Re: Task-harden

To: opal@debian.org
Cc: debian-devel@lists.debian.org, drpablo@mail.com
Subject: Re: Task-harden
From: DrPablo@mail.com
Date: Tue, 3 Apr 2001 14:56:22 -0300 (BRT)
Message-id: <[🔎] 20010403175622.6FAA5124045@thespectra.cjb.net>

Hello Ola!

On Mon, Apr 02, 2001 at 01:45:14PM -0300, DrPablo@mail.com wrote:

<snip>
| 
| Ahh now I remember one more package.
| 
| imap should be avoided, imap-ssl is better. :)
| 
| No protocols that needs passwords in plaintext. :)

	Good!

<snip>

| I think it is the tools that needs inetd...
| 
| But (as someone said) inetd should not be installed as default.
| Only the packages that really needs inetd should depend on it.
| Like telnetd (and so on).

	Well... Keep that package! I guess I followed a thread that said
that will be the default behavior: I mean, netbase will not contain
inetd anymore and only some packages will depend on it. Anyway xinetd,
which is already packaged, seems much better choice. Since it is under
main/net (not non-free or contrib), I guess task-harden could Recommend
or Require it. Maybe "Require: (inetd & tcpd) | xinetd" will do
the task! (Look: I don't know if this is allowed!)

| > 
| >       BTW, what do you think of packaging DTK (Deception ToolKit)
| > (http://all.net/dtk/dtk.html). I don't know about their licensing
| > issues, but I think it is a good tool.
| 
| Well I do not think I personally like the license. Quite good
| but we have to report all changes back...

	Yeah! I have already emailed the maintainer suggesting him to
release it under GPL or similar (since his goal is to spread that dtk
approach as much as possible), but I've got no response.

| I think it is too similar to something that I myself wrote some
| years ago. Maybe they got a bit further but personally I do not
| like the idéa. Use firewall rules instead. :) But if you like
| it package it and see how good it works. I just do not like the
| idéa (that I used myself before I know about things like ipchains)
| to hook on tcpd...

	If you could dig it up, I'd appreciate. I like the concept. Of
course: I use good firewall rules, but, considering that there are
several users that just don't want to configure ipchains/iptable, or
compile the kernel to do firewalling, maybe something like apt-get
install dtk would be better than nothing.
	Besides, good firewall rules && dtk is even better than good
firewall rules || dtk.
	I am almost thinking of launch a project under sourceforge.net
(something like freedtk) to accomplish this. But I don't want to use
their code.

| Regards,
| 
| // Ola

Reply to:

Prev by Date: dist-upgrade to woody
Next by Date: Re: Changing standard mailbox setup of Debian?
Previous by thread: Re: Task-harden
Next by thread: Re: Task-harden
Index(es):
- Date
- Thread