Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Debian 10
Introduction
General Principles
Minimize Software to Minimize Vulnerability
Minimize Software to Minimize Vulnerability
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
Minimize Software to Minimize Vulnerability
The simplest way to avoid vulnerabilities in software is to avoid installing that software. On Debian 10,the Package Manager (originally
apt
), allows for careful management of the set of software packages installed on a system. Installed software contributes to system vulnerability in several ways. Packages that include setuid programs may provide local attackers a potential path to privilege escalation. Packages that include network services may give this opportunity to network-based attackers. Packages that include programs which are predictably executed by local users (e.g. after graphical login) may provide opportunities for trojan horses or other attack code to be run undetected. The number of software packages installed on a system can almost always be significantly pruned to include only the software for which there is an environmental or operational need.