Firewall Wizards mailing list archives
Re: Securing a Linux Firewall
From: Brian Hatch <firewall-wizards () ifokr org>
Date: Tue, 23 Jul 2002 16:26:26 -0700
BTW, Marcus once wrote about an idea of creating a firewall by starting with a kernel and just a few basic utilities and then *adding* only the necessary software (as opposed to removing the unnecessary). While I have yet to try this, it sounds difficult but probably more secure to me.
This is always what I do. Why delete unneeded things when you can add only the stuff you need as it comes up. That's certainly the BSD ports way. My procedure for Linux boxes is: 1) boot Debian install floppy 2) install base 3) exit when it starts up the package selection tools, before it even suggests adding more things. You now have the absolute base stuff you could need to boot. At that point, install what you need manually: 4) apt-get install ssh 5) ... Of all the paraniod systems I run, the one with the most packages is www.hackinglinuxexposed.com because it needs to run Apache, and it only has 40 debs installed. (That's including the libraries and wierd dependencies like 'ssh depends on adduser'.) And Debian is pretty good about being minimalistic in what it packages together. A typical install will be more like 300 debs. -- Brian Hatch Smith & Wesson: Systems and The original Security Engineer Point and Click http://www.ifokr.org/bri/ device. Every message PGP signed
Attachment:
_bin
Description:
Current thread:
- Re: Securing a Linux Firewall, (continued)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall Frederick M Avolio (Jul 23)
- Re: Securing a Linux Firewall Kevin Steves (Jul 26)
- RE: Securing a Linux Firewall Bruce Platt (Jul 23)
- RE: Securing a Linux Firewall Carson Gaspar (Jul 23)
- RE: Securing a Linux Firewall Paul Robertson (Jul 23)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall John McDermott (Jul 23)
- Re: Securing a Linux Firewall Marcus J. Ranum (Jul 23)
- Re: Securing a Linux Firewall Marcus J. Ranum (Jul 23)
- RE: Securing a Linux Firewall Carson Gaspar (Jul 23)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall Carson Gaspar (Jul 24)
- Re: Securing a Linux Firewall BORBELY Zoltan (Jul 24)
- RE: Securing a Linux Firewall Bill Royds (Jul 24)
- Re: Securing a Linux Firewall Kyle R. Hofmann (Jul 24)
- Re: Securing a Linux Firewall Stephen P. Berry (Jul 26)
- Re: Securing a Linux Firewall R. DuFresne (Jul 26)
- Re: Securing a Linux Firewall Gwendolynn ferch Elydyr (Jul 24)
- Re: Securing a Linux Firewall Stephen P. Berry (Jul 25)
- Re: Securing a Linux Firewall Gwendolynn ferch Elydyr (Jul 25)
- RE: Securing a Linux Firewall David Lang (Jul 24)