Firewall Wizards mailing list archives
RE: Custom Unix server installations -- to harden extens ively ?
From: "Loomis, Rip" <GILBERT.R.LOOMIS () saic com>
Date: Fri, 16 May 2003 09:01:36 -0400
Well, once upon a time, there was a distribution called "Storm Linux" which was designed, from day one, to be a firewall.
It may be stating the obvious, but something that may have been secure in 2001 will not be secure today [...]
Since it's Debian, can YOU say apt-get ????
Hmm. It was *derived* from Debian, but anything that was done by Storm Linux to change the default Debian installation is now at least one of the following: - Incorporated into the Debian install already - Superseded by a later Debian official change to the same package (and therefore gone as soon as you do an apt-get) - No longer a good idea, because it is based on assumptions that are no longer true - Present on your system after an apt-get, but no longer working correctly because the behavior of some related package has changed in the meantime - Maybe, JUST MAYBE still worth doing and it will still be active on your system--but since no one's maintaining Storm Linux and few are using it, it'll be damnably hard to know which things are in this category and to ensure they're effectively used. I like Debian a lot and use it every day. There are a lot of security-relevant packages which could be installed and would probably do 90% of what Storm Linux was intended to do--they just won't all be installed by default. There have also been a few changes/improvements to the underlying kernel in the meantime. I can't fathom why anyone would install Storm Linux and then update to current Debian. Why not just come up with a very specific Debian install that meets your needs? How are any remaining Storm Linux-specific packages actually going to be a net gain for you? If it helps, it looks as though I'll be working with a co-worker to "port" the cisecurity.org Linux scoring tool (currently only handles RedHat and Mandrake) over to Debian. That, plus the existing Debian "bastille" package, should at least make it easier to set up a bastion host, if not a full-up firewall. -- Rip Loomis Senior Systems Security Engineer, SAIC CIST Brainbench MVP for Internet Security | http://www.brainbench.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Custom Unix server installations -- to harden extens ively ? Loomis, Rip (May 16)