Firewall Wizards mailing list archives
Re: Unix Hardening for FW installation
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Wed, 27 Oct 1999 21:13:07 -0400
Can anyone suggest resources or sites with info on securing a UNIX system for installation of a firewall.
I used to believe in "stripping" operating systems. Now I believe in "building" them. Rather than removing what I think may be bad, I prefer to start with a bootstrap loader and add the things I need.:) The NFR appliance (which I happened to do the first round of system integration for) was built in the manner described above. I took the bootstrap, added a kernel and filesystem, a minimum of devices, and then coded my own version of init and everything above kernel space. Been bitten too many times by trusting other people's apps. No shell, no password file, no /etc/fstab, no nothing equals nothing to go wrong. mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- Unix Hardening for FW installation brendon . b . taylor (Oct 27)
- Re: Unix Hardening for FW installation Marcus J. Ranum (Oct 27)
- Re: Unix Hardening for FW installation Chris Boscolo (Oct 28)
- Re: Unix Hardening for FW installation Marcus J. Ranum (Oct 28)
- Re: Unix Hardening for FW installation Chris Boscolo (Oct 28)
- Re: Unix Hardening for FW installation Philip S Holt / Security Engineering (Oct 28)
- Re: Unix Hardening for FW installation Mat Henley (Oct 28)
- RE: Unix Hardening for FW installation David Cocking (Oct 28)
- <Possible follow-ups>
- re: Unix Hardening for FW installation Cliff Watts (Oct 29)
- Re: Unix Hardening for FW installation Marcus J. Ranum (Oct 27)