[lug] Security
Kyle Moore
kmoore at trustamerica.com
Tue Feb 15 11:17:38 MST 2000
Well...Bastille already does some of this (although it doesn't sound
like it is production quality). The problem I see with Bastille is it is
somewhat distribution-specific and doesn't offer much in the way of
choices. Some things wouldn't be dist-specific but some things would be.
You note one of the advantages, however, is being able to do it
independant of the installer.
I was actually thinking of writing something like this...maybe I'll give
it some more thought.
George Sexton wrote:
>
> Perhaps one approach would be to create an RPM (or script) that would
> tighten things up:
>
> I.E. comment out most things in inetd.conf, remove links from the rc?.d
> directories (or at least prompt the user if they should be removed), create
> a default strong hosts.deny file, etc. This would be a lot easier than
> writing a whole installer and could be done after the fact.
-kjm
More information about the LUG
mailing list