[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Old question: what is SUSE going to do with harden_suse / Bastille



On Saturday 25 October 2003 16:19, Bo Jacobsen wrote:
> I agree 100%. They need an install option named firewall, or some thing
> like that, that leaves out ANY stuff that should not run on a firewall. I
> actually find it a little strange that they have not implemented that a
> long time ago, since security has been a hot topic for a long time now.

Why not quite simply try out OpenBSD if you want to use a machine as a 
firewall? Security patches for OpenBSD are source only, so in your case you 
would need a second computer for making binaries for your firewall. I'm quite 
sure that quite a few readers on this mailinglist runs heterogenous networks.

> The normal SuSE installation even have world-read
> permission on all files in /root  !!!. I find that more then a little open.

The directory /root is readable only by root, unless you changed it's 
permissions.

> Actually, SuSE's lack of priority on basic system secutity tools, has
> forced me to start looking at other systems like FreeBSD etc.
>
> Bo

I'm not quite sure what you mean by "lack of priority on basic system secutity 
tools" in SuSE. SuSE does a quite a decent job in this respect. And if you 
need a more recent version of, say, nmap, the "make" is still available.

/Sigfred







-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here