[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Update of Firewall page

	Henry Hollenberg     speed@barney.iamerica.net 

Hubert Weikert wrote:

> One point remains: are you sure to set netstd to _nec-build_? I think, the
> one or other daemon or utility is needed in a running system. Not all of
> them, but some.

Description: Networking binaries and daemons for Linux
 The netstd package provides you with the standard networking services
 (server and clients).  This includes services like ftp, telnet, nfs,
 pcnfsd, bootp, tftp, finger, rsh, rlogin and others.

Well I must have been in a harsh mood :-), but seriously once the system
is built and running if a hacker breaks in....ie gets a shell somehow, it
would seem to slow them down if they couldn't ftp tools into the
system....that was my thinking anyway....not sure what "others" at the end
of the sentence.  I know we don't need nfs, pcnfsd, bootp, tftp, finger,
or the "r" commands....

my thought was to try it and see if it will work...if so great, if not add
it back....

unless there is a show stopper in "others"!!!

> > Also I never have gotten it straight how I'm to use the 3 CD Debian set I
> > got and dpkg and the lists of acceptable packages...
> > 
> > I know it involves dpkg --get-selections and dpkg --set-selections
> > and I guess mounting the CD.....maybe the -R recursive switch
> > 
> > any clues?
> No. I don't catched what you mean. Maybe that my english needs some
> inprovement (I'm a native German-speaker).

I wish my German was as good as your english....I was on a business trip
over there in Oct, loved the food, beer....and the people were very
friendly...tolerated ignorant americans very gracefully.  I have some
relatives in Northern Germany.....one of these days I'm going to come over
for a long visit....maybe even learn the language.

This is my question, short and sweet:

How are we going to automate the use of this custom list of packages?

There must be a better way to do things than picking out each package by
hand.  That is why I was refferring to dpkg --get-selections and 
dpkg --set-selections.

So what are the exact steps neede to "automate" the use of this list:


base install

mount cdrom
cd /mnt/stable
dpkg --set-selections < /tmp/custom_package_list -R


Here are some notes from Joost on the subject as well:

>From Joost Kooij <kooij@mpn.cp.philips.com>
>Dselect's standard way of getting to know what packages are available in
>an archive is to run dpkg --update-avail on the Packages file that comes
>with the archive. .
>You could have made a Packages file yourself, with dpkg-scanpackages and
>put that in a DIY archive and use it with dselect (making a custom
>archive). You'll have to make an "override" file too, to get
>dpkg-scanpackages to add sections to the packages entries in the Packages
>file. You can find examples in the ftp.debian.org /debian/indices/
>Or (not using an archive at all) you could have used dpkg --avail
>custom-kernel.deb. I'm afraid you'd have to put the .deb on a floppy to
>use it with dselect, because that's the only way it knows how to deal
>a non-archive. In this simple case, dpkg -i by hand is more convinient of
>Another solution is to build a package with dependencies on all the
>packages you want to install. Create an archive that contains that
>package, the packages it depends on and packages that those depend on.
>Since you want to build a firewall, you'll probably want to put in a
>_lot_ of conflicts as well ;-).
>Use dpkg-scanpackages to generate a Packages file. Burn it on a cd or
>put it on your ftp site and it should work fine with dselect and deity.
>If you're really serious about creating your own cd, then dselect is
>definately the way to go.

Sorry for the long post!
Henry Hollenberg   speed@barney.iamerica.net

E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble?  e-mail to listmaster@debian.org .

Reply to: