[ale] best dist for firewall?
Tyler Kiley
tyler at kianta.com
Fri May 3 22:05:05 EDT 2002
Ya, but I was thinking you need /etc/fstab to know what device to mount at
/etc.....
Tyler
On Friday 03 May 2002 03:57 pm, jb at sourceillustrated.com wrote:
> Technically, you can mount *anything* from a floppy...
>
> > I'm intrigued by the idea of using removable media to store a firewall
> > configuration.... would it be possible to mount a machine's /etc
> > directory from a floppy, or is /etc required on the root filesystem?
> >
> > Tyler
> >
> > On Friday 03 May 2002 02:58 pm, cfowler wrote:
> >> A firewall is a firewall.
> >>
> >> It is not:
> >>
> >> A Mail Server
> >> A Web Server
> >> A Shell Server
> >> A Etc. Server
> >>
> >> It is a firewall
> >>
> >> Maybe a very tight shell to configure the rules. But if you do
> >> it write you can create a firewall on floppy that would
> >> require mounting on a cliet machine to configure then booting up on.
> >> Now that is a firewall!
> >>
> >> On Fri, 2002-05-03 at 14:28, Glenn C. Lasher Jr. wrote:
> >> > I will second this. Slackware 8.0 is exactly the right distro for a
> >> > firewall. Not only does it not suffer the operational and security
> >> > issues of RH, but it also even lets you pick --at install time--
> >> > what version of kernel you want to run, and, if you pick 2.4.x, will
> >> > let you set up ReiserFS before installing. We 'ave one. Ees ver'
> >> > nayze.
> >> >
> >> > On Thu, 2 May 2002, Transam wrote:
> >> > > > I'm setting up a firewall on a 120mhz, 16meg machine. I'd like
> >> > > > to run iptables, snort/acid and a mysql db to store the snort
> >> > > > info.
> >> > > >
> >> > > > Any recommended distros? It'd be nice to get something minimal
> >> > > > (possibly tightened) but with the 2.4 kernel (for the stateful
> >> > > > firewalling capabilities). I considered Slackware or Debian and
> >> > > > then upgrading the kernel, but the thought of compiling on a
> >> > > > 120mhz machine is not a happy one. Considering Peanut as well,
> >> > > > but it seems to be heavily configured for the desktop. I guess
> >> > > > it's a last resort.
> >> > >
> >> > > Slackware 8.0! I've found Slackware FAR less buggy (both in
> >> > > security bugs and in annoying operational bugs) than either Red
> >> > > Hat or Mandrake and far easier to install. It also requires FAR
> >> > > less security patches and thus yields a lower-maintenance system.
> >> > > Some of this is due, I think, to their interest in the best
> >> > > disribution rather than the most money and easiest and most toys
> >> > > (sound familiar). Some of it is due to less "stuff" on it.
> >> > > However, you certainly do NOT want a lot of extra junk on a
> >> > > Firewall.
> >> > >
> >> > > Sheesh. RH7.1 did not even ship with a working IP Tables. I had
> >> > > to download a working kernel and configure and compile it.
> >> > >
> >> > > I run Slackware on my Laptop and love it. I use Red Hat on my
> >> > > desktop only because it is the most popular distribution with my
> >> > > clients and the friend who built my desktop put it on and I was
> >> > > too lazy to install Slackware over it. (Installing Red Hat over a
> >> > > running Slackware system would have been just as much work and
> >> > > certainly greater than zero.)
> >> > >
> >> > > Any Set-UID or Set-GID program is a security risk. When I build a
> >> > > Firewall I turn all of that stuff off. X always is first on my
> >> > > list and GPM is second!
> >> > >
> >> > > > Thanks as always,
> >> > > >
> >> > > > John
> >> > >
> >> > > Bob Toxen
> >> > > transam at cavu.com [Bob's ALE Bulk email]
> >> > > bob at verysecurelinux.com [Please use for email to
> >> > > me] http://www.verysecurelinux.com [Network&Linux/Unix
> >> > > security consulting] http://www.realworldlinuxsecurity.com/ [My 5*
> >> > > book:"Real World Linux Security"] http://www.cavu.com/sunset.html
> >> > > [Sunset Computer]
> >> > > Fly-By-Day Consulting, Inc. "Don't go with a fly-by-night
> >> > > outfit!" Quality Linux & UNIX security and SysAdmin & software
> >> > > consulting since 1990.
> >> > >
> >> > > ---
> >> > > This message has been sent through the ALE general discussion
> >> > > list. See http://www.ale.org/mailing-lists.shtml for more info.
> >> > > Problems should be sent to listmaster at ale dot org.
> >> >
> >> > glasher at nycap.rr.com
> >> > You've been programmed by the Illuminati not to see the word "".
> >> >
> >> >
> >> > ---
> >> > This message has been sent through the ALE general discussion list.
> >> > See http://www.ale.org/mailing-lists.shtml for more info. Problems
> >> > should be sent to listmaster at ale dot org.
> >>
> >> ---
> >> This message has been sent through the ALE general discussion list.
> >> See http://www.ale.org/mailing-lists.shtml for more info. Problems
> >> should be sent to listmaster at ale dot org.
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should
> be sent to listmaster at ale dot org.
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list