[RFC] Add CrackLib to Chapter 6 LFS

Matthew Burgess matthew at linuxfromscratch.org
Fri Aug 5 04:21:47 PDT 2005

Kev Buckley wrote:

> If LFS is going to be *secure*, then personally I hope you guys get
> rid of most of the inetutils clients

Well, we already remove the servers, so by removing the clients we may 
as well just remove the entire package :)  Seriously though, secure 
versions for most of those clients are available:

ftp (FHS-3.4.3) -> sftp
ping (FHS-3.4.3) -> ???
rcp -> scp
rlogin -> ???
rsh -> ssh
talk (POSIX) -> ???
telnet -> ssh
tftp (FHS-3.4.3) -> sftp

As you can see, the FHS only stipulates that ftp and tftp should be on a 
system when "restoration of a system is planned through the network". 
'ping' is a tough one though.  The FHS says it should be in '/bin' "if 
the corresponding subsystem is installed".  I assume in this example, 
the corresponding subsystem would be networking, right?  The LSB doesn't 
mention any of the binaries in 
either.  The POSIX SuSV3 standard lists 'talk' as optional, and doesn't 
mention the other utilities at all.

Whilst researching this was quite enlightening, I think that such system 
hardening really does fall into "your distro, your rules".  Clients such 
as ftp and telnet are still largely useful, and therefore I think it 
should be up to each sysadmin to determine whether they definitely do 
not require the functionality they provide.



More information about the lfs-dev mailing list