Firewall Wizards mailing list archives
Re: Hardening, (was Re: chroot useful?)
From: Craig Brozefsky <craig () onshore com>
Date: Sun, 23 Nov 1997 10:21:18 -0600
On Sun, 23 Nov 1997, Marcus J. Ranum wrote:
Darren Reed wrote:Sigh. Why does everyone pick on man pages ?Because man pages don't fight back!! :) Seriously, though, my view is that if you're stud enough to be messing around on my box, you shouldn't need the man pages. If you do, you're not stud enough, ipso facto.
Ok stud, which vowels are not ls command line arguments. Tell me that without a man page 8) I went thru something like this with a Debian Linux box a few months ago. I find their distribution simple enough that I could easily strip it down to all but the neccesities, and remove all the setuid binaries. Granted it was then no longer a real multi-user unix, but what the hell. The Debian package system is helpful because you can really easily add/subtract things from the system, and it will preserve your various configurations along the way. To be honest tho I still found that Linux and the tools I could use on it did not give me as much flexibility in the implementation of my desired security policy. It wouldn't take that much work to whip up some better policy rules for the FWTK, or even to rewrite large portions of it, considering that much of it is kinda buggy (ie. http-gw rewriting javascript hrefs and breaking the funcs), but seems like noone has done that yet. Are their any initiatives for rewriting, or developing an entirely new firewall toolkit for Linux and other free BSDs? I'm looking for something that would allow me to do a full default deny firewall with a very complex set of protocols that much be allowed thru, ranging from ssh, to http, to raudio etc... Craig Brozefsky craig () onshore com onShore Inc. http://www.onshore.com/~craig Development Team p_priority=PFUN+(p_work/4)+(2*p_cash) I hear my inside, the mechanized hum of another world - Steely Dan
Current thread:
- Re: Hardening, (was Re: chroot useful?) Jim Raykowski (Nov 21)
- Re: Hardening, (was Re: chroot useful?) Marcus J. Ranum (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Darren Reed (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Marcus J. Ranum (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Craig Brozefsky (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Petri Virkkula (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Craig Brozefsky (Nov 24)
- Test Systems - was Re: Hardening John Lines (Nov 24)
- Time for a new FWTK? chuck yerkes (Nov 24)
- Re: Time for a new FWTK? Marcus J. Ranum (Nov 24)
- Re: Time for a new FWTK? -= ArkanoiD =- (Nov 25)
- Re: Time for a new FWTK? Ge' Weijers (Nov 25)
- Re: Hardening, (was Re: chroot useful?) Darren Reed (Nov 23)
- Re: Time for a new FWTK? Ted Doty (Nov 25)
- Re: Hardening, (was Re: chroot useful?) Marcus J. Ranum (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Darren Reed (Nov 24)