May 28th, 2001

Books

(no subject)

A post to debian-firewall:

Re: auto apt, reiser, and other things we might better not do an firewalls

I've been conflicted about whether to use Debian or OpenBSD
(and now EmBSD) for some nearly-embedded firewall stuff
I'm hacking on. Here's the way I'd love for it to work
with debian:
install from woody/sid, rm stuff, install ness. debs
(I'd like to use reiser for unattended reboots,
so I'm watching that thread)
config 2.4.x iptables for no spoofing and stateful
(other fun box hardening tricks ..)
use LIDS (?!) to lock down the system so even root/uid 0 can't
fsck things up

every month or more often as needed, I ssh in to these things,
auth to LIDS to gain write access and apt in hotfixes,
checking md5 and gpg (!),poke around a bit and then lock
it back down, log out ..

Since none (?) of those nifty things are ready for production yet,
then plan is to use EmBSD /OpenBSD, but I'd be quite interested in your comments.. particulary about LIDS

-adric (post echoed on my LJ)
  • Current Music
    air conditioner