Re: Building Debian firewall
On Mon, May 28, 2001 at 06:53:56PM -0400, Adric wrote:
> Re: auto apt, reiser, and other things we might better not do an firewalls
>
> I've been conflicted about whether to use Debian or OpenBSD
> (and now EmBSD) for some nearly-embedded firewall stuff
> I'm hacking on. Here's the way I'd love for it to work
> with debian:
> install from woody/sid, rm stuff, install ness. debs
> (I'd like to use reiser for unattended reboots,
> so I'm watching that thread)
> config 2.4.x iptables for no spoofing and stateful
> (other fun box hardening tricks ..)
> use LIDS (?!) to lock down the system so even root/uid 0 can't
> fsck things up
>
> every month or more often as needed, I ssh in to these things,
> auth to LIDS to gain write access and apt in hotfixes,
> checking md5 and gpg (!),poke around a bit and then lock
> it back down, log out ..
>
> Since none (?) of those nifty things are ready for production yet,
> then plan is to use EmBSD /OpenBSD, but I'd be quite interested in your
> comments.. particulary about LIDS
>
> -adric (post echoed on my LJ)
Yea, thats what I am looking for :) I have not looked into LIDS but I am
interested in Snort.
Kirk Schroeder
Reply to: