Firewall Wizards mailing list archives

Re: Unix Hardening for FW installation

From: "Marcus J. Ranum" <mjr () nfr net>
Date: Wed, 27 Oct 1999 21:13:07 -0400

Can anyone suggest resources or sites with info on securing a UNIX system
for installation of a firewall.


I used to believe in "stripping" operating systems. Now I believe
in "building" them. Rather than removing what I think may be bad,
I prefer to start with a bootstrap loader and add the things I
need.:)

The NFR appliance (which I happened to do the first round of
system integration for) was built in the manner described above.
I took the bootstrap, added a kernel and filesystem, a minimum
of devices, and then coded my own version of init and everything
above kernel space.

Been bitten too many times by trusting other people's apps. No
shell, no password file, no /etc/fstab, no nothing equals nothing
to go wrong.

mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr

Current thread:

Unix Hardening for FW installation brendon . b . taylor (Oct 27)
- Re: Unix Hardening for FW installation Marcus J. Ranum (Oct 27)
  - Re: Unix Hardening for FW installation Chris Boscolo (Oct 28)
    - Re: Unix Hardening for FW installation Marcus J. Ranum (Oct 28)
- Re: Unix Hardening for FW installation Philip S Holt / Security Engineering (Oct 28)
- Re: Unix Hardening for FW installation Mat Henley (Oct 28)
- RE: Unix Hardening for FW installation David Cocking (Oct 28)
- <Possible follow-ups>
- re: Unix Hardening for FW installation Cliff Watts (Oct 29)