nil.enroll(aetheric_username, quantum_class_id) (adric) wrote,
nil.enroll(aetheric_username, quantum_class_id)

  • Mood:
  • Music:
A post to debian-firewall:

Re: auto apt, reiser, and other things we might better not do an firewalls

I've been conflicted about whether to use Debian or OpenBSD
(and now EmBSD) for some nearly-embedded firewall stuff
I'm hacking on. Here's the way I'd love for it to work
with debian:
install from woody/sid, rm stuff, install ness. debs
(I'd like to use reiser for unattended reboots,
so I'm watching that thread)
config 2.4.x iptables for no spoofing and stateful
(other fun box hardening tricks ..)
use LIDS (?!) to lock down the system so even root/uid 0 can't
fsck things up

every month or more often as needed, I ssh in to these things,
auth to LIDS to gain write access and apt in hotfixes,
checking md5 and gpg (!),poke around a bit and then lock
it back down, log out ..

Since none (?) of those nifty things are ready for production yet,
then plan is to use EmBSD /OpenBSD, but I'd be quite interested in your comments.. particulary about LIDS

-adric (post echoed on my LJ)

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded