I want your feedback on secure/fast/reliable linux

Kevin Patrick Crowley contact at seii.com
Sun Oct 29 14:38:46 PST 2000


To be really basic and paranoid.
Have it start as few things as possibleand pracitical.  If the installer
wants a specific application you don't load by default but include have a
spot for them to request it and then show them the potential holes caused
by it.
Start everything that you will support in paranoia mode, but, make it
simple to open it wider at the installers discretion and be somewhat
annoying with warnings if they choose to be less paranoid.
Force the root password to be long, arduous and of mixed types.
Don't include anything you don't trust.  If someone wants something like
that force them to find it and install it.

My two zinc-copper discs,

                        Kevin

scott thomason wrote:

> I booted my very own linux distro last night! Well, I have to give
> almost all the credit to Gerard at linuxfromscratch.org (but I *have*
> made a few changes already). The reason I'm building it is to provide
> (as http://industrial-linux.org says) the best dang linux server
> distribution in terms of security, reliability, and performance.
>
> That said, the point of this message is to ask you MLUG/LUNI/LFS
> members what *YOU* would like to see in a "perfect" linux server
> distro (save the OpenBSD comments for someone else). I have my ideas,
> but I've long since learned that I don't know everything :)
>
> Here are some of the things I'm planning on:
> - Pre-hardened like the Guides at industrial-linux.org describe
> - Qmail instead of sendmail, tcpserver instead of inetd, ...
> - Chroot'ed services where it makes sense, like DNS
> - Firewall-building tool that makes it easy to setup complex
> firewalls for 3+ NICs with different services to different devices
> - Router-oriented system...kernel options thru routing software
> (Zebra? Gated? ???)
> - LIDS, Tara, Swatch, Tripwire, ... built-in
> - Periodic status reports (like *BSD) on security & changes to the
> system
>
> Football coaching is done for the year, and I'm ready to put some
> serious effort into the IL distro. I welcome your feedback!
> ---scott


-- 
Unsubscribe: send email to lfs-discuss-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message




More information about the lfs-dev mailing list