (CF); undef $/; $wcont = ""; if (open (WF, "$wfile")) { $wcont = ; close (WF); } else { print ("Unable to open $wfile for reading.\n"); } if (open (CF, ">$chfile")) { foreach my $l (@lines) { if ($l =~ /\s*$expr\s*/) { print CF $wcont; print "C"; } else { print CF $l; print "."; } } close (CF); print ("\n"); } else { print ("Unable to open $chfile for writing.\n"); } } else { print ("Unable to open $chfile for reading.\n"); } harden-0.1.38+nmu1/debian/harden-clients.questions0000600000000000000000000000000011173250422016657 0ustar harden-0.1.38+nmu1/debian/harden-clients.config0000600000000000000000000000023311173250422016102 0ustar #!/bin/sh -e . /usr/share/debconf/confmodule db_version 2.0 db_title Harden clients db_input "medium" harden-clients/plaintext || true db_go #QUESTIONS# harden-0.1.38+nmu1/debian/harden-clients.postinst0000600000000000000000000000076611173250422016533 0ustar #! /bin/sh # Harden postinst script using debconf # Written by Ola Lundqvist set -e case "$1" in configure) . /usr/share/debconf/confmodule db_version 2.0 #QUESTIONS# db_stop ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 0 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 harden-0.1.38+nmu1/debian/copyright0000600000000000000000000000213511173250422013751 0ustar This package was debianized by Ola Lundqvist on Sun, 1 Apr 2001 18:02:13 +0200. This package is a native debian package and was initially created by Ola Lundqvist after some dicussion on debian-devel. Actually this had been proposed at least twice by different people. Copyright: Copyright (C) 2001-2007 Ola Lundqvist Harden is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. Harden is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License with your Debian GNU system, in /usr/share/common-licenses/GPL, or with the Debian GNU gnupg source package as the file COPYING. If not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. harden-0.1.38+nmu1/debian/harden.templates0000600000000000000000000000102011173250422015167 0ustar Template: harden/welcome Type: note _Description: Harden your Debian GNU/Linux system Hardening your Debian GNU/Linux system is NOT as simple as installing a package. You need a LOT of knowledge about what to do when configuring the system. This package will try to help you to take proper actions and will give some suggestions. . In the harden-doc package you can find documentation on how to make your Debian installation more secure. It is also available at: http://www.debian.org/doc/manuals/securing-debian-howto/ harden-0.1.38+nmu1/debian/harden-servers.dirs0000600000000000000000000000002711173250422015627 0ustar var/lib/harden-servers harden-0.1.38+nmu1/debian/harden-clients.conflicts0000600000000000000000000000006011173250422016617 0ustar x2vnc svncviewer telnet ftp-upload gcjwebplugin harden-0.1.38+nmu1/debian/genquestions0000700000000000000000000000117211173250422014466 0ustar #!/bin/bash # This file take the information in $pkg.conflicts and generate conflict # information from that. PKGS=$(cat debian/control | grep "^Package:[[:space:]]" | \ sed -e "s|^Package:[[:space:]][[:space:]]*||;") for PKG in $PKGS ; do if [ -f debian/$PKG.questions ] ; then if grep "#QUESTIONS#" debian/$PKG/DEBIAN/config > /dev/null 2>&1 ; then debian/substfile "#QUESTIONS#" \ debian/$PKG/DEBIAN/config debian/$PKG.questions fi if grep "#QUESTIONS#" debian/$PKG/DEBIAN/postinst > /dev/null 2>&1 ; then debian/substfile "#QUESTIONS#" \ debian/$PKG/DEBIAN/postinst debian/$PKG.questions fi fi done harden-0.1.38+nmu1/debian/harden-clients.templates0000600000000000000000000000174511173250422016644 0ustar Template: harden-clients/plaintext Type: note _Description: Plaintext passwords Services that use plaintext passwords are almost by definition insecure. The reason is that you cannot know if someone is sniffing your passwords. . In a local environment with no connection to the outside world this is of course not a big problem. On the other hand then you will not need to secure your system at all and should not need this package. . This package conflicts with a lot of client service components that depend on plaintext passwords. Some tools that use plaintext passwords are not conflicted because they can be configured not to use plaintext passwords. So installing this package will only help you with some of the most critical clients. . The advice is to look at each available client and investigate if it uses plaintext passwords. If it does, try to configure it so it starts using encryption or some password exchange algorithm that does not require plaintext passwords. harden-0.1.38+nmu1/debian/rules0000711000000000000000000000267411173250422013106 0ustar #!/usr/bin/make -f # Sample debian/rules that uses debhelper. # GNU copyright 1997 to 1999 by Joey Hess. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 # This is the debhelper compatability version to use. export DH_COMPAT=4 LANGS=ru it de configure: configure-stamp configure-stamp: dh_testdir touch configure-stamp build: configure-stamp build-stamp build-stamp: dh_testdir touch build-stamp clean: dh_testdir dh_testroot -rm -f build-stamp configure-stamp debconf-updatepo dh_clean install: build dh_testdir dh_testroot dh_clean -k dh_installdirs for a in harden-clients harden-servers ; do \ mkdir -p $(CURDIR)/debian/$$a/usr/share/lintian/overrides ; \ echo "$$a: postinst-uses-db-input" > $(CURDIR)/debian/$$a/usr/share/lintian/overrides/$$a ; \ done binary-arch: # Build architecture-independent files here. binary-indep: build install dh_testdir -i dh_testroot -i dh_installdebconf -i dh_installdocs -i # dh_installexamples -i # dh_installmenu -i # dh_installlogrotate -i # dh_installpam -i # dh_installmime -i # dh_installinit -i # dh_installcron -i # dh_installman -i dh_installinfo -i dh_installchangelogs -i dh_link -i # dh_strip -i dh_compress -i dh_fixperms -i # dh_makeshlibs -i debian/genconflicts dh_installdeb -i debian/genquestions # dh_perl -i dh_shlibdeps -i dh_gencontrol -i dh_md5sums -i dh_builddeb -i binary: binary-indep .PHONY: build clean binary-indep binary install configure harden-0.1.38+nmu1/debian/harden.config0000600000000000000000000000020611173250422014443 0ustar #!/bin/sh -e . /usr/share/debconf/confmodule db_version 2.0 db_title Harden db_input "low" harden/welcome || true db_go #QUESTIONS# harden-0.1.38+nmu1/debian/harden-servers.README.Debian0000600000000000000000000000052711173250422017011 0ustar harden-servers: =============== What packages will be conflicted? * Packages that provide unauthenticated login. * Packages that allow plaintext passwords by default. * Packages with frequent security problems. * Packages that give information about system information. -- Ola Lundqvist , Sun, 29 Jan 2006 10:58:27 +0100 harden-0.1.38+nmu1/COPYING0000600000000000000000000004310311173250423011630 0ustar GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License.