[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Building Debian firewall

On Mon, May 28, 2001 at 06:53:56PM -0400, Adric wrote:
> Re: auto apt, reiser, and other things we might better not do an firewalls
> I've been conflicted about whether to use Debian or OpenBSD
> (and now EmBSD) for some nearly-embedded firewall stuff
> I'm hacking on.  Here's the way I'd love for it to work
> with debian:
> 	install from woody/sid, rm stuff, install ness. debs
> 	(I'd like to use reiser for unattended reboots, 
> 		so I'm watching that thread)
> 	config 2.4.x iptables for no spoofing and stateful
> 	(other fun box hardening tricks ..)
> 	use LIDS (?!) to lock down the system so even root/uid 0 can't
> 		fsck things up
> 	every month or more often as needed, I ssh in to these things,
> 		auth to LIDS to gain write access and apt in hotfixes, 
> 		checking md5 and gpg (!),poke around a bit and then lock
> 		it back down, log out ..
> Since none (?) of those nifty things are ready for production yet, 
> then plan is to use EmBSD /OpenBSD, but I'd be quite interested in your
> comments.. particulary about LIDS
> -adric (post echoed on my LJ)

Yea, thats what I am looking for :) I have not looked into LIDS but I am
interested in Snort.

Kirk Schroeder

Reply to: