Re: Last call on ? able _nec-build_ packages

To: debian-firewall@lists.debian.org
Subject: Re: Last call on ? able _nec-build_ packages
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Wed, 4 Mar 1998 21:23:52 +0100
Message-id: <[🔎] 19980304212352.65123@lina>
In-reply-to: <[🔎] Pine.LNX.3.95.980304080859.1682I-100000@barney.iamerica.net>; from Henry Hollenberg on Wed, Mar 04, 1998 at 08:21:47AM -0600
References: <[🔎] Pine.LNX.3.95.980304080859.1682I-100000@barney.iamerica.net>

> Package: dialog    _nec-build_  .vs. _nec-run_ modconf depends

Could be a good PAckage for giving the firewall a basic console-menu.
Remeber that you increase the security of the system if you give the admin a
clear interface. But we can add it, if needed. So strip it.

> Package: libgdbm1  _nec-build_  perl depends .vs. _nec-run_
> 
> Package: libdb1-dev  _nec-build_ .vs. _nec-run_  apache
Dont know if we will need a databse system later, remove.

> Package: gzip       _nec-build_  .vs. Marked as req in distribution.

you need this for log compression

> Package: findutils _nec-build_  .vs. Marked as req in distribution.
you need this for logfile clearing

> Package: modutils   _nec-build_  .vs. Marked as req in distribution.

you need this for modules which need to be insert into the kernel on bootup
(some ip filters and crypto stuff cannot be compiled into the kernel). This
is no big problem, since you can block module-modification by securelevel in
the running system.

> tar and gzip could be placed on a mounted floppy and run from there when
> needed.  Not so sure if this would work with dpkg....could I leave the
> dpkg package in place and simply move it's binary to the floppy....and
> include the mount point in the default path?

I'm not sure if the basic system should be a full dpkg-system, or better
make a debian system able to produce a image of a striped down system. The
second thing is a bit more secure on the runtime, but on the other hand u
make the box very dump. No sysadmin will login. (Of course this is good from
secxurity point of view).

A small base filesystem image is good for recovery, backup, checksums and
embedded solutions (ramdisk, eprom).

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)       If privacy is outlawed only Outlaws have privacy


--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble?  e-mail to listmaster@debian.org .

Reply to:

Follow-Ups:
- Re: Last call on ? able _nec-build_ packages
  - From: Henry Hollenberg <speed@barney.iamerica.net>

References:
- Last call on ? able _nec-build_ packages
  - From: Henry Hollenberg <speed@barney.iamerica.net>

Prev by Date: Re: ?-able packages for a firewall.
Next by Date: Some work to do
Previous by thread: Re: Last call on ? able _nec-build_ packages
Next by thread: Re: Last call on ? able _nec-build_ packages
Index(es):
- Date
- Thread