Firewall Wizards mailing list archives
RE: Securing a Linux Firewall
From: David Lang <david.lang () digitalinsight com>
Date: Wed, 24 Jul 2002 13:17:10 -0700 (PDT)
when you are considering things for strippng off the box you should think about what you want on there for debugging and leave that there. for example on a firewall you may want to leave something like perl or tcpdump on there even though you don't use them for normal firewall operations becouse you want them on there for debugging, but do you really need apache and gnome on there? (just picking a couple large packages as examples) David Lang On Tue, 23 Jul 2002, Carson Gaspar wrote:
There are a few reasons I don't like the "strip everything off the box" mentality. - It frequently makes debugging problems nearly impossible, as the necessary tools are not present. - Every time a patch or a new OS version is released, the set of files that are required changes. Also, new privileged binaries may appear. I've had to maintain "jumpstart"-like images for secure servers. Maintaining a "known-good" list for privileged binaries is relatively straightforward. Maintaining a "known-good" list of _all_ binaries is a nightmare. I further assert that maintaining a "known-bad" list is a lost cause. -- Carson _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Securing a Linux Firewall, (continued)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall Carson Gaspar (Jul 24)
- Re: Securing a Linux Firewall BORBELY Zoltan (Jul 24)
- RE: Securing a Linux Firewall Bill Royds (Jul 24)
- Re: Securing a Linux Firewall Kyle R. Hofmann (Jul 24)
- Re: Securing a Linux Firewall Stephen P. Berry (Jul 26)
- Re: Securing a Linux Firewall R. DuFresne (Jul 26)
- Re: Securing a Linux Firewall Gwendolynn ferch Elydyr (Jul 24)
- Re: Securing a Linux Firewall Stephen P. Berry (Jul 25)
- Re: Securing a Linux Firewall Gwendolynn ferch Elydyr (Jul 25)
- RE: Securing a Linux Firewall David Lang (Jul 24)