Re: Windows Server to Debian migration

To: debian-user@lists.debian.org
Subject: Re: Windows Server to Debian migration
From: "Roberto C. Sanchez" <roberto@familiasanchez.net>
Date: Sat, 3 Sep 2005 09:27:16 -0400
Message-id: <[🔎] 20050903132716.GF31733@miami.familiasanchez.net>
Mail-followup-to: "Roberto C. Sanchez" <roberto@familiasanchez.net>, debian-user@lists.debian.org
In-reply-to: <[🔎] 20050903131031.GA1021@cirrus.madduck.net>
References: <[🔎] auto-000000249829@udmercy.edu> <[🔎] 20050903011139.GA13319@miami.familiasanchez.net> <[🔎] 20050903013221.GA25676@cirrus.madduck.net> <[🔎] 20050903130255.GD31733@miami.familiasanchez.net> <[🔎] 20050903131031.GA1021@cirrus.madduck.net>

On Sat, Sep 03, 2005 at 03:10:31PM +0200, martin f krafft wrote:
> also sprach Roberto C. Sanchez <roberto@familiasanchez.net> [2005.09.03.1502 +0200]:
> > I don't use it in nearly such touch environment, but everything I have
> > seen/read about it leads me to believe that it can handle large setups
> > very well.
> 
> I would talk to the alioth admins about it. Maybe I am just
> incapable of administering OpenLDAP and they got the grips on the
> server by now, but OpenLDAP to me is a synonym for grey hair and
> raving fits of madness.
> 
Interesting.  I am getting ready to setup a network (20 workstations + 2
servers) for my church and was going to use OpenLDAP.  I would be
interested in some alternate suggestions.

> > > It's also *terribly* outdated, breaks some things when used
> > > carelessly, and gives a wonderfully false sense of security. The
> > > same applies to tiger/TARA, btw.
> > > 
> > Funny that you mention that.  I emailed Javier a while back
> > because some of the changes effected by Bastille were undone when
> > I upgraded my server from Woody to Sarge.  He said it needs to be
> > updated to use the dpkg-statoverride, rather than just changing
> > attriutes of files without dpkg's knowledge.  Other than that,
> > I found it a very helpful tool.
> 
> It is a helpful tool. The greatest mistakes you can make are to need
> and to trust it. Go through the process, make conscious decisions,
> but then, for every feature you turn on (or off), verify it
> after the run, make sure you understand how it's done, and then
> don't touch bastille again. Oh, and make sure you know what it's
> talking about. Just clicking yes because a feature "sounds good" is
> calling for trouble.
> 
> > Besides, your statement "breaks some things when used carelessly,
> > and gives a wonderfully false sense of security" can be applied to
> > *any* hardening tool or package.
> 
> Yes. That's why I strongly recommend not to use them.
> 
> > The fact is, that you can't expect to secure a system well with no
> > knowledge of escurity.
> 
> Absolutely. And no tool can do it for you either.
> 
All good points.

-Roberto

-- 
Roberto C. Sanchez
http://familiasanchez.net/~roberto

Attachment: pgpZZHgvJ8nK9.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Windows Server to Debian migration
  - From: martin f krafft <madduck@debian.org>

References:
- Windows Server to Debian migration
  - From: "Joseph H. Fry" <fryjos@udmercy.edu>
- Re: Windows Server to Debian migration
  - From: "Roberto C. Sanchez" <roberto@familiasanchez.net>
- Re: Windows Server to Debian migration
  - From: martin f krafft <madduck@debian.org>
- Re: Windows Server to Debian migration
  - From: "Roberto C. Sanchez" <roberto@familiasanchez.net>
- Re: Windows Server to Debian migration
  - From: martin f krafft <madduck@debian.org>

Prev by Date: Re: IDE mondorestore DVD to Perc4 Raid machine
Next by Date: Re: Windows Server to Debian migration
Previous by thread: Re: Windows Server to Debian migration
Next by thread: Re: Windows Server to Debian migration
Index(es):
- Date
- Thread